Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1570682
MD5:	399b2859420738500eb977f816fe61e1
SHA1:	3136c6ce4de53ee344f51d99606bdd68b2116767
SHA256:	c611fe9b5ae81cc5cce3c7f428d98e082898ee4e76c8566100ac41527e4c9a18
Tags:	exeuser-Bitsight
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Self deletion via cmd or bat file

Sigma detected: Suspicious Ping/Del Command Combination

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5748 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 399B2859420738500EB977F816FE61E1)

file.exe (PID: 6160 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 399B2859420738500EB977F816FE61E1)

cmd.exe (PID: 1352 cmdline: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 4676 cmdline: ping 1.1.1.1 -n 1 -w 3000 MD5: 2F46799D79D22AC72C241EC0322B011D)

cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "5.252.155.28", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "824", "self_destruct": true, "extensions": "none", "links": "none", "grabber_max_size": 1048576}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 6160	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 6160	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.file.exe.140000000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
2.2.file.exe.140000000.0.raw.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Suspicious Ping/Del Command Combination

Source: Process started

Author: Ilya Krestinichev: Data: Command: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6160, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe", ProcessId: 1352, ProcessName: cmd.exe

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T18:10:07.531064+0100	2049441	1	A Network Trojan was detected	192.168.2.5	49704	5.252.155.28	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T18:10:07.531064+0100	2050806	1	A Network Trojan was detected	192.168.2.5	49704	5.252.155.28	15666	TCP
2024-12-07T18:10:07.651138+0100	2050806	1	A Network Trojan was detected	192.168.2.5	49704	5.252.155.28	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T18:10:07.531064+0100	2050807	1	A Network Trojan was detected	192.168.2.5	49704	5.252.155.28	15666	TCP
2024-12-07T18:10:07.651138+0100	2050807	1	A Network Trojan was detected	192.168.2.5	49704	5.252.155.28	15666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 2.2.file.exe.140000000.0.raw.unpack

Malware Configuration Extractor: Meduza Stealer {"C2 url": "5.252.155.28", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "824", "self_destruct": true, "extensions": "none", "links": "none", "grabber_max_size": 1048576}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.5% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140033A30 BCryptDestroyKey,	2_2_0000000140033A30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140077BA0 CryptUnprotectData,LocalFree,	2_2_0000000140077BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140078020 BCryptDecrypt,BCryptDecrypt,	2_2_0000000140078020
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400783C0 BCryptCloseAlgorithmProvider,	2_2_00000001400783C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140078440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,Concurrency::cancel_current_task,	2_2_0000000140078440
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140037C20 CryptUnprotectData,LocalFree,	2_2_0000000140037C20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140077EC0 CryptProtectData,LocalFree,	2_2_0000000140077EC0

Source: unknown

HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49705 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400BB500 FindClose,FindFirstFileExW,GetLastError,	2_2_00000001400BB500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400BB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	2_2_00000001400BB5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400D5100 FindFirstFileW,	2_2_00000001400D5100

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400873F0 GetLogicalDriveStringsW,

2_2_00000001400873F0

Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.5:49704 -> 5.252.155.28:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.5:49704 -> 5.252.155.28:15666

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 5.252.155.28:15666

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205

Source: Joe Sandbox View

ASN Name: WORLDSTREAMNL WORLDSTREAMNL

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic

Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.5:49704 -> 5.252.155.28:15666

Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.28

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0000000140085240 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,

2_2_0000000140085240

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: file.exe, 00000002.00000003.2068216010.0000027E2B301000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2270616110.0000027E2B310000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2270639460.0000027E2B314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/_Vr
Source: file.exe, 00000002.00000003.2079137034.0000027E2ABBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A965000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2081516136.0000027E2BB0E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2078852390.0000027E2B721000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080346971.0000027E2ABC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A900000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080553316.0000027E2A96D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2078852390.0000027E2B719000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000002.00000003.2080346971.0000027E2ABCE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000002.00000003.2079137034.0000027E2ABBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A965000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2081516136.0000027E2BB0E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2078852390.0000027E2B721000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080346971.0000027E2ABC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A900000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080553316.0000027E2A96D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2078852390.0000027E2B719000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000002.00000003.2078852390.0000027E2B729000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2081516136.0000027E2BB15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080553316.0000027E2A975000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080346971.0000027E2ABCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000002.00000003.2078852390.0000027E2B729000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2081516136.0000027E2BB15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080553316.0000027E2A975000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080346971.0000027E2ABCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000002.00000003.2078852390.0000027E2B729000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2081516136.0000027E2BB15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080553316.0000027E2A975000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080346971.0000027E2ABCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown

HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0000000140085B70 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

2_2_0000000140085B70

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014008A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,	2_2_000000014008A430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400D56F8 NtQuerySystemInformation,	2_2_00000001400D56F8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140089D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,	2_2_0000000140089D30

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014007F020	2_2_000000014007F020
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140088030	2_2_0000000140088030
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014008D050	2_2_000000014008D050
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014006D080	2_2_000000014006D080
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400320B0	2_2_00000001400320B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400520F6	2_2_00000001400520F6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014009918C	2_2_000000014009918C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140085240	2_2_0000000140085240
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140045310	2_2_0000000140045310
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140066350	2_2_0000000140066350
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140030450	2_2_0000000140030450
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014003D570	2_2_000000014003D570
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400BB5B0	2_2_00000001400BB5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014008C5CB	2_2_000000014008C5CB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014003E610	2_2_000000014003E610
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400C0658	2_2_00000001400C0658
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400876A0	2_2_00000001400876A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014002F730	2_2_000000014002F730
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140086860	2_2_0000000140086860
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014007C8E0	2_2_000000014007C8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140065970	2_2_0000000140065970
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014003CA10	2_2_000000014003CA10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140033A30	2_2_0000000140033A30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140085B70	2_2_0000000140085B70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140034B70	2_2_0000000140034B70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140031B90	2_2_0000000140031B90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140032CA0	2_2_0000000140032CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014003ECB0	2_2_000000014003ECB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014002FE20	2_2_000000014002FE20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A2E3C	2_2_00000001400A2E3C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140049F80	2_2_0000000140049F80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A30B8	2_2_00000001400A30B8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014009F0D8	2_2_000000014009F0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400070E0	2_2_00000001400070E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014005C0F0	2_2_000000014005C0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400AC128	2_2_00000001400AC128
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140093150	2_2_0000000140093150
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140096164	2_2_0000000140096164
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140006180	2_2_0000000140006180
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A71D8	2_2_00000001400A71D8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140091220	2_2_0000000140091220
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400702C0	2_2_00000001400702C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014007E2F0	2_2_000000014007E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140095394	2_2_0000000140095394
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400763A6	2_2_00000001400763A6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400283D0	2_2_00000001400283D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400AA3C8	2_2_00000001400AA3C8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014007B420	2_2_000000014007B420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014005C420	2_2_000000014005C420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014008A430	2_2_000000014008A430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400AA44F	2_2_00000001400AA44F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014005B480	2_2_000000014005B480
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A14E4	2_2_00000001400A14E4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140026510	2_2_0000000140026510
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140025520	2_2_0000000140025520
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140086540	2_2_0000000140086540
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140095598	2_2_0000000140095598
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140006610	2_2_0000000140006610
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014009666C	2_2_000000014009666C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A8674	2_2_00000001400A8674
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A36A8	2_2_00000001400A36A8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A46E4	2_2_00000001400A46E4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140054720	2_2_0000000140054720
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140062750	2_2_0000000140062750
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014008A780	2_2_000000014008A780
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014005B780	2_2_000000014005B780
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014009579C	2_2_000000014009579C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014009F7E6	2_2_000000014009F7E6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400398CD	2_2_00000001400398CD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014009A924	2_2_000000014009A924
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400A6A68	2_2_00000001400A6A68
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140030A80	2_2_0000000140030A80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140075AB0	2_2_0000000140075AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014005BAB0	2_2_000000014005BAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140060AC0	2_2_0000000140060AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140051AF0	2_2_0000000140051AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140078B00	2_2_0000000140078B00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400ABB90	2_2_00000001400ABB90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140057CEB	2_2_0000000140057CEB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140090D14	2_2_0000000140090D14
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140074D40	2_2_0000000140074D40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140098D50	2_2_0000000140098D50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140005DB0	2_2_0000000140005DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014005BDD0	2_2_000000014005BDD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014003ADD0	2_2_000000014003ADD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140037E70	2_2_0000000140037E70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140030E80	2_2_0000000140030E80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140080E90	2_2_0000000140080E90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140075EF0	2_2_0000000140075EF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_000000014003BF40	2_2_000000014003BF40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400BFFBC	2_2_00000001400BFFBC

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000000014002E1D0 appears 33 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0000000140036940 appears 41 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00000001400486B0 appears 57 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000000014002BA80 appears 32 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0000000140098254 appears 34 times

Source: file.exe

Static PE information: Number of sections : 11 > 10

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/1@1/2

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014008B9B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,

2_2_000000014008B9B0

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014003E610 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

2_2_000000014003E610

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0000000140074D40 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,

2_2_0000000140074D40

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_03
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963806E2821

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 4269056 > 1048576

Source: file.exe

Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x38c000

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014003D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

2_2_000000014003D570

Source: file.exe	Static PE information: section name: .00cfg
Source: file.exe	Static PE information: section name: .gxfg
Source: file.exe	Static PE information: section name: .retplne
Source: file.exe	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014004CAB2 push rdi; retf 0004h

2_2_000000014004CAB5

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014007C600 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,

2_2_000000014007C600

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\file.exe	Process created: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe"			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_2-67672

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400BB500 FindClose,FindFirstFileExW,GetLastError,	2_2_00000001400BB500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400BB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	2_2_00000001400BB5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400D5100 FindFirstFileW,	2_2_00000001400D5100

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400873F0 GetLogicalDriveStringsW,

2_2_00000001400873F0

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0000000140099038 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

2_2_0000000140099038

Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: file.exe	Binary or memory string: VBoxGuest
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe	Binary or memory string: VBoxMouse
Source: file.exe	Binary or memory string: VBoxTray
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000002.00000002.2271142110.0000027E28B1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2266336222.0000027E28B49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe	Binary or memory string: VBoxMRXNP
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe	Binary or memory string: VBoxSF
Source: file.exe	Binary or memory string: VBoxHook
Source: file.exe, 00000002.00000003.2075079237.0000027E2A91B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node			graph_2-67604
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node			graph_2-67609

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014008A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

2_2_000000014008A430

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400AF2B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_00000001400AF2B8

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400BD804 GetLastError,IsDebuggerPresent,OutputDebugStringW,

2_2_00000001400BD804

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014003D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

2_2_000000014003D570

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400A9EEC GetProcessHeap,

2_2_00000001400A9EEC

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400AF2B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00000001400AF2B8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400D52E0 SetUnhandledExceptionFilter,	2_2_00000001400D52E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00000001400AF498 SetUnhandledExceptionFilter,	2_2_00000001400AF498
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0000000140097F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0000000140097F68

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Users\user\Desktop\file.exe base: 140000000 value starts with: 4D5A

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\file.exe

Thread register set: target process: 6160

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_000000014007B420 ShellExecuteW,

2_2_000000014007B420

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400ADF10 cpuid

2_2_00000001400ADF10

Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_000000014009E020
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_00000001400A9030
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_00000001400A90C8
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoEx,FormatMessageA,	2_2_00000001400BB170
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_00000001400A9310
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,EnumSystemLocalesW,RaiseException,	2_2_00000001400D53A0
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_00000001400D53B8
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_00000001400A9468
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_00000001400A9518
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_00000001400A964C
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_000000014009DAE0
Source: C:\Users\user\Desktop\file.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	2_2_00000001400A8C04
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_00000001400A8F60

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6A9D0FDE4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6A9D0FDE4

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0000000140086150 GetUserNameW,

2_2_0000000140086150

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00000001400876A0 GetTimeZoneInformation,

2_2_00000001400876A0

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 6160, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.file.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6160, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum-LTC\wallets
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash\wallets
Source: file.exe, 00000002.00000003.2266336222.0000027E28B86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: file.exe, 00000002.00000003.2268977273.0000027E2B691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\simple-storage.jsonO
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore
Source: file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 6160, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.file.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6160, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Deobfuscate/Decode Files or Information	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Obfuscated Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Access Token Manipulation	1 DLL Side-Loading	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	211 Process Injection	1 File Deletion	NTDS	35 System Information Discovery	Distributed Component Object Model	1 Email Collection	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Access Token Manipulation	LSA Secrets	1 Query Registry	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	211 Process Injection	Cached Domain Credentials	31 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	11 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	104.26.12.205	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://support.mozilla.org	file.exe, 00000002.00000003.2079137034.0000027E2ABBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A965000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2081516136.0000027E2BB0E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2078852390.0000027E2B721000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080346971.0000027E2ABC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2079297773.0000027E2A900000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2080553316.0000027E2A96D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2078852390.0000027E2B719000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ns.microsoft.t/Regi	file.exe, 00000002.00000003.2068216010.0000027E2B301000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2270616110.0000027E2B310000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2270639460.0000027E2B314000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000002.00000003.2079137034.0000027E2AB79000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.ipify.org/_Vr	file.exe, 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	file.exe, 00000002.00000003.2080346971.0000027E2ABCE000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false
5.252.155.28	unknown	Russian Federation		49981	WORLDSTREAMNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570682
Start date and time:	2024-12-07 18:09:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@8/1@1/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 66% Number of executed functions: 85 Number of non-executed functions: 110
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 5748 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	xKvkNk9SXR.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	GD8c7ARn8q.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	8AbMCL2dxM.exe	Get hash	malicious	RCRU64, TrojanRansom	Browse	api.ipify.org/
	Simple2.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Ransomware Mallox.exe	Get hash	malicious	Targeted Ransomware	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	api.ipify.org/
	perfcc.elf	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	malware.exe	Get hash	malicious	Targeted Ransomware, TrojanRansom	Browse	172.67.74.152
	Overdue_payment.pdf.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	TECHNICAL SPECIFICATIONS.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Shipping Documents 72908672134.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	980001672 PPR for 30887217.scr.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	y1rS62yprs.exe	Get hash	malicious	Babadeda	Browse	104.26.13.205
	apilibx64.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	xKvkNk9SXR.exe	Get hash	malicious	TrojanRansom	Browse	104.26.12.205
	BiXS3FRoLe.exe	Get hash	malicious	TrojanRansom	Browse	104.26.13.205
	lEUy79aLAW.exe	Get hash	malicious	TrojanRansom	Browse	104.26.13.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	Microsoft.doc	Get hash	malicious	Unknown	Browse	172.67.19.24
	upgrade.hta	Get hash	malicious	DarkVision Rat	Browse	172.66.0.235
	IMPORTANT DOCUMENT.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	IMPORTANT DOCUMENT.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	https://curnowlaw.com/	Get hash	malicious	Unknown	Browse	162.159.136.45
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse	104.21.16.9
WORLDSTREAMNL	spc.elf	Get hash	malicious	Mirai	Browse	213.108.199.252
	https://kbprinters.com/serviciodecorreo/login	Get hash	malicious	Unknown	Browse	217.23.10.192
	Payload 94.75.225.exe	Get hash	malicious	Unknown	Browse	194.88.105.30
	1Zp7qa5zFD.exe	Get hash	malicious	AsyncRAT	Browse	89.39.106.35
	nabx86.elf	Get hash	malicious	Unknown	Browse	45.139.57.89
	SecuriteInfo.com.Trojan.DownLoader25.33926.32281.13140.exe	Get hash	malicious	Unknown	Browse	109.236.88.70
	SecuriteInfo.com.Trojan.DownLoader25.33926.32281.13140.exe	Get hash	malicious	Unknown	Browse	109.236.88.70
	sj9eYmr725.exe	Get hash	malicious	Quasar	Browse	185.177.125.198
	http://www.nsdta.ca/registered-labs/	Get hash	malicious	Unknown	Browse	190.2.139.23
	https://cardiocareecuador.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9YkdOWVpYST0mdWlkPVVTRVIyNjA4MjAyNFUwMDA4MjYxMQ	Get hash	malicious	Unknown	Browse	109.236.91.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	malware.exe	Get hash	malicious	Targeted Ransomware, TrojanRansom	Browse	104.26.12.205
	INQUIRY REQUEST AND PRICES_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.12.205
	Bank Swift and SOA PRN00720031415453_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.12.205
	RFQ Order list #2667747.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.12.205
	Payment Details Ref#577767.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.12.205
	IBAN Payment confirmation.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.12.205
	AdminAccounts.aspx.dll	Get hash	malicious	Matanbuchus	Browse	104.26.12.205
	AdminAccounts.aspx.dll	Get hash	malicious	Matanbuchus	Browse	104.26.12.205
	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse	104.26.12.205
	klog.php.msi	Get hash	malicious	Matanbuchus	Browse	104.26.12.205

Process:	C:\Windows\System32\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	283
Entropy (8bit):	4.875882158757659
Encrypted:	false
SSDEEP:	6:PzXULmWxHLTpUrnT7wUsW3CNcwAFeMmvVOIHJFxMVlmJHaVFm8H:P+pTpcnT7nsTDAFSkIrxMVlmJHaV9
MD5:	08C1D4CBCEF7EBA59F0879DC07BECC18
SHA1:	C2ED820D847ABF8BB7D727401AAC308BC005002C
SHA-256:	BB19BEABE16692E99FFDC16F413125ABB4265B9BC0E2B4CA8736B6AC94E04EE6
SHA-512:	9FE7B5B3D32898319E3B4F04FB21F24B96B2B12B4AEA6893A6B136EF970FB0F8C4FBD0FC54982341CA2466B2FB6DE2F5E8AAC6F3F776B58B503022352B88ED68
Malicious:	false
Reputation:	low
Preview:	..Pinging 1.1.1.1 with 32 bytes of data:..Reply from 1.1.1.1: bytes=32 time=204ms TTL=55....Ping statistics for 1.1.1.1:.. Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 204ms, Maximum = 204ms, Average = 204ms..

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	5.07546951914394
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	4'269'056 bytes
MD5:	399b2859420738500eb977f816fe61e1
SHA1:	3136c6ce4de53ee344f51d99606bdd68b2116767
SHA256:	c611fe9b5ae81cc5cce3c7f428d98e082898ee4e76c8566100ac41527e4c9a18
SHA512:	1bfa955fc301ee63d3b5bfbcea2e9bd9d9df8ff01ed634e6b6eb01b287cac437d08af9d4e61da21d2fd3ecc3297a8cf1c2f514cb0e178b63be65e366991da086
SSDEEP:	49152:Xl4UjB0jUu8Xywd2qeDScrUXVIqWLskA:14UjKgufA
TLSH:	7A16E067E94068FEDC74903488970777B67BB481833287DB1698262A5E5BBD42F3BF40
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...r_@g.........."...........9................@..............................A...........`........................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x14004fdd0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67405F72 [Fri Nov 22 10:39:46 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	ce5eab935d79deb808c783e73ea12cf9

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F09F44F7B60h
dec eax
add esp, 28h
jmp 00007F09F44F79CFh
int3
int3
dec eax
mov dword ptr [esp+18h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 30h
dec eax
mov eax, dword ptr [003B7248h]
dec eax
mov ebx, 2DDFA232h
cdq
sub eax, dword ptr [eax]
add byte ptr [eax+3Bh], cl
ret
jne 00007F09F44F7BC6h
dec eax
and dword ptr [ebp+10h], 00000000h
dec eax
lea ecx, dword ptr [ebp+10h]
call dword ptr [003AC582h]
dec eax
mov eax, dword ptr [ebp+10h]
dec eax
mov dword ptr [ebp-10h], eax
call dword ptr [003AC4D4h]
mov eax, eax
dec eax
xor dword ptr [ebp-10h], eax
call dword ptr [003AC4C0h]
mov eax, eax
dec eax
lea ecx, dword ptr [ebp+18h]
dec eax
xor dword ptr [ebp-10h], eax
call dword ptr [003AC630h]
mov eax, dword ptr [ebp+18h]
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
shl eax, 20h
dec eax
xor eax, dword ptr [ebp+18h]
dec eax
xor eax, dword ptr [ebp-10h]
dec eax
xor eax, ecx
dec eax
mov ecx, FFFFFFFFh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3fbdb8	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x419000	0x1a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x40b000	0x6594	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x41a000	0x1e18	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x3efd80	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xe60a0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3fc1e0	0x3d8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x79116	0x79200	101fd131b38e4fd5c4b31887d7ad38f3	False	0.49460421504127966	data	6.44155671990377	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7b000	0x38bebc	0x38c000	6936410b5c26c3482cc7ff50d6b4359c	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x407000	0x36f8	0x1c00	7568d2f08f4ac81dae4d5e33ab60923a	False	0.17047991071428573	zlib compressed data	3.5531018656709605	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x40b000	0x6594	0x6600	496dfa0147e7c873a9f17489df23c1fc	False	0.4821155024509804	data	5.74343672787325	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.00cfg	0x412000	0x38	0x200	7c2bb310d1981b513910f4cc9c8721d1	False	0.0703125	data	0.4879996533427816	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gxfg	0x413000	0x2200	0x2200	a3fb3e1da377202334d413fbe0e439a4	False	0.4314108455882353	data	5.230691552229934	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.retplne	0x416000	0x8c	0x200	8c950f651287cbc1296bcb4e8cd7e990	False	0.126953125	data	1.050583247971927
.tls	0x417000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA	0x418000	0x1f4	0x200	d5aa635e227a5741f7ba58c4dba5b19f	False	0.525390625	data	4.216026285396426	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x419000	0x1a8	0x200	d38b4cd68eb239a7aa6a06b6f8091e1d	False	0.484375	data	4.179663701400347	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x41a000	0x1e18	0x2000	6ea7154105c61bbadcf24404b7fcf3ec	False	0.6947021484375	data	6.375630824063806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x419060	0x143	XML 1.0 document, ASCII text	English	United States	0.628482972136223

Imports

DLL	Import
USER32.dll	GetRawInputDeviceInfoW, GetRawInputDeviceList
KERNEL32.dll	AcquireSRWLockExclusive, AreFileApisANSI, CloseHandle, CreateFileMappingW, CreateFileW, CreateProcessA, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindFirstFileW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FormatMessageA, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileAttributesExW, GetFileInformationByHandleEx, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoEx, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetUserDefaultLCID, GlobalAlloc, GlobalFree, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, K32EnumDeviceDrivers, K32GetDeviceDriverBaseNameW, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MapViewOfFile, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, ReleaseSRWLockExclusive, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetFilePointerEx, SetLastError, SetStdHandle, SetThreadContext, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnmapViewOfFile, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualProtect, VirtualQuery, VirtualQueryEx, WideCharToMultiByte, WriteConsoleW, WriteFile, WriteProcessMemory
MPR.dll	WNetCloseEnum, WNetEnumResourceA, WNetOpenEnumA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-07T18:10:07.531064+0100	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.5	49704	5.252.155.28	15666	TCP
2024-12-07T18:10:07.531064+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.5	49704	5.252.155.28	15666	TCP
2024-12-07T18:10:07.531064+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.5	49704	5.252.155.28	15666	TCP
2024-12-07T18:10:07.651138+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.5	49704	5.252.155.28	15666	TCP
2024-12-07T18:10:07.651138+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.5	49704	5.252.155.28	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 7, 2024 18:10:02.018177032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:02.137823105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:02.137943029 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:02.344933987 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:02.344993114 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:02.345074892 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:02.354867935 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:02.354881048 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:03.588556051 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:03.588649035 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:03.758121014 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:03.758138895 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:03.758409023 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:03.758465052 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:03.759656906 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:03.807336092 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:04.096308947 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:04.096371889 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:04.096390009 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:04.096419096 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:04.096807003 CET	49705	443	192.168.2.5	104.26.12.205
Dec 7, 2024 18:10:04.096826077 CET	443	49705	104.26.12.205	192.168.2.5
Dec 7, 2024 18:10:07.531064034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.650958061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651030064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651043892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651076078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651097059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651108027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651138067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651164055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651196957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651206970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651245117 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651245117 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651262045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651283979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651289940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651295900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.651299953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.651335955 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.770745993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770759106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770770073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770780087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770812988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.770813942 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770842075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.770876884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.770883083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770890951 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.770935059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.771085978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.771136999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.771189928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.771265030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.771274090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.771323919 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.771373987 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.771384954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.771718979 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.890508890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890583038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.890677929 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890736103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890748978 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.890750885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890791893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.890803099 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.890867949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890913963 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.890943050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890952110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890960932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.890993118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.891010046 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.891061068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.891069889 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.891099930 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.891114950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:07.891122103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:07.891840935 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.010566950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.010637999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.010648012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.010658026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.010726929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.010761976 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.011101961 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011137009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.011209011 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011218071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011226892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011255980 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.011276960 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.011327028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011681080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011729002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.011737108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011828899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011837959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.011842012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.011879921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.012494087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012582064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012592077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012626886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.012655973 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012876034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012917995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012919903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.012933016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012975931 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.012979984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013051033 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013092995 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013254881 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013277054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013323069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013330936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013339996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013369083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013376951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013416052 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013446093 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013454914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013463020 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013495922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013511896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013520956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013530970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013559103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013569117 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013657093 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013712883 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013720989 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013730049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.013752937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.013772011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.130135059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130163908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130191088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130201101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130275965 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.130275965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130299091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.130343914 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.130568027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130686045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130697012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130729914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.130743980 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.130765915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.131169081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.131189108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.131237030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.131269932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.131278992 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.131299019 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.131316900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.131333113 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132020950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132030010 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132075071 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132076025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132086992 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132124901 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132256031 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132265091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132299900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132308960 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132395029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132405043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132441044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132652998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132663012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132707119 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132774115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132783890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132826090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.132868052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132908106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.132951975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.133024931 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133033991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133049011 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133069038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.133090019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.133176088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133184910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133200884 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133217096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.133233070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133234978 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.133243084 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.133282900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.249520063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.249547958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.249598980 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.249628067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.249660015 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.249669075 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.249686956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.249715090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.249725103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.250036955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250082970 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.250112057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250123024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250134945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250160933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.250176907 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.250637054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250683069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.250742912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250752926 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250760078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250801086 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.250806093 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.250849009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.251466990 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251513004 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.251518011 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251526117 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251534939 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251566887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.251667976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251701117 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251708984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.251744032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.251791954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251800060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.251841068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252135038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252182961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252217054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252226114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252258062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252268076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252306938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252326012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252373934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252432108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252494097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252531052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252540112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252578974 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252650023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252671957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252686024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252692938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252696991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252707005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252732992 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252733946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252742052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252778053 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.252789021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.252842903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.369673967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.369684935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.369735956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.369746923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.369775057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.369805098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.371777058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.371788025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.371839046 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.371890068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.371901035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.371942043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.371946096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.371987104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373030901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373133898 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373146057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373193026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373200893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373244047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373250008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373351097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373392105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373399019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373410940 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373444080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373459101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373467922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373507977 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373536110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373544931 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373583078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373589039 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373673916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373682976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373691082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373702049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373712063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373718977 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373727083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373730898 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373755932 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373780012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373802900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373816967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373825073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373842001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373850107 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373851061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373864889 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373889923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373892069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373920918 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373925924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373935938 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.373975992 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.373984098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.375864983 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.489209890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.489221096 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.489233971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.489255905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.489281893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.489310026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.489331007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.491203070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.491213083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.491255999 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.491285086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.491293907 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.491369963 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.491378069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.491415024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.492568970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492579937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492620945 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.492635965 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.492701054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492712021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492753029 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.492763996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492773056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492810011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.492865086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492954969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.492996931 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493058920 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493068933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493108988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493148088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493171930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493218899 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493284941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493295908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493328094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493331909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493355989 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493396044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493424892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493483067 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493520975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493544102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493554115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493590117 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493622065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493632078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493642092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493650913 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493666887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493681908 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493700027 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493714094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493760109 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493761063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.493772984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.493814945 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.608762980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.608783007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.608792067 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.608949900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.608967066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.608977079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.609018087 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.610903978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.610913038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.610951900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.610964060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.610974073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.611018896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612315893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612387896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612411976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612428904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612431049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612452030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612469912 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612576008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612586975 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612622976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612631083 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612651110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612662077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612668037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612692118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612704039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612730980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612770081 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612790108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612828016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612838030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612874985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612921000 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.612961054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.612962008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613197088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613208055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613246918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.613272905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613292933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613336086 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.613351107 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613362074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613406897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613410950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.613444090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613487005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.613492012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613502026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613544941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.613596916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613605976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613645077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.613763094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613774061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.613814116 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.728430033 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.728477955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.728487968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.728498936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.728549004 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.728640079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.730362892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.730423927 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.730427027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.730457067 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.730479956 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.730490923 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.730508089 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.730550051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.731681108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.731698036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.731749058 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.731816053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.731826067 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.731857061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.731865883 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.731873989 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.731898069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.731909990 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732036114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732069969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732115030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732145071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732167006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732218027 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732239962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732275963 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732320070 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732387066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732422113 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732467890 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732527018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732538939 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732578039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732608080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732652903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732693911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732815027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732825041 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.732862949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.732923031 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733053923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733063936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733079910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733103037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.733103037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.733136892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733190060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733200073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733243942 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733247995 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.733279943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.733326912 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.847800016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.847822905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.847919941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.849916935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.849925995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.849963903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.849980116 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.850008011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.850037098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.850047112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.850079060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.850091934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851130009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851182938 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851187944 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851227045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851227999 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851238012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851264000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851283073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851295948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851304054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851344109 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851375103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851383924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851417065 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851459026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851499081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851500034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851516008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851546049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851557970 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851600885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851609945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851649046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851650953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851690054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851696968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851710081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851738930 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851753950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851757050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851798058 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851804018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851852894 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851850033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851864100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851901054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.851929903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851939917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851964951 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.851974964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852003098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852055073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852065086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852092028 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852109909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852164030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852174997 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852185965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852202892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852219105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852231979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852232933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852242947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.852269888 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.852286100 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.967583895 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.967612028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.967698097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.967725992 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.970386982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.970402956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.970453024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.970467091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.970503092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.970514059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.970541954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.970566988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.971976995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972028971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972029924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972038984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972069979 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972080946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972085953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972121000 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972121000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972157955 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972242117 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972284079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972305059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972342968 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972457886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972496033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972585917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972630024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972749949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972786903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972799063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972837925 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.972961903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.972996950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973006010 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973042965 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973120928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973129034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973157883 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973172903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973231077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973241091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973278046 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973278046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973315954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973335028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973375082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973557949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973577976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973594904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973607063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973623991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973634958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973668098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973674059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973685026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973709106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973720074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973778009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973799944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973817110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973829985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973929882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973939896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973968983 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.973969936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:08.973978043 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:08.974009037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.087088108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.087100983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.087121964 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.087173939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.087198019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.089555979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.089600086 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.089643002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.089667082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.089679956 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.089701891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.089725971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.089764118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091052055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091090918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091114998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091124058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091156960 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091188908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091203928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091223001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091243982 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091568947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091610909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091645002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091666937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091681957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091682911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091702938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091713905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091737986 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091769934 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091779947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091793060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091809034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091866016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091902971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.091943026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091953039 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.091989040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092025995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092036009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092062950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092072964 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092072964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092084885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092112064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092123985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092139959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092154980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092175007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092205048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092248917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092281103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092371941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092410088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092447042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092456102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092483997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092497110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092506886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092515945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092544079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092551947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092556953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092591047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092612982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092623949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.092648029 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.092658997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.206408024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.206419945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.206497908 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.209132910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.209142923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.209203005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.209213972 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.209234953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.209258080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.209264994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.209302902 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.210520029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.210530043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.210573912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.210580111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.210609913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211100101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211108923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211158991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211169004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211179018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211205959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211206913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211215973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211245060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211293936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211302996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211333990 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211381912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211393118 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211431026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211443901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211453915 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211484909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211498976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211519003 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211536884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211563110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211597919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211606979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211636066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211636066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211687088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211698055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211716890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211728096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211747885 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211848021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211857080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211893082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211940050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211949110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.211981058 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.211993933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.212002039 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.212035894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.212054968 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.212078094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.212115049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.212127924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.212136984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.212163925 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.212174892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.326097012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.326108932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.326175928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.326199055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.328716993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.328761101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.328764915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.328800917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.328874111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.328912973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.328916073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.328958035 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.329006910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.329054117 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.330033064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.330074072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.330076933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.330121040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.330620050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.330657959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.330704927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.330744028 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.330926895 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.330967903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331057072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331104994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331120968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331132889 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331163883 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331182003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331420898 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331465960 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331507921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331552982 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331674099 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331712961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331713915 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331753969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331823111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331867933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.331867933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331909895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.331981897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332000971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332029104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332041025 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332048893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332084894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332113981 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332190990 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332216978 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332228899 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332302094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332341909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332366943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332376957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332406044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332417011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332488060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332506895 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332526922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332544088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332581043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332623005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332637072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332675934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332720995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332762003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332781076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332823038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.332914114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332925081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.332954884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.445467949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.445492029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.445516109 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.445540905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.448065042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.448108912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.448129892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.448146105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.448160887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.448172092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.448201895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.448219061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.449328899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.449367046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.449373007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.449403048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.449405909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.449439049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.449932098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.449948072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.449984074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450000048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450031996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450042963 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450074911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450133085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450175047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450357914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450400114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450531960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450577021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450671911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450710058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450726032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450742006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450786114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450829029 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450833082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450881958 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450881958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.450925112 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.450957060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.451000929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.451191902 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.451236010 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.451286077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.451329947 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.451423883 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.451473951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.564992905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.565049887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.567513943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.567564964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.567609072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.567655087 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.568793058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.568845034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.569483042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.569530964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.569550991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.569596052 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.569689035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.569731951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.569813967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.569870949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.569911957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.569958925 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.569967985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570008039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.570087910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570130110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.570139885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570180893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.570364952 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570408106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.570430040 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570441008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570496082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.570663929 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570715904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.570785999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.570828915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.614259958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.614312887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.684362888 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.684428930 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.686978102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.687026024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.687185049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.687230110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.688196898 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.688254118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.688779116 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.688827038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689145088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689187050 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689217091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689260006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689330101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689371109 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689392090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689435959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689449072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689492941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689515114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689565897 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689583063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689625978 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689681053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689724922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.689733982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.689779997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.690116882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.690160990 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.690270901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.690279961 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.690310001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.690320969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.690361977 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.803881884 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.803940058 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.806509018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.806561947 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.806646109 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.806703091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.807668924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.807714939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.808237076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.808279991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.808653116 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.808701992 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.808887005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.808936119 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.808996916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809041023 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809041023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809083939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809128046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809171915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809253931 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809263945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809295893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809299946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809340954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809379101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809436083 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809463978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809509039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809540033 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809585094 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.809766054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.809808969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.850297928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.850346088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.923605919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.923655033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.926189899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.926243067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.926368952 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.926414013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.927460909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.927510023 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.928122044 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.928165913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.928682089 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.928734064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929047108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929092884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929186106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929194927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929207087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929234028 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929246902 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929250002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929297924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929336071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929383039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929414034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929467916 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929521084 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929563999 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929593086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929636002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929639101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929683924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.929805994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.929851055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:09.970299006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:09.970366955 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.043217897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.043284893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.045588970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.045640945 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.045766115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.045810938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.046859980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.046905041 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.047538996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.047586918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.048021078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.048072100 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.048386097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.048430920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.048521996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.048577070 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.048676014 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.048686028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.048736095 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.048850060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.048903942 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.049019098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.049062014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.049089909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.049138069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.049187899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.049237967 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.049266100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.049313068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.162815094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.162883997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.165256023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.165304899 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.165401936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.165450096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.166564941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.166613102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.167248964 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.167339087 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.167773962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.167820930 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168044090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168091059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168201923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168251038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168294907 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168338060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168462038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168509007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168545961 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168591976 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168692112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168740988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168770075 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168780088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168824911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168857098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168900013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.168986082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.168998957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.169009924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.169028997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.169050932 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.169064045 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.282501936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.282569885 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.284897089 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.284918070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.284946918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.284962893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.286288023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.286330938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.286669016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.286716938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.287210941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.287256002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.287415981 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.287456989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.287480116 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.287528038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.287645102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.287697077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.287718058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.287761927 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.287951946 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.287961006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288006067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.288036108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288084984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.288130999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288178921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.288217068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288264036 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.288352966 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288404942 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.288553953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288603067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.288630962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.288675070 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.330256939 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.330326080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.401854992 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.401906967 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.404416084 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.404467106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.405781984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.405831099 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.406039953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.406085014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.406569004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.406615019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.406824112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.406867981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407094955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407131910 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407244921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407284975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407387018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407426119 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407453060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407463074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407499075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407562017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407605886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407639980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407649040 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407696009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407732964 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407774925 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.407830954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407840967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.407879114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.521478891 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.521533012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.521631002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.521682978 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.523880959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.523922920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.523946047 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.523993969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.525218964 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.525266886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.525507927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.525554895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526031017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526076078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526240110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526283979 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526398897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526442051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526478052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526488066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526515961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526536942 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526709080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526757002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526772022 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.526820898 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.526966095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.527009964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.527040005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.527081966 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.527201891 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.527246952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.527262926 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.527285099 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.527306080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.527328968 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.527405977 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.527450085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.640796900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.640852928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.643338919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.643389940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.643523932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.643563986 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.644752026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.644794941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.644912958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.644958973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.645406961 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.645447016 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.645593882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.645651102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.645762920 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.645806074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.645845890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.645888090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646245956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646286964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646295071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646332979 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646362066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646408081 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646445990 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646457911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646481991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646495104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646784067 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646816969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.646828890 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646857977 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.646960974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.647013903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.690277100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.690351009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.760315895 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.760400057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.762912035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.762960911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.762960911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.763003111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.764112949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.764154911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.764225960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.764266968 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.764843941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.764889956 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.765044928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.765084028 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.765295029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.765340090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.765388966 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.765430927 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.765888929 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.765950918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.765997887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766053915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766083002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766122103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766206980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766249895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766282082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766325951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766499996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766535997 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766544104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766563892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766576052 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766602993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766634941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766647100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.766673088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.766690969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.879722118 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.879803896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.882311106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.882364035 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.882381916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.882430077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.883528948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.883577108 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.883609056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.883649111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.884303093 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.884347916 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.884371042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.884416103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.884450912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.884491920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.884758949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.884800911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.884802103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.884852886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885142088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885186911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885236025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885277987 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885413885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885452032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885493040 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885531902 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885730982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885775089 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885818958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885855913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885869026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.885910988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.885991096 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.886040926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.886066914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.886105061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.926351070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.926434994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:10.999156952 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:10.999234915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.001815081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.001867056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.001872063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.001914024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.003081083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.003125906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.003165007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.003205061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.003868103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.003925085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.004023075 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.004082918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.004225969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.004271030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.004425049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.004473925 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.004661083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.004709959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.004921913 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.004962921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005093098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005160093 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005264044 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005311012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005459070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005503893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005574942 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005619049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005646944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005705118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005728006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005774975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005832911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005848885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005893946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.005908966 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.005955935 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.119003057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.119087934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.121766090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.121824980 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.121860027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.121912003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.122870922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.122912884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.123408079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.123457909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.123564959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.123610973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.123639107 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.123686075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.123924971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.123970985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.123995066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124042988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124191046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124242067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124340057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124399900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124504089 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124550104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124608040 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124654055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124810934 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124857903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124886036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.124934912 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.124968052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.125015974 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.125047922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.125073910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.125098944 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.125113964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.170448065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.170509100 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.238533974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.238606930 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.241471052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.241528034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.241597891 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.241643906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.242634058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.242686987 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.242768049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.242814064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.243078947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243102074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243130922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.243246078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243289948 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.243612051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243655920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.243726015 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243772030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.243930101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243969917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.243973970 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244014025 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244180918 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244227886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244254112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244292021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244525909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244568110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244668961 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244713068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244731903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244775057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244831085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244869947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.244874954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244906902 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.244954109 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.245002031 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.286348104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.286417961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.358107090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.358161926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.360924006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.360972881 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.361217976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.361272097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.362235069 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.362288952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.362484932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.362533092 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.362586975 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.362641096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.363002062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363019943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363048077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.363063097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.363377094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363387108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363432884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.363658905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363703012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.363851070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363872051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.363902092 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.363917112 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.364006042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.364053011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.364207029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.364253044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.364332914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.364381075 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.364386082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.364418030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.364444971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.364464045 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.364470959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.364520073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.477531910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.477593899 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.480324030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.480382919 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.480540991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.480644941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.481626034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.481720924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.481736898 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.481748104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.481976986 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.482032061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.482316017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.482363939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.482465982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.482515097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.482543945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.482599020 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.482831001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.482886076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.482988119 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483032942 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483033895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.483104944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483117104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483163118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.483345985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483392000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.483429909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483472109 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.483789921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483839989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.483859062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483902931 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.483954906 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.483998060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.597209930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.597274065 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.599872112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.599947929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.599977970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.600029945 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601026058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601069927 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601092100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601134062 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601239920 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601280928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601300955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601342916 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601463079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601505995 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601819038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601861000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.601877928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.601927996 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602247953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602302074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602334023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602379084 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602479935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602524042 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602583885 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602622032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602699995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602740049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602744102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602767944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.602786064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.602816105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.603153944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.603199005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.603236914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.603276014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.603306055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.603352070 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.603409052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.603452921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.603466034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.603512049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.719260931 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.719304085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.719345093 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.719369888 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.720490932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.720542908 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.720616102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.720666885 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.720679045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.720725060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.720762968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.720813036 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.721338034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.721384048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.721416950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.721465111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.721828938 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.721879959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.721882105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.721930981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.722006083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722027063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722052097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.722065926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.722284079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722305059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722345114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.722645998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722692013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.722734928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722778082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.722815990 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.722867966 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.723025084 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.723036051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.723081112 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.770315886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.770384073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.839972973 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.840074062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.840089083 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.840132952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.841038942 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.841088057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.841160059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.841207027 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.841223955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.841264009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.841317892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.841356039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.841903925 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.841952085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842163086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842171907 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842227936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842227936 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842269897 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842685938 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842698097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842708111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842742920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842758894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842778921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842823982 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842890978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842936993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.842952013 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.842989922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.843028069 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.843041897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.843067884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.843082905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.886367083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.886502981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.959528923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.959610939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.959619999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.959673882 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.960387945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.960441113 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.960555077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.960594893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.960618973 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.960659981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.961767912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.961812019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.961838007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.961879015 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.962090015 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.962133884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.962249041 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.962289095 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.962374926 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.962445021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.962697983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.962742090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.962965012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963005066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963033915 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963072062 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963145971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963181973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963237047 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963279963 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963279963 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963321924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963352919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963397026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963471889 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963521957 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963531971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963568926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963654995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963695049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:11.963716984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:11.963754892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.078862906 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.078900099 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.078958035 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.078985929 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.078985929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.079025984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.079783916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.079843998 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.079876900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.079915047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.079953909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.079972982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.079999924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.080015898 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.081154108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.081211090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.081212997 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.081254959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.081259012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.081300974 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.081450939 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.081491947 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.081747055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.081770897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.081824064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.082267046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.082314014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.082334042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.082345009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.082381010 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.082444906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.082628965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.082683086 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.082799911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.082847118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.198453903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.198518038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.198522091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.198571920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.199294090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.199331999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.199337006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.199374914 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.199575901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.199620008 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.200634956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.200678110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.200683117 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.200728893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.200742960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.200753927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.200792074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.200810909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.200859070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.200905085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.201040030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.201050997 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.201091051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.201093912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.201138020 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.204638004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.204648972 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.204664946 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.204674959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.204684019 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.204701900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.204730034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.318447113 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.318504095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.318515062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.318531036 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.318563938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.319588900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.319637060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.319729090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.319740057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.319825888 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.320720911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.320816994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.320852041 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.320862055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.320869923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.320913076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.320997953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.321043015 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.321177959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.321187019 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.321230888 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.321305037 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.321314096 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.321347952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.321360111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.321475029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.321553946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.323889017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.323940039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.324215889 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.324265957 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.324893951 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.324937105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.325035095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.325046062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.325097084 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.325196981 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.325206995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.325251102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.437983036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.438044071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.438071012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.438093901 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.439063072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.439116955 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.439127922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.439174891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.439187050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.439234018 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.439986944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440035105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440294981 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440342903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440402985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440457106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440479994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440522909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440551043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440599918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440660954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440711975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440752983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440799952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.440812111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440821886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.440871954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.443213940 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.443263054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.443679094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.443731070 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.444200993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.444253922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.444278002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.444323063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.444633007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.444685936 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.444746971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.444792032 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.444793940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.444834948 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.557476044 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.557497025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.557513952 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.557553053 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.557590961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.558556080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.558587074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.558602095 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.558629990 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.558638096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.558675051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.559508085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.559556961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.559582949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.559601068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.559623957 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.559634924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.559799910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.559853077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.559962034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.560002089 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.560056925 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.560106039 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.560107946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.560148001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.560342073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.560352087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.560389996 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.562781096 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.562825918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.562900066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.562949896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.563045979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.563091040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.563709021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.563755035 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.563967943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.564008951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.564119101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.564162016 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.564188004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.564235926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.606349945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.606398106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.676963091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.676980019 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.677018881 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.677047014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.678077936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.678143024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.678993940 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679042101 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679069996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679117918 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679387093 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679439068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679462910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679506063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679589987 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679626942 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679692030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679730892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679802895 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679843903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.679925919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.679963112 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.682116985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.682281971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.682379007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.682425976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.682470083 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.683032036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.683080912 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.683445930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.683455944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.683495045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.683504105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.683541059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.683542967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.683584929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.796459913 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.796528101 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.796608925 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.796673059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.797451019 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.797497034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.797539949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.797585011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.797589064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.797629118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798460960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798506975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798547983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798557997 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798612118 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798626900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798677921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798723936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798775911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798784018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798837900 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798841953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.798888922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.798983097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.799035072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.799299955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.799338102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.799345016 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.799381971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.801707029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.801757097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.801836967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.801891088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.802611113 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.802659988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.802695990 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.802737951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.803061962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.803112030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.803127050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.803170919 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.803286076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.803327084 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.803455114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.803467035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.803510904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.916829109 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.916902065 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.918174982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.918226004 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919169903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919194937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919204950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919214010 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919218063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919223070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919233084 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919239998 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919241905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919251919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919260025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919267893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919269085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919291019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919296980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919322014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919339895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919461012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919471025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919478893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.919507027 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.919518948 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.921221972 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.921269894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922013044 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922059059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922080994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922116995 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922121048 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922158957 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922636032 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922678947 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922708035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922729969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922744989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922754049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922766924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922786951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:12.922789097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:12.922859907 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.035459995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.035527945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.035553932 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.035594940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.035677910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.035854101 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.038619041 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.038674116 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.038714886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.038763046 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.038825989 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.038873911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039010048 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039068937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039213896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039263010 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039349079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039357901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039397001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039410114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039446115 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039504051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039551020 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039608002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039663076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039680004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039731026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039757013 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039804935 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039859056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039920092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.039944887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039963007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.039983988 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.040040970 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.040065050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.040152073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.040736914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.040786982 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.041584969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.041630983 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.041768074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.041815042 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.042011023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.042057991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.042094946 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.042135000 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.042140961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.042185068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.042237043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.042284012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.042316914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.042362928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.090321064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.090429068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.154989958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.155016899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.155060053 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.155073881 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.155122042 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158183098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158233881 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158260107 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158308983 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158339024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158349991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158392906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158459902 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158504963 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158505917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158540964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158628941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158638954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158680916 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158725977 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158736944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158773899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158776045 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158813953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158873081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.158921003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.158956051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.159003019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.159030914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.159044027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.159076929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.159086943 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.159090996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.159135103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.160159111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.160216093 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161075115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161123037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161133051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161175013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161492109 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161540985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161571026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161618948 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161628962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161644936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161670923 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161684036 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.161717892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.161766052 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.202320099 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.202373981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.274434090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.274496078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.274538040 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.274588108 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.277811050 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.277832031 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.277853966 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.277863026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.277868032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.277889013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.277911901 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278073072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278126955 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278248072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278290033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278330088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278376102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278426886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278491974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278495073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278506994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278534889 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278548002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278570890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278604031 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278615952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278640032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278670073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278717995 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278729916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278759956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.278776884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.278796911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.279524088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.279572010 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.280622005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.280632973 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.280673981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.280879974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.280931950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.281054020 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.281064987 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.281097889 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.281119108 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.281162024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.281212091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.281228065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.281236887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.281275034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.394015074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.394032001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.394126892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397301912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397361994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397475958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397525072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397561073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397571087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397607088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397656918 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397665977 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397708893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397722960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397759914 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397778034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397813082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.397886038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.397926092 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398049116 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398091078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398130894 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398173094 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398175001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398185015 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398222923 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398231030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398233891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398274899 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398346901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398397923 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398401976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398422956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398447990 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398463964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.398883104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.398932934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.400044918 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400053978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400099993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.400346994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400356054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400393963 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.400399923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400440931 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.400515079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400523901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400573015 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.400728941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.400774002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.513493061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.513566017 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.513607979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.513659000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.516841888 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.516892910 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.516927004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.516979933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517016888 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517061949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517149925 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517194033 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517195940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517237902 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517268896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517313004 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517323017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517373085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517486095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517497063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517504930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517550945 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517616034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517666101 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517765999 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517776012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517815113 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517823935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517834902 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517859936 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517884970 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.517924070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517932892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.517970085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.518465042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.518511057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.519695044 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.519742012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.519840002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.519882917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.519923925 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.519965887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.519973993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.519990921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.520014048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.520031929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.520127058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.520173073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.520348072 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.520386934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.520391941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.520430088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.634195089 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.634288073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.634337902 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.634401083 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.636836052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.636883974 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.636950970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637001038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637187004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637232065 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637255907 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637299061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637305021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637320042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637352943 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637367964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637437105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637495995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637496948 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637540102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637600899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637609959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637640953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637650967 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637685061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637739897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637789011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637789965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637799025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637834072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637861013 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.637902021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.637955904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.638003111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.638129950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.638180017 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.639199972 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.639246941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.639353037 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.639396906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.639637947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.639682055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.639713049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.639759064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.639801025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.639836073 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.639946938 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.639990091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.640037060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.640077114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.640279055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.640317917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.640363932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.640405893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.753637075 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.753720999 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.753808975 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.753855944 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.753874063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.753921032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.753987074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.754034042 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.756340981 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.756386042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.756387949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.756434917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.756486893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.756536007 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.756684065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.756730080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.756742954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.756788015 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.756838083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.756896019 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757066965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757117033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757169008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757219076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757350922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757404089 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757431984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757477999 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757500887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757544994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757548094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757591963 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.757885933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757894993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.757936954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.758718014 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.758766890 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.758882046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.758929014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.759031057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759084940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.759192944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759232044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.759552002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759562016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759608030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.759795904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759848118 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.759897947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759907007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.759947062 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.873054028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.873126984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.873198032 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.873249054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.873270988 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.873317003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.873483896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.873529911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.876490116 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.876538038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.876940012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.876987934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.877497911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.877542973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.878351927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.878401041 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.878411055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.878420115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.878453016 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.878475904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.878895044 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.878943920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.879420996 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.879467964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.879987001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.880034924 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.880549908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.880599976 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.881714106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.881758928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.881963968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.882010937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.882745028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.882754087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.882800102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.883270025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.883322001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.883375883 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.883416891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.883936882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.883980989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.884574890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.884622097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.884717941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.884763002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.885149002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.885195971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.885214090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.885258913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.885665894 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.885713100 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.885742903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.885786057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.885857105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.885900021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.886816978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.886866093 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.886903048 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.886946917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.887427092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.887478113 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.887550116 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.887558937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.887605906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.888030052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.888075113 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.888644934 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.888705015 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.930329084 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.930392981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.992700100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.992759943 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.992846966 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.992894888 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.992929935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.992938995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.992978096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.996249914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.996294022 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.996402025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.996411085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.996494055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.996881962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.996932030 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.997864008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.997921944 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.998199940 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.998246908 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.999340057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:13.999389887 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:13.999999046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.000040054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.000127077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.000165939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.000484943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.000529051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.001142025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.001183033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.001211882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.001255035 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.001338005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.001377106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.003119946 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.003170013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.003890038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.003951073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.003989935 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.004002094 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.004174948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.004216909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.004240036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.004273891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.004292965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.004332066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.004739046 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.004791021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.004801989 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.004841089 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.005017042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.005064964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.005606890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.005654097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.005686998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.005724907 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.006891012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.006934881 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.007363081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.007416964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.007855892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.007894993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.008003950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.008042097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.008135080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.008174896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.008274078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.008315086 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.008446932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.008485079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.008491993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.008523941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.050241947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.050406933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.112034082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.112097979 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.112247944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.112301111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.112301111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.112356901 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.112435102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.112488031 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.115673065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.115720034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.115756989 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.115803003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.116353035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.116398096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.117151022 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.117197037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.117683887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.117728949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.118748903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.118796110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.118860006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.118870974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.118911982 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.119519949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.119569063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.119762897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.119807959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.119915009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.119965076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.120500088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.120543003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.120794058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.120842934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.122507095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.122555017 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.123259068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.123306036 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.123332024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.123375893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.123686075 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.123734951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.123866081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.123874903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.123914957 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.123958111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.124011040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.124202967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.124248981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.124285936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.124300957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.124330997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.124355078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.125108004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.125154018 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.125159979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.125202894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.126243114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.126288891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.126804113 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.126851082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.127321005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.127363920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.127413988 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.127459049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.127548933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.127590895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.127661943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.127711058 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.127892017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.127939939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.127969027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.128010988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.231587887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.231682062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.231781960 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.231798887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.231823921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.231853962 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.231873989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.233155012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.233207941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.235151052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.235198021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.235265017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.235307932 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.235841036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.235889912 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.236609936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.236629009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.236655951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.236669064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.237010002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.237072945 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.238193035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.238241911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.238248110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.238295078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.238833904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.238883018 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.238915920 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.238962889 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.239422083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.239465952 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.240129948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.240180969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.240185976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.240231991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.240329027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.240375996 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.241951942 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.241997957 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.242753983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.242799997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.242897034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.242944002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.243232965 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243279934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.243303061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243352890 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.243455887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243499994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.243613005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243660927 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.243733883 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243743896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243786097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.243876934 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.243925095 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.244648933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.244699001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.245780945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.245832920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.246288061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.246336937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.246721983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.246772051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.247208118 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.247262955 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.247263908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.247315884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.290244102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.290301085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.350982904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.351053953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.351123095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.351177931 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.351181984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.351218939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.351288080 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.351336002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.351411104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.351454973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.354512930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.354557991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.354597092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.354643106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.354866028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.354908943 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.355149984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.355189085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.356086969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.356132984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.356137991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.356173038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.356379986 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.356439114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.357573032 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.357621908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.357624054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.357661009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.358251095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.358294964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.358408928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.358418941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.358460903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.358762026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.358803034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.359528065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.359574080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.359765053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.359802961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.361444950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.361501932 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.362051010 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362101078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.362245083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362291098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.362314939 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362351894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.362601042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362641096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.362776995 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362811089 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362819910 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.362821102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.362859964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.363157988 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.363203049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.363214016 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.363255024 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.363421917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.363502026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.364048958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.364094973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.364119053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.364166975 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.365091085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.365133047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.365698099 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.365742922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.366089106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366130114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.366411924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366422892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366462946 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.366570950 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366580009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366616964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.366797924 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366841078 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.366873026 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.366915941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.470688105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.470762968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.470781088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.470829964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.470885038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.474157095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.474167109 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.474236012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.474637032 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.474685907 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.475630045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.475678921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.475712061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.475755930 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.475832939 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.475874901 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.477581978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.477657080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.477901936 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.477972031 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.478002071 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.478029966 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.478244066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.478282928 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.478980064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.479023933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.479254007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.479302883 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.481033087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.481080055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.481651068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.481700897 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.481764078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.481800079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.481880903 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.481890917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.481930971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482018948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482059002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482063055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482103109 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482192993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482234001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482321024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482358932 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482444048 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482487917 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482517004 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482551098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.482669115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.482711077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.483561039 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.483594894 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.483599901 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.483633041 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.484498024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.484535933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.485074043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.485116005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.485542059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.485583067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.485680103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.485717058 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.485785961 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.485821962 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.485872030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.485913992 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.485917091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.485956907 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.486289024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.486326933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.486346006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.486382961 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.530277014 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.530333996 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.589999914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.590050936 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.590097904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.590192080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.590214968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.590256929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.590267897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.590306997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.593521118 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.593568087 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.593575954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.593617916 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.593698025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.593744040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.593781948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.593821049 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.593913078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.593955994 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.595094919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.595139980 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.595158100 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.595199108 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.595452070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.595491886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.596568108 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.596609116 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.596659899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.596699953 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.597296953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.597340107 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.597369909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.597409010 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.597650051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.597690105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.597695112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.597731113 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.598416090 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.598458052 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.598459005 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.598501921 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.598573923 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.598612070 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.600474119 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.600523949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601109982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601150990 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601212978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601255894 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601264954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601304054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601306915 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601331949 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601342916 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601377010 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601494074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601536036 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601567030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601612091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601749897 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601789951 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.601802111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.601839066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.602036953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.602080107 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.603116035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.603151083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.603159904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.603183985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.603199005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.603224993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.604650021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.604692936 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.604768038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.604809046 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.605062008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.605102062 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.605298042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.605336905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.605449915 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.605494022 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.605571985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.605613947 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.605846882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.605884075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.605992079 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.606014967 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.606030941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.606045008 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.709583998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.709608078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.709619045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.709650993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.709681034 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.709708929 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.709744930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.709752083 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.709791899 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.712969065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.713027000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.713047028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.713088989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.714096069 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.714168072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.714559078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.714616060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.714920998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.714961052 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.716006041 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.716052055 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.716053009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.716089964 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.716614008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.716650963 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.716666937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.716713905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.717174053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.717220068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.717917919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.717936993 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.717947960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.717962027 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.717978001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.718055964 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.718065023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.718106031 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.719841957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.719906092 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.720617056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.720669031 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.720679998 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.720721960 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.720726013 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.720765114 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.720767021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.720809937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.720983028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.721028090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.721106052 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.721144915 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.721326113 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.721376896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.721429110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.721474886 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.721544027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.721587896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.721596956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.721640110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.722405910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.722461939 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.722598076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.722640991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.722707033 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.722748041 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.724024057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.724081039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.724106073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.724116087 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.724155903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.724705935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.724752903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.724831104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.724870920 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.724874020 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.724914074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.725270987 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.725298882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.725317001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.725339890 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.725397110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.725436926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.725461006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.725501060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.829113007 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.829128027 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.829173088 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.829181910 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.829212904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.832643986 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.832699060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.832700014 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.832740068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.832758904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.832799911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.832808971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.832848072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.832880974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.832926989 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.832956076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.832994938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.833010912 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.833054066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.833084106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.833126068 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.833975077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.834017038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.834274054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.834314108 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.835292101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.835344076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.835551023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.835592985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.836143970 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.836159945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.836191893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.836208105 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.836636066 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.836674929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.837445021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.837485075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.837505102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.837541103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.837565899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.837608099 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.837614059 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.837656021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.837735891 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.837774992 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.839272976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.839318037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.839447975 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.839488983 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840214014 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840253115 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840275049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840317011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840321064 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840364933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840432882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840472937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840550900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840594053 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840713024 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840749025 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840893030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.840934992 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.840971947 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.841010094 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.841034889 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.841063023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.841073990 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.841105938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.841826916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.841869116 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.842120886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.842164993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.842200041 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.842237949 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.843864918 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.843908072 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.843941927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.843951941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.843980074 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.843996048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.844263077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.844305038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.844312906 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.844355106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.844481945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.844520092 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.844789982 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.844832897 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.844940901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.844983101 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.845132113 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.845172882 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.845201969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.845247984 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.948630095 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.948690891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.948728085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.948770046 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.948808908 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.948852062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.948860884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.948889971 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.948904037 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.948930025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.948949099 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.948971033 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952445984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.952505112 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952544928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.952588081 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952626944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.952670097 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952719927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.952754974 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.952764988 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952805996 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952826023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.952869892 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.952956915 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.953005075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.953036070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.953094959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.953715086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.953757048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.953780890 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.953824043 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.954030991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.954077959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.955203056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.955248117 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.955806017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.955866098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.956149101 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.956198931 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.957021952 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.957066059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.957153082 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.957194090 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.957261086 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.957298994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.957303047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.957336903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.957427979 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.957464933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.957479000 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.957519054 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.958748102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.958790064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.959820986 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.959832907 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.959867954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.959882021 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.959935904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.959970951 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.959980011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.960015059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.960088968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.960184097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.960216045 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.960228920 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.960267067 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.960295916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.960335970 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.960539103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.960583925 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.960597992 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.960640907 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.961342096 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.961383104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.961414099 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.961447954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.961765051 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.961802959 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.961878061 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.961922884 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.963265896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.963310003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.963360071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.963402987 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.963877916 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.963920116 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.963953018 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.963998079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.964109898 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.964148998 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.964546919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.964586973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.964613914 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.964660883 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.964752913 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.964796066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.964870930 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.964911938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:14.964951038 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:14.964987993 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.068042994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.068099022 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.068200111 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.068243027 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.068253040 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.068284035 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.068294048 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.068325043 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.068365097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.068403006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.071947098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072010040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072113037 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072128057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072160006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072196960 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072246075 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072277069 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072315931 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072357893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072392941 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072397947 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072438002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072474957 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072519064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072604895 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072645903 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.072719097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.072758913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.073195934 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.073237896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.073370934 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.073411942 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.074596882 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.074641943 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.074695110 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.074738026 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.075222969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.075263977 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.075519085 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.075563908 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.075593948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.075637102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.076378107 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076427937 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.076519966 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076566935 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.076622009 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076661110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.076775074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076818943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076821089 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.076860905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.076950073 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076961994 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.076992035 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.077013969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.078216076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.078236103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.078262091 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.078280926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079226971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079272985 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079355955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079406023 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079417944 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079437017 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079468012 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079508066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079581976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079623938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079641104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079679012 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079782963 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079823017 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.079900980 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.079943895 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.080003977 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.080048084 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.080821991 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.080864906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.081244946 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.081285000 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.081285954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.081316948 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.081357956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.081402063 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.082703114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.082742929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.082779884 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.082822084 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.083180904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.083221912 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.083323956 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.083362103 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.083498001 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.083538055 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.083914042 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.083998919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.084008932 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.084197044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.084199905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.084211111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.084239006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.084259987 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.084270954 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.084300041 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.084319115 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.187822104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.187907934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.187932014 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.187978029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.187978983 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.187988043 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.188040018 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191514969 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191576004 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191596985 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191641092 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191675901 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191715002 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191751003 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191792011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191845894 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191862106 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191890001 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191901922 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.191946030 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191976070 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.191987038 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.192014933 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.192064047 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.192104101 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.192136049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.192176104 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.192611933 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.192651987 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.192884922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.192941904 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.193950891 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.193996906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.194050074 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.194081068 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.194091082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.194122076 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.194710016 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.194755077 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.195004940 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.195074081 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.195918083 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.195967913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.195970058 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196007013 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.196028948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196072102 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.196089029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196130991 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.196171045 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196208954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.196283102 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196319103 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196321011 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.196363926 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.196398973 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.196439028 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.197674036 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.197720051 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.198620081 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.198666096 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.198724031 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.198761940 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.198761940 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.198800087 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.198843002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.198880911 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.198913097 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.198946953 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.198990107 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.199033976 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.199094057 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.199098110 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.199135065 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.199145079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.199177980 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.199291945 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.199331999 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.200217962 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.200274944 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.200784922 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.200835943 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.200839043 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.200875044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.200910091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.200948000 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.202246904 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.202305079 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.202321053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.202362061 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.202678919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.202719927 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.202749968 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.202760935 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.202791929 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.202809095 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.202896118 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.202936888 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.203628063 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.203677893 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.203692913 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.203711033 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.203722954 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.203746080 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.203768015 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.203816891 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.203883886 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.203927040 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.203937054 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.203977108 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.309855938 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.309983969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311067104 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311122894 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311130047 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311151028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311177015 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311191082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311254025 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311264992 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311321020 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311340094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311388969 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311434984 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311484098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311521053 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311532021 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311577082 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.311610937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.311657906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.312043905 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.312093973 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.312130928 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.312177896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.312287092 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.312335014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.313364029 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.313410997 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.313453913 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.313500881 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.313574076 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.313621044 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.314165115 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.314213037 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.314389944 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.314443111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315190077 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315239906 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315296888 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315346003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315414906 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315463066 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315522909 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315563917 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315578938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315602064 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315685034 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315694094 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315716028 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.315746069 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.315768003 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.317045927 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.317094088 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.317955017 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318003893 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318057060 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318089008 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318115950 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318130016 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318198919 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318249941 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318382978 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318443060 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318445921 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318487883 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318497896 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318546057 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318571091 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318618059 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318631887 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318682909 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.318767071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.318825006 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.319704056 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.319757938 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.320261002 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.320312023 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.320334911 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.320347071 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.320404053 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.321630955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.321679115 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.321687937 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.321707010 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.321746111 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.321762085 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.322240114 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.322293043 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.322438955 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.322489023 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.322974920 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.323029041 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.323076010 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.323107958 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.323127031 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.323143005 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.323151112 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.323199987 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.323304892 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.323352098 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.323355913 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.323406935 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.427184105 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.427275896 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.427283049 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.427293062 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.427304983 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.427352905 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.427382946 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.427433014 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.430552006 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430603981 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.430614948 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430660009 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.430701971 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430725098 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430747032 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.430766106 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.430896997 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430907011 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430921078 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430929899 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430938959 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430963039 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.430965900 CET	15666	49704	5.252.155.28	192.168.2.5
Dec 7, 2024 18:10:15.430990934 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.431010962 CET	49704	15666	192.168.2.5	5.252.155.28
Dec 7, 2024 18:10:15.431412935 CET	15666	49704	5.252.155.28	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 7, 2024 18:10:02.200575113 CET	192.168.2.5	1.1.1.1	0x28c3	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 7, 2024 18:10:02.337882996 CET	1.1.1.1	192.168.2.5	0x28c3	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Dec 7, 2024 18:10:02.337882996 CET	1.1.1.1	192.168.2.5	0x28c3	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Dec 7, 2024 18:10:02.337882996 CET	1.1.1.1	192.168.2.5	0x28c3	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	104.26.12.205	443	6160	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 17:10:03 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-12-07 17:10:04 UTC	424	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 17:10:03 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 8ee620827b5c4245-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1722&min_rtt=1720&rtt_var=649&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1680092&cwnd=187&unsent_bytes=0&cid=8b4081e8cac4a6ac&ts=534&x=0"
2024-12-07 17:10:04 UTC	12	IN	Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38 Data Ascii: 8.46.123.228

Target ID:	0
Start time:	12:09:59
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff6a9cc0000
File size:	4'269'056 bytes
MD5 hash:	399B2859420738500EB977F816FE61E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:10:00
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff6a9cc0000
File size:	4'269'056 bytes
MD5 hash:	399B2859420738500EB977F816FE61E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.2271142110.0000027E28AC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:10:22
Start date:	07/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff788840000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:10:22
Start date:	07/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:10:23
Start date:	07/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping 1.1.1.1 -n 1 -w 3000
Imagebase:	0x7ff766ce0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 00007FF6A9D0FDE4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6A9D0FE10
GetCurrentThreadId.KERNEL32 ref: 00007FF6A9D0FE1E
GetCurrentProcessId.KERNEL32 ref: 00007FF6A9D0FE2A
QueryPerformanceCounter.KERNEL32 ref: 00007FF6A9D0FE3A

Memory Dump Source

Source File: 00000000.00000002.2046709498.00007FF6A9CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6A9CC0000, based on PE: true

Associated: 00000000.00000002.2046696760.00007FF6A9CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046745801.00007FF6A9D3B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046745801.00007FF6A9D54000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046745801.00007FF6AA0AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046931160.00007FF6AA0C7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046945524.00007FF6AA0CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046945524.00007FF6AA0D3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046975349.00007FF6AA0D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6a9cc0000_file.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 66dffe7ee173be83caf6d25513cd58fc43f63803bf13eaf2a3b2507e135e52d1
Instruction ID: 2357a85b9ce8eede9d0cb774a44b57410bf10497b8f3f493601b9c2c434812cf
Opcode Fuzzy Hash: 66dffe7ee173be83caf6d25513cd58fc43f63803bf13eaf2a3b2507e135e52d1
Instruction Fuzzy Hash: E0112A22B15F06CAEB00CF60E8542B833B4FB59B58F441E36DA6D867A4DF7CE1A58340

Analysis Process: file.exePID: 6160, Parent PID: 5748COMMON

Execution Graph

Execution Coverage:	7.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.6%
Total number of Nodes:	2000
Total number of Limit Nodes:	61

Executed Functions

Function 0000000140085B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 0000000140085BB1
GetSystemMetrics.USER32 ref: 0000000140085BBF
GetSystemMetrics.USER32 ref: 0000000140085BCD
GetSystemMetrics.USER32 ref: 0000000140085BDB
GetDC.USER32 ref: 0000000140085BE5
GetDeviceCaps.GDI32 ref: 0000000140085BFB
GetDeviceCaps.GDI32 ref: 0000000140085C0B
CreateCompatibleDC.GDI32 ref: 0000000140085C18
CreateCompatibleBitmap.GDI32 ref: 0000000140085C30
SelectObject.GDI32 ref: 0000000140085C46
BitBlt.GDI32 ref: 0000000140085C7C
SHCreateMemStream.SHLWAPI ref: 0000000140085CB2
SelectObject.GDI32 ref: 0000000140085CC8
DeleteDC.GDI32 ref: 0000000140085CD1
ReleaseDC.USER32 ref: 0000000140085CDC
DeleteObject.GDI32 ref: 0000000140085CE5
EnterCriticalSection.KERNEL32 ref: 0000000140085DDC
LeaveCriticalSection.KERNEL32 ref: 0000000140085DEE
IStream_Size.SHLWAPI ref: 0000000140085E25
IStream_Reset.SHLWAPI ref: 0000000140085E36
IStream_Read.SHLWAPI ref: 0000000140085EBB
SelectObject.GDI32 ref: 0000000140085F15
DeleteDC.GDI32 ref: 0000000140085F1E
ReleaseDC.USER32 ref: 0000000140085F2B
DeleteObject.GDI32 ref: 0000000140085F34

Strings

, xrefs: 0000000140085C51

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
String ID:
API String ID: 3214587331-3916222277
Opcode ID: 2a897683bf24beb42ff2bc5807c19e1408fc5616b7f13a19795b843435caa3c5
Instruction ID: 703b3a6d47ced6971692c6e043727a25a26f8932f149495a63e694f68f4715db
Opcode Fuzzy Hash: 2a897683bf24beb42ff2bc5807c19e1408fc5616b7f13a19795b843435caa3c5
Instruction Fuzzy Hash: A4B12E32208BC086E761DB22E8543DEB7A5FB8DBC1F408515EB8A43B69DF38C185CB40

Function 00000001400BB5B0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 00000001400BB65D
GetLastError.KERNEL32 ref: 00000001400BB667
FindFirstFileW.KERNEL32 ref: 00000001400BB67E
GetLastError.KERNEL32 ref: 00000001400BB68A
FindClose.KERNEL32 ref: 00000001400BB698
__std_fs_open_handle.LIBCPMT ref: 00000001400BB72B
CloseHandle.KERNEL32 ref: 00000001400BB741
CloseHandle.KERNEL32 ref: 00000001400BB8B4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
Instruction ID: fde7f6f548f3d5d2f6b779677d4d0ac92ef93c0439d4cbf494ca9037cd0bf826
Opcode Fuzzy Hash: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
Instruction Fuzzy Hash: 50918E32204E0147E6769FA7A8047AA23A4AB8D7F5F584714FBB6476F4DFB8CA05C740

Function 0000000140088030 Relevance: 22.6, APIs: 3, Strings: 9, Instructions: 1600COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140086C70: GetCurrentHwProfileW.ADVAPI32 ref: 0000000140086CAC

Part of subcall function 0000000140086540: EnumDisplayDevicesW.USER32 ref: 0000000140086657
Part of subcall function 0000000140086540: EnumDisplayDevicesW.USER32 ref: 00000001400866FB

Part of subcall function 0000000140086460: RegGetValueA.ADVAPI32 ref: 00000001400864C9

Part of subcall function 0000000140086150: GetUserNameW.ADVAPI32 ref: 0000000140086195

Part of subcall function 00000001400861F0: GetComputerNameW.KERNEL32 ref: 0000000140086235

GlobalMemoryStatusEx.KERNEL32 ref: 00000001400887BC
wcsftime.LIBCMT ref: 0000000140088FB2
GetModuleFileNameA.KERNEL32 ref: 0000000140089146

Strings

ram, xrefs: 000000014008889B
gpu, xrefs: 0000000140088562
user_name, xrefs: 000000014008846F
time, xrefs: 0000000140089081
system, xrefs: 0000000140088424, 0000000140088513, 0000000140088609, 0000000140088703, 000000014008884B, 0000000140088945, 0000000140088A38, 0000000140088BBF, 0000000140088DB0, 0000000140089031, 00000001400891F4, 000000014008940E, 00000001400895AD, 0000000140089757, 000000014008981D
%d-%m-%Y, %H:%M:%S, xrefs: 0000000140088F9F
cpu, xrefs: 0000000140088658
timezone, xrefs: 0000000140089454
computer_name, xrefs: 0000000140088994

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 2509368203-1182675529
Opcode ID: 004321a47cfaade36c31ca36d6e06ddde1220a5968451d25409a4be0fcfb0682
Instruction ID: ef48f63d2ae941425971807c1aa70cd5c410dc9acdd5c2c92023eb79a0c271c1
Opcode Fuzzy Hash: 004321a47cfaade36c31ca36d6e06ddde1220a5968451d25409a4be0fcfb0682
Instruction Fuzzy Hash: 34F25A33614BC085EB22DB26E8903DD77A1F799798F419616FB9D47BA9DB38C284C700

Function 000000014003D570 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 000000014003D65C
GetProcAddress.KERNEL32 ref: 000000014003D767
GetProcAddress.KERNEL32 ref: 000000014003D829
GetProcAddress.KERNEL32 ref: 000000014003D8A3
GetProcAddress.KERNEL32 ref: 000000014003D925
GetProcAddress.KERNEL32 ref: 000000014003D99F
GetProcAddress.KERNEL32 ref: 000000014003DA23
FreeLibrary.KERNEL32 ref: 000000014003E551

Strings

system, xrefs: 000000014003E35D
vault, xrefs: 000000014003E3B3
cannot use push_back() with , xrefs: 000000014003E59F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2449869053-1741236777
Opcode ID: 84d4e136c48f45961e94ab2d0fd2ebb70c4dff188800094b758042787a9b34c1
Instruction ID: 2a92ccc5b1d467f17da58c6df9da55f1dc7976cf29d812e554c759641952edc1
Opcode Fuzzy Hash: 84d4e136c48f45961e94ab2d0fd2ebb70c4dff188800094b758042787a9b34c1
Instruction Fuzzy Hash: 15924C72205BC489DB628F26E8843DE77B5F749798F504216EB9C4BBA9EF74C684C700

Function 0000000140065970 Relevance: 17.8, Strings: 14, Instructions: 304
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

recursive_directory_iterator::recursive_directory_iterator, xrefs: 000000014006A68F, 000000014006A6C9, 000000014006A81F
@, xrefs: 0000000140069B9B
content, xrefs: 0000000140066EB7, 00000001400679CA, 000000014006845D, 0000000140068F0A, 00000001400698AE, 000000014006A03E, 000000014006D6B3, 000000014006DB94
filename, xrefs: 0000000140066D9C, 00000001400678E3, 0000000140068376, 0000000140068E23, 0000000140069793, 0000000140069F35, 000000014006D5FC, 000000014006DAE0
recursive_directory_iterator::operator++, xrefs: 000000014006A678, 000000014006A745, 000000014006A808
@, xrefs: 000000014006A32B
exists, xrefs: 0000000140065F90, 000000014006A58E, 000000014006A5DE, 000000014006A6AC, 000000014006A76E, 000000014006A83C, 000000014006CA70, 000000014006D060, 000000014006F48D, 000000014006F779
cannot use push_back() with , xrefs: 000000014006A625, 000000014006A6FE, 000000014006A7B5, 000000014006DDD5
key, xrefs: 000000014006C60E, 000000014006C740
directory_iterator::directory_iterator, xrefs: 000000014006A5A5, 000000014006A853, 000000014006A875, 000000014006A8AD, 000000014006CA83, 000000014006DE23, 000000014006F4A4, 000000014006F78C
status, xrefs: 000000014006A5B5, 000000014006A600, 000000014006A6D9, 000000014006A790, 000000014006A863, 000000014006A885, 000000014006A89B, 000000014006A8BD, 000000014006CA99, 000000014006DE11, 000000014006DE33, 000000014006DE5B, 000000014006DE83, 000000014006F764
chrome_key, xrefs: 000000014006C851, 000000014006C97F
prefs.js, xrefs: 000000014006E5E2
., xrefs: 0000000140065C70

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .$@$@$cannot use push_back() with $chrome_key$content$directory_iterator::directory_iterator$exists$filename$key$prefs.js$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 0-4287193513
Opcode ID: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
Instruction ID: 76d522da9c60edd065d321252c96f4a617312223c2e0a99c55d01cc88780bd8f
Opcode Fuzzy Hash: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
Instruction Fuzzy Hash: 40C18232200B8586EB62EF26D8843ED63A2F76C7D5F644A11FB9D437A5DB78C941C740

Function 000000014007C600 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000014007F820: GetCurrentProcess.KERNEL32 ref: 000000014007F85B
Part of subcall function 000000014007F820: OpenProcessToken.ADVAPI32 ref: 000000014007F86E
Part of subcall function 000000014007F820: GetTokenInformation.ADVAPI32 ref: 000000014007F8AA
Part of subcall function 000000014007F820: CloseHandle.KERNEL32 ref: 000000014007F8CB

ExitProcess.KERNEL32 ref: 000000014007C647
OpenMutexA.KERNEL32 ref: 000000014007C762
ExitProcess.KERNEL32 ref: 000000014007C772
CreateMutexA.KERNEL32 ref: 000000014007C791
ExitProcess.KERNEL32 ref: 000000014007C7B7

Part of subcall function 000000014007FB60: GetModuleFileNameW.KERNEL32 ref: 000000014007FBAA

Part of subcall function 000000014008A780: CoInitializeEx.OLE32 ref: 000000014008A7EA

Strings

SeImpersonatePrivilege, xrefs: 000000014007C65A
SeDebugPrivilege, xrefs: 000000014007C64E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Process$Exit$MutexOpenToken$CloseCreateCurrentFileHandleInformationInitializeModuleName
String ID: SeDebugPrivilege$SeImpersonatePrivilege
API String ID: 4279366119-3768118664
Opcode ID: 4462d6feb47f1c316c77533b67478dbb75d235f7536fef591c8f19ccc6795d10
Instruction ID: f0f72c2fcd6d8b6b2264c2f1e6e52021c272493f6cdf96abffc9b24865ed5704
Opcode Fuzzy Hash: 4462d6feb47f1c316c77533b67478dbb75d235f7536fef591c8f19ccc6795d10
Instruction Fuzzy Hash: B2619F32618A8481FA62AB66E4523EE63A0FB8D7C0F505615FB8D47AF6DF3CC1418B11

Function 0000000140034B70 Relevance: 15.3, APIs: 3, Strings: 5, Instructions: 1343registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000000014003509B
RegQueryValueExA.ADVAPI32 ref: 00000001400350E9
RegCloseKey.ADVAPI32 ref: 0000000140035186

Strings

content, xrefs: 00000001400355A3, 0000000140035BF6, 0000000140036120
filename, xrefs: 000000014003549A, 0000000140035A28, 0000000140035F59
status, xrefs: 0000000140036403, 0000000140036413
exists, xrefs: 0000000140036398, 00000001400363E3, 000000014003647A
directory_iterator::directory_iterator, xrefs: 0000000140036441

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 3677997916-3429737954
Opcode ID: 2f42ae2f3f48f27be5d8ad1e16057319e2b43efbc152ac4c3cc8695c58fe90fc
Instruction ID: 7b7ad4ccabc59f41d35c00ebb4a54e0cc5e1f704924bbbbd3f86ce4379df2c1a
Opcode Fuzzy Hash: 2f42ae2f3f48f27be5d8ad1e16057319e2b43efbc152ac4c3cc8695c58fe90fc
Instruction Fuzzy Hash: F7E24B72615BC08AEB729F36D8803DD73A5F789798F505216EB9C4BAA9DF74C684C300

Function 0000000140032CA0 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 789
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000000140033022
RegQueryValueExA.ADVAPI32 ref: 000000014003306A
RegCloseKey.ADVAPI32 ref: 00000001400330F7

Strings

content, xrefs: 0000000140033694
filename, xrefs: 0000000140033500
status, xrefs: 00000001400339F9
exists, xrefs: 00000001400339BE
directory_iterator::directory_iterator, xrefs: 00000001400339DD

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 3677997916-3429737954
Opcode ID: 047719536c680ca678c02d025d75591efb264ad9b719b746626f22519f01e07e
Instruction ID: 177c1d7675dde2ac949eba8f41182ce89ac29bc87b60f10449c8d26a9429c7de
Opcode Fuzzy Hash: 047719536c680ca678c02d025d75591efb264ad9b719b746626f22519f01e07e
Instruction Fuzzy Hash: D5824A72611BC48AEB628F3AD8803DE73A1F789798F505216EB9D57BA9DF34C584C340

Function 00000001400A2E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00000001400A2E81

Part of subcall function 00000001400A24E8: _invalid_parameter_noinfo.LIBCMT ref: 00000001400A24FC

Part of subcall function 000000014009D3C8: HeapFree.KERNEL32 ref: 000000014009D3DE
Part of subcall function 000000014009D3C8: GetLastError.KERNEL32 ref: 000000014009D3E8

Part of subcall function 00000001400ABA84: _invalid_parameter_noinfo.LIBCMT ref: 00000001400AB9CF

_get_daylight.LIBCMT ref: 00000001400A2E70

Part of subcall function 00000001400A2548: _invalid_parameter_noinfo.LIBCMT ref: 00000001400A255C

_get_daylight.LIBCMT ref: 00000001400A30E6
_get_daylight.LIBCMT ref: 00000001400A30F7
_get_daylight.LIBCMT ref: 00000001400A3108
GetTimeZoneInformation.KERNEL32 ref: 00000001400A312F

Strings

Eastern Standard Time, xrefs: 00000001400A31D5
Eastern Summer Time, xrefs: 00000001400A31ED

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 355007559-239921721
Opcode ID: 6ff4704e37b1592320c13e659d1f856dd22dc212be1b833c6838491f576543a9
Instruction ID: 33c1b94af872691e134a774f96405fbf90e61f0c3ac2d4846b7876194704bd86
Opcode Fuzzy Hash: 6ff4704e37b1592320c13e659d1f856dd22dc212be1b833c6838491f576543a9
Instruction Fuzzy Hash: 93D1A03271024086EB26EF37D8517E967A1F7ACBD4F448236FF5947AA6DB38C4818B40

Function 0000000140085240 Relevance: 13.9, APIs: 9, Instructions: 408
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 000000014008540B
InternetOpenUrlA.WININET ref: 00000001400854E8
HttpQueryInfoW.WININET ref: 0000000140085549
HttpQueryInfoW.WININET ref: 00000001400855E2
InternetQueryDataAvailable.WININET ref: 0000000140085626
InternetReadFile.WININET ref: 00000001400856E9
InternetQueryDataAvailable.WININET ref: 00000001400857B4
InternetCloseHandle.WININET ref: 000000014008585E
Concurrency::cancel_current_task.LIBCPMT ref: 00000001400858BB

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
String ID:
API String ID: 1475545111-0
Opcode ID: d45eb4bd7206f62bffa6acad081a6514a6c00a70ad61e8ff0e7520e65231e4ab
Instruction ID: eaeee93a036ee1abdefdafc7409104f1436ae897ae3bf0d765108de91cf4717b
Opcode Fuzzy Hash: d45eb4bd7206f62bffa6acad081a6514a6c00a70ad61e8ff0e7520e65231e4ab
Instruction Fuzzy Hash: A3025A33A14B9486EB11DB6AE84039E77A5F7997D8F204215EF9C57BA8EF78C180C700

Function 00000001400C0658 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400C023C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C027D
Part of subcall function 00000001400C023C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C02FB
Part of subcall function 00000001400C023C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C034C

CreateFileW.KERNEL32 ref: 00000001400C075E
CreateFileW.KERNEL32 ref: 00000001400C07AE
GetLastError.KERNEL32 ref: 00000001400C07DE
GetFileType.KERNEL32 ref: 00000001400C07F3
GetLastError.KERNEL32 ref: 00000001400C07FD
CloseHandle.KERNEL32 ref: 00000001400C0830
CloseHandle.KERNEL32 ref: 00000001400C0993
CreateFileW.KERNEL32 ref: 00000001400C09C8
GetLastError.KERNEL32 ref: 00000001400C09D7

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
Instruction ID: 83644b67ebb14751364ddfbcc329ed2d9831cfd477b754813198fa2ff24e4f8c
Opcode Fuzzy Hash: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
Instruction Fuzzy Hash: FBC19B36724B448AEB15DFAAC4907AD3761F78DBE8F015215EF2A9B7A5CB38C056C340

Function 0000000140066350 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

recursive_directory_iterator::recursive_directory_iterator, xrefs: 000000014006A68F, 000000014006A6C9, 000000014006A81F
recursive_directory_iterator::operator++, xrefs: 000000014006A678, 000000014006A745, 000000014006A808
status, xrefs: 000000014006A600, 000000014006A6D9, 000000014006A790, 000000014006A863, 000000014006A885, 000000014006A89B, 000000014006A8BD
exists, xrefs: 000000014006A5DE, 000000014006A6AC, 000000014006A76E, 000000014006A83C
directory_iterator::directory_iterator, xrefs: 000000014006A853, 000000014006A875, 000000014006A8AD
cannot use push_back() with , xrefs: 000000014006A625, 000000014006A6FE, 000000014006A7B5

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 3645842244-1862120484
Opcode ID: 5c2eec5ce3c5e18a1517b933554ac06d86d781d676ee70ff1969b10db2502692
Instruction ID: f21b02361ede85f61df800ca6bf13452383e2cb6baab2eb8982a43a3ae70ec85
Opcode Fuzzy Hash: 5c2eec5ce3c5e18a1517b933554ac06d86d781d676ee70ff1969b10db2502692
Instruction Fuzzy Hash: C7D21172519BC886D6718B1AE88139BB3A1F7DC784F505625EBCC53B69EB7CC294CB00

Function 00000001400320B0 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 684
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000000140032409
RegQueryValueExA.ADVAPI32 ref: 000000014003244E
RegCloseKey.ADVAPI32 ref: 00000001400324F7

Strings

content, xrefs: 0000000140032915
filename, xrefs: 0000000140032787
exists, xrefs: 0000000140032C42
directory_iterator::directory_iterator, xrefs: 0000000140032C64

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename
API String ID: 3677997916-1400943384
Opcode ID: bcb2775aeb65d39d712b70103c4363e456439a456a44b01957763d09fc505e93
Instruction ID: db1664ec86df15eb83f53bf5ceff4b3bbab913ad6086724e2e1923656db5ce1d
Opcode Fuzzy Hash: bcb2775aeb65d39d712b70103c4363e456439a456a44b01957763d09fc505e93
Instruction Fuzzy Hash: F8724A72611BC48AEB228F36D8803DD77A1F789798F509215EB9D5BBA9DF34C684C340

Function 000000014007F020 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 000000014007F261
SetFilePointer.KERNEL32 ref: 000000014007F314
ReadFile.KERNEL32 ref: 000000014007F343

Strings

ios_base::badbit set, xrefs: 000000014007F771, 000000014007F7EF
ios_base::eofbit set, xrefs: 000000014007F784
ios_base::failbit set, xrefs: 000000014007F77D
exists, xrefs: 000000014007F7CA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: File$PointerReadSize
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 404940565-15404121
Opcode ID: 5401f4dc90d6f91d0cc39bf4455227b3dc1d30d89d995d0f88b01cde7763433d
Instruction ID: 0185fc879b9b74ec622a7c15d7a6a3f555fd217371db62066f43d50a43c916a9
Opcode Fuzzy Hash: 5401f4dc90d6f91d0cc39bf4455227b3dc1d30d89d995d0f88b01cde7763433d
Instruction Fuzzy Hash: 67321632614BC489EB21CF35D8807ED37A1F789B88F548226EB4D5BBA9EB74C645D700

Function 00000001400A30B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00000001400A30E6

Part of subcall function 00000001400A2548: _invalid_parameter_noinfo.LIBCMT ref: 00000001400A255C

_get_daylight.LIBCMT ref: 00000001400A30F7

Part of subcall function 00000001400A24E8: _invalid_parameter_noinfo.LIBCMT ref: 00000001400A24FC

_get_daylight.LIBCMT ref: 00000001400A3108

Part of subcall function 00000001400A2518: _invalid_parameter_noinfo.LIBCMT ref: 00000001400A252C

Part of subcall function 000000014009D3C8: HeapFree.KERNEL32 ref: 000000014009D3DE
Part of subcall function 000000014009D3C8: GetLastError.KERNEL32 ref: 000000014009D3E8

GetTimeZoneInformation.KERNEL32 ref: 00000001400A312F

Strings

Eastern Standard Time, xrefs: 00000001400A31D5
Eastern Summer Time, xrefs: 00000001400A31ED

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 12951480f3fe79566017d45e51369301be5158125170c6a9e6aaf334c955a331
Instruction ID: db0e2232302c0215c246f8571b916b6a2febf07c2da0425627d7512260a1f4b0
Opcode Fuzzy Hash: 12951480f3fe79566017d45e51369301be5158125170c6a9e6aaf334c955a331
Instruction Fuzzy Hash: 68514D3261064086F722EF37E8917D96761F79CBC4F44922AFB4D47AB6DB38C5818B40

Function 000000014009918C Relevance: 9.2, APIs: 6, Instructions: 227COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400991AE
_get_daylight.LIBCMT ref: 000000014009920E
_get_daylight.LIBCMT ref: 000000014009921F
_get_daylight.LIBCMT ref: 0000000140099230
_isindst.LIBCMT ref: 0000000140099281
_isindst.LIBCMT ref: 00000001400992D4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
Instruction ID: af26a4f8801793d3ce11611fdac42a3e64f2a46bd35c7c59f6a568dcc363727b
Opcode Fuzzy Hash: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
Instruction Fuzzy Hash: D681C7B27003454BEB598F6AC9417E873A5F75CBC8F449129FB098B7A9EB38D541CB40

Function 0000000140049F80 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 417COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000000014004A134
__std_exception_destroy.LIBVCRUNTIME ref: 000000014004A142
__std_exception_destroy.LIBVCRUNTIME ref: 000000014004A3C5
__std_exception_destroy.LIBVCRUNTIME ref: 000000014004A3D3

Strings

value, xrefs: 000000014004A05A, 000000014004A2F3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 4c461d24a134d7fcdb2b32091cfe97096ba45e227169ece6a23707750ac67e92
Instruction ID: 8abbc166ef407fa0914d6b06b85154435862c1efb651b818f75f1c6fc62bbeaf
Opcode Fuzzy Hash: 4c461d24a134d7fcdb2b32091cfe97096ba45e227169ece6a23707750ac67e92
Instruction Fuzzy Hash: 05028C72A14BC085EB12DB7AD4803ED6761E78A7E4F515222FB9D03AEADF78C185C700

Function 000000014003E610 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000000014003E65A
Process32FirstW.KERNEL32 ref: 000000014003E69C
Process32NextW.KERNEL32 ref: 000000014003E893
CloseHandle.KERNEL32 ref: 000000014003EB0A

Strings

[PID: , xrefs: 000000014003E6DE

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 420147892-2210602247
Opcode ID: 0e82af1208757f197137da172e4f9312332fc31d8380076bd64d812a0839f91c
Instruction ID: bfbc4f987db6bac77f1b81780ed5057e34160ebcb8b68fb86d12c3b761a621f6
Opcode Fuzzy Hash: 0e82af1208757f197137da172e4f9312332fc31d8380076bd64d812a0839f91c
Instruction Fuzzy Hash: 91E16E72614BC085EB22DB26E8943DE67A5F7897E8F504215FB9D07BA9DF38C284C700

Function 0000000140033A30 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 699COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 0000000140034A48, 0000000140034A8C
content, xrefs: 0000000140034749
filename, xrefs: 0000000140034624

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Crypt$AlgorithmProvider$CloseGenerateOpenPropertySymmetric
String ID: content$filename$ios_base::badbit set
API String ID: 4024084497-879919306
Opcode ID: 8d78f716fc37f06c6e943595acf2597b70212c3f3ab9d9a7f80090f8c15574a5
Instruction ID: 9e4da370fed2166d00dd657d5401aba4a3c0c1400cfb0c7979fe3975f04658ca
Opcode Fuzzy Hash: 8d78f716fc37f06c6e943595acf2597b70212c3f3ab9d9a7f80090f8c15574a5
Instruction Fuzzy Hash: A582E132119BC595E6B29B15F8803DAB3A4F7C9780F505226EBCD43BA9EF78C594CB40

Function 000000014008B9B0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000000014008B9FE
OpenProcessToken.ADVAPI32 ref: 000000014008BA11
LookupPrivilegeValueW.ADVAPI32 ref: 000000014008BA32
AdjustTokenPrivileges.ADVAPI32 ref: 000000014008BA78
CloseHandle.KERNEL32 ref: 000000014008BA98

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
Instruction ID: 8e4f8d06d2c4ddfc7e806934d087d01799faa900bb6cc1b317aeea0d8f8b28af
Opcode Fuzzy Hash: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
Instruction Fuzzy Hash: CC214832218B8086E761DB22F45439AB7A4FB8CB90F958125FB8947B68DF7DC5458B40

Function 000000014006D080 Relevance: 6.8, Strings: 5, Instructions: 599COMMON

Download Yara Rule

Strings

status, xrefs: 000000014006DE11, 000000014006DE33, 000000014006DE5B, 000000014006DE83
exists, xrefs: 000000014006F48D
directory_iterator::directory_iterator, xrefs: 000000014006DE23, 000000014006F4A4
cannot use push_back() with , xrefs: 000000014006DDD5
prefs.js, xrefs: 000000014006E5E2

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
API String ID: 0-2713369562
Opcode ID: 58f3467c250bb0f6c0bef35b31c77c330c201b0436998f400ac0d705cf451fd3
Instruction ID: 11a6efe290b92f49e28e44d36ea43a092b01f2eba203cd018676c1bdfd9b7a94
Opcode Fuzzy Hash: 58f3467c250bb0f6c0bef35b31c77c330c201b0436998f400ac0d705cf451fd3
Instruction Fuzzy Hash: 81522872509FC485E6B29B16E8813DAB3A5F7C9784F505626EBCC43B69EF38C594CB00

Function 000000014003CA10 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON

Download Yara Rule

APIs

CredEnumerateA.ADVAPI32 ref: 000000014003CA72
CredFree.ADVAPI32 ref: 000000014003D496

Strings

cannot use push_back() with , xrefs: 000000014003D4E4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 3403564193-4122110429
Opcode ID: 5139c00b53203fa278d57dcd4f4b3a324ffcf4940487076e61e2bf6f56ca11cb
Instruction ID: f7b8f71b35ba7077e24cf974827ed01f7a602007d80a493374c150ca5ffd965d
Opcode Fuzzy Hash: 5139c00b53203fa278d57dcd4f4b3a324ffcf4940487076e61e2bf6f56ca11cb
Instruction Fuzzy Hash: A4625D72614BC489EB22CF26E8803DD7761F789798F505316EBAD57BA9DB38C294C700

Function 00000001400520F6 Relevance: 5.4, Strings: 4, Instructions: 412COMMON

Download Yara Rule

Strings

array, xrefs: 00000001400525C4
object, xrefs: 0000000140052679
object separator, xrefs: 000000014005272E
object key, xrefs: 00000001400527E3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: array$object$object key$object separator
API String ID: 0-2277530871
Opcode ID: ec8482ea04839527abe3763819e647db66915a5b099cfb20b9b643b06030aa2e
Instruction ID: a53f287d769ed6d3f26ec1030317ff740a62c0f7f0ffb82d4d0fc3d693499039
Opcode Fuzzy Hash: ec8482ea04839527abe3763819e647db66915a5b099cfb20b9b643b06030aa2e
Instruction Fuzzy Hash: 9C02D372625A8496EB12EF76D8403ED2321FB9A7C4F816212FB4D57ABADF74C244C304

Function 00000001400876A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00000001400879D0

Strings

[UTC, xrefs: 00000001400879A3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: [UTC
API String ID: 565725191-1715286942
Opcode ID: 69f4163a387a64d30980e57af93b300bb1dd5483a82c179968bd749bb4137c3c
Instruction ID: 52f665e2fd4094696151a96eee92445b588682f36c98eb811415d14b9ef7eede
Opcode Fuzzy Hash: 69f4163a387a64d30980e57af93b300bb1dd5483a82c179968bd749bb4137c3c
Instruction Fuzzy Hash: 06B13B32614BC88AD7718F2AE84139AB7A5F78D788F105315EBCC57B69EB78C250CB44

Function 000000014007C8E0 Relevance: 3.4, APIs: 2, Instructions: 391COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014007C943
ShellExecuteW.SHELL32 ref: 000000014007CF8A

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ExecuteFileModuleNameShell
String ID:
API String ID: 1703432166-0
Opcode ID: 60b1f62d59b8a20d10f2c1a5da5911e6dfa0993e513cfb85b4663726619883a8
Instruction ID: 5fd44ca7600df07536896c6d8f236d3cf04f38ac0af448961f63f8dd7fa29135
Opcode Fuzzy Hash: 60b1f62d59b8a20d10f2c1a5da5911e6dfa0993e513cfb85b4663726619883a8
Instruction Fuzzy Hash: 60120772625FC48ADB518F2AE88079EB3A5F788794F506215FF9D57B68EB38C150C700

Function 0000000140077BA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0000000140077BF8
LocalFree.KERNEL32 ref: 0000000140077C8A

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
Instruction ID: 4296086251868e59c58a0d25c4c96546d3d1b8368fdcc8e5a20c42b548a3eb4e
Opcode Fuzzy Hash: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
Instruction Fuzzy Hash: 8D414232614B80CAE3229F35E4407ED37A4F75978CF484229BB8C07E9ADB79C6A4C754

Function 00000001400873F0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 0000000140087461

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: a2c0b518ff976965a78bb2ac48e525d95efc5b07f2ad389012d5fbfb45ca8168
Instruction ID: f2cab6ee8911013723ff3d4b8f532fa1eef750fceda41a605a97ef7ce25926e1
Opcode Fuzzy Hash: a2c0b518ff976965a78bb2ac48e525d95efc5b07f2ad389012d5fbfb45ca8168
Instruction Fuzzy Hash: E1519C33A18B8082E711CF2AE48039EB7B5F789798F505215EB9C13AB9DB78D591DB40

Function 0000000140086150 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 0000000140086195

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
Instruction ID: 6386a9c63b89e62e1e7c53e5db0f7fdfe8938b55c0afa06648929fea26598edc
Opcode Fuzzy Hash: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
Instruction Fuzzy Hash: 67011E3251878086EB62DF26E85539AA3A4F79C788F541215FB8D43659DBBCC1948B40

Function 0000000140086860 Relevance: 1.5, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

cores, xrefs: 0000000140086ABE

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: cores
API String ID: 0-2370456839
Opcode ID: 3f3678e45b3898f2187be641d5439e4f37b50549b1948a29d8e20d71b0b149ad
Instruction ID: d3262c633b295208c5961c06593242e7b47d8fd585a162be60b5762b3157baba
Opcode Fuzzy Hash: 3f3678e45b3898f2187be641d5439e4f37b50549b1948a29d8e20d71b0b149ad
Instruction Fuzzy Hash: E2C1DEB3E14B808AEB11CB79D4403ED7761F39D7A8F105715EBA817AAADB78C285C740

Function 000000014008D050 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

\u%04x, xrefs: 000000014008D242

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: \u%04x
API String ID: 0-2916071157
Opcode ID: 2764dba0f84da04d7b54bcc964d0cd32bf37b2397344f3073766bb7b0663e68a
Instruction ID: 2d8851c51790dd1c3718914d1aafb06cbace47ee840a32990fd9a175e8b29b8b
Opcode Fuzzy Hash: 2764dba0f84da04d7b54bcc964d0cd32bf37b2397344f3073766bb7b0663e68a
Instruction Fuzzy Hash: 4181EF33204A9492EA56DB66E550BEE7761F799BC0F848622EF4E43BA5DF38C615C300

Function 000000014008C5CB Relevance: 1.5, Strings: 1, Instructions: 206COMMON

Download Yara Rule

Strings

": , xrefs: 000000014008C6B1, 000000014008C75E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ":
API String ID: 0-3662656813
Opcode ID: 057b35939bb715e8c3fccde18bf4a01ede3a255fa1bc5061a8c29ebb9342f7ef
Instruction ID: d32eb5bd7aa32db0d383c6563baefba3b4bb722cd0727c790415934f3a3ba72c
Opcode Fuzzy Hash: 057b35939bb715e8c3fccde18bf4a01ede3a255fa1bc5061a8c29ebb9342f7ef
Instruction Fuzzy Hash: 1C910176304A8581EB219F2AE194B9E77B1F789FC8F459002DB9E0BB65CF39C559CB00

Function 0000000140045310 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 0000000140045399

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 0-1713319389
Opcode ID: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
Instruction ID: 014310bfbc4a3b67612d0ff5db8dcfc52a4721cd440e8a7597f65d7e1b9a6290
Opcode Fuzzy Hash: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
Instruction Fuzzy Hash: 0041B2736196E04AD702CB3A84113BD7FB2E36AB89F1D8162E7D48B757D62DC216CB10

Function 000000014003ECB0 Relevance: .7, Instructions: 715COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6142c3a6c4ae16ee417f2af840fc68e3a2e83560dc6afe03ebea73603cf55eb0
Instruction ID: 48bad8dc5ae2a98fb94f6420d9c53863b15f7aea20f291205fb5ec39bd34d449
Opcode Fuzzy Hash: 6142c3a6c4ae16ee417f2af840fc68e3a2e83560dc6afe03ebea73603cf55eb0
Instruction Fuzzy Hash: 2D722A72615BC489EB228B6AE8803DE73A1F78D798F504315EF9C57BA9DB78C244C704

Function 000000014002F730 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de1751bd22699c390f73d6abcb2bdd65da6553f1b2d4bf020b6884e42331c327
Instruction ID: 09b45337b1f777d5d18b9b6a60bb218e0a3e2faf57d77cfaa0b1546ae7cfb2e5
Opcode Fuzzy Hash: de1751bd22699c390f73d6abcb2bdd65da6553f1b2d4bf020b6884e42331c327
Instruction Fuzzy Hash: D6F15F72A15B888AEB218B6AE44139D77A1F78C7D8F104315FFDC57B99EB78C1908B00

Function 0000000140030450 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03faf033b6162cbdd58f3e5cf208db2388564e81010f4529c9c924d99cf7a5ef
Instruction ID: be49e157e2d86195976c6eff1131ce5322fd73392ca890e3637407cd31db1fd4
Opcode Fuzzy Hash: 03faf033b6162cbdd58f3e5cf208db2388564e81010f4529c9c924d99cf7a5ef
Instruction Fuzzy Hash: CFF14F72A05F888AEB218B69E44139E77A4F78C798F104315EFDC57B99EF38C1908B40

Function 000000014002FE20 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97b00e508826b55bb41265fb4bd94c519504e2aa57b54150d10ae3e02791e60b
Instruction ID: 99921ffeac1e544745e1f80987790f99c38e85693d9ba4107b4788d85d03955b
Opcode Fuzzy Hash: 97b00e508826b55bb41265fb4bd94c519504e2aa57b54150d10ae3e02791e60b
Instruction Fuzzy Hash: 81F15F72605F888AEB618B6AE44139E77A4F38C798F104315FFDC57B99EB78C1908B40

Function 0000000140031B90 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e6eefaba2450d8090a1b538810a258bd50e179f31b9d8fbdc1bf1b96e84a97b
Instruction ID: 6e5b374be89616aabab1282ed81929e9f4660f4cd366e2351babe77a13f61e33
Opcode Fuzzy Hash: 5e6eefaba2450d8090a1b538810a258bd50e179f31b9d8fbdc1bf1b96e84a97b
Instruction Fuzzy Hash: 83D17932B14B8089F712CBB5D4403ED37B2E79D78CF115619AF8C27AAADB348595C384

Function 000000014007EBF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000014007E970: InitializeCriticalSectionEx.KERNEL32 ref: 000000014007E9C1
Part of subcall function 000000014007E970: GetLastError.KERNEL32 ref: 000000014007E9CB

EnterCriticalSection.KERNEL32 ref: 000000014007EC31
GdiplusStartup.GDIPLUS ref: 000000014007EC58
LeaveCriticalSection.KERNEL32 ref: 000000014007EC66
LeaveCriticalSection.KERNEL32 ref: 000000014007EC94
GdipGetImageEncodersSize.GDIPLUS ref: 000000014007ECA2
GdipGetImageEncoders.GDIPLUS ref: 000000014007ED36
GdipCreateBitmapFromScan0.GDIPLUS ref: 000000014007EE00
GdipSaveImageToStream.GDIPLUS ref: 000000014007EE1E
GdipDisposeImage.GDIPLUS ref: 000000014007EE83
GdipDisposeImage.GDIPLUS ref: 000000014007EE97

Strings

&, xrefs: 000000014007EDFA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: b85d50a5cabfa6eb603eba9611f05f7ae6643928b7f11ca356d1fb5ea7c17443
Instruction ID: 9446b29d12abf54a495bb638b8da28d63bd82c1a12ea6a5149bd686255382b5b
Opcode Fuzzy Hash: b85d50a5cabfa6eb603eba9611f05f7ae6643928b7f11ca356d1fb5ea7c17443
Instruction Fuzzy Hash: 6A916D32201B809AEB22DF22E8407D8B7A4F75DBD8F558615FF0947BA4DB38C996C340

Function 000000014007FCA0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 226
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400858D0: GetUserGeoID.KERNEL32 ref: 00000001400858F7
Part of subcall function 00000001400858D0: GetGeoInfoA.KERNEL32 ref: 0000000140085911
Part of subcall function 00000001400858D0: GetGeoInfoA.KERNEL32 ref: 0000000140085961

WSAStartup.WS2_32 ref: 000000014007FDBE
socket.WS2_32 ref: 000000014007FDDB
htons.WS2_32 ref: 000000014007FE00
inet_pton.WS2_32 ref: 000000014007FE42
connect.WS2_32 ref: 000000014007FE5C
closesocket.WS2_32 ref: 000000014007FE7B
WSACleanup.WS2_32 ref: 000000014007FE81

Strings

system, xrefs: 000000014007FD2A
geo, xrefs: 000000014007FD6B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 213021568-2364779556
Opcode ID: ae60b0453fc82999afe1fd195b8381e60b13eafe72741ab1c94917663297b685
Instruction ID: 9c75b22fce348295d9d2264736fad7ad7c0564d1dc12daef42ebe48eef3612a5
Opcode Fuzzy Hash: ae60b0453fc82999afe1fd195b8381e60b13eafe72741ab1c94917663297b685
Instruction Fuzzy Hash: 87B16B72B11A4089FB02DB76D4503EC33B2AB9DBA8F415626EB59176F9DE38C54AC340

Function 00000001400A092C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400A0D59

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8d4d1184268d38eb40f1b2f8de77a3be335aedca5c603a4bb4196d88dea7cd4c
Instruction ID: 1587d5abd9b319571573c48e8f8a5ca4e906ccd50f109f1cac320b02b794b413
Opcode Fuzzy Hash: 8d4d1184268d38eb40f1b2f8de77a3be335aedca5c603a4bb4196d88dea7cd4c
Instruction Fuzzy Hash: A1C1F03221478982F7639B1794403EE7BA4F7A9BD4F564211FB4A077B2CB79C885CB11

Function 000000014007EA50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 000000014007EA93
EnterCriticalSection.KERNEL32 ref: 000000014007EAA5
EnterCriticalSection.KERNEL32 ref: 000000014007EAB5
GdiplusShutdown.GDIPLUS ref: 000000014007EAC3
LeaveCriticalSection.KERNEL32 ref: 000000014007EAD0
LeaveCriticalSection.KERNEL32 ref: 000000014007EADA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: d9c89a0b3337f62daede38d05eb99e3a5ef1a2740972e772024fc1afe76f85a6
Instruction ID: 3889bee155bcca462bb7bd3a3e3ed75a854d6cba6fbbfda9a72b78dda44c9e20
Opcode Fuzzy Hash: d9c89a0b3337f62daede38d05eb99e3a5ef1a2740972e772024fc1afe76f85a6
Instruction Fuzzy Hash: 8511E632112B9081EB11AF26E85439D73A4FB4CFAAF684615AB6D076B4DF38C897C350

Function 0000000140084A30 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 0000000140084C0C
recv.WS2_32 ref: 00000001400850EC
closesocket.WS2_32 ref: 00000001400850FE
WSACleanup.WS2_32 ref: 0000000140085104

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: recv$Cleanupclosesocket
String ID:
API String ID: 146070474-0
Opcode ID: 8add9898a441e0d57352725189efd24f596437ada069bcf16e314780ad4c7e61
Instruction ID: b7fc1ca92b6d2f99495cefddca60008a77a9a95e78e48f0282b46bd6d156afcd
Opcode Fuzzy Hash: 8add9898a441e0d57352725189efd24f596437ada069bcf16e314780ad4c7e61
Instruction Fuzzy Hash: E9126E73618BC081EA229B16E4543DEA761F79D7E0F504612FBAD47AEADF78C584CB00

Function 000000014007F820 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000000014007F85B
OpenProcessToken.ADVAPI32 ref: 000000014007F86E
GetTokenInformation.ADVAPI32 ref: 000000014007F8AA
CloseHandle.KERNEL32 ref: 000000014007F8CB

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
Instruction ID: 4ac3f93d2f4e81bd50ee8aef4ea7470c81fa649bc502074349a2660f854164c1
Opcode Fuzzy Hash: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
Instruction Fuzzy Hash: 8911FB32618B8082E7519F16F85039AB7A0FB89B81F549125FB9987B68CF3CC455CB40

Function 0000000140086460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.ADVAPI32 ref: 00000001400864C9

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00000001400864BB
ProductName, xrefs: 00000001400864B4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Value
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-1787575317
Opcode ID: f042c0d23dc3af084ebd72cc80a6e2ef51df9749b54f9fe3e781799715c847bb
Instruction ID: 2c61a57f23ef47ca6cbf34886736e79b47f019dce9ee5dfbd1e28dea51a58d66
Opcode Fuzzy Hash: f042c0d23dc3af084ebd72cc80a6e2ef51df9749b54f9fe3e781799715c847bb
Instruction Fuzzy Hash: E1115B32208B8082EB62CF22F45139AB3A4F79DB88F514215EB9C47B69DFBCC155CB40

Function 0000000140084DB7 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00000001400850EC
closesocket.WS2_32 ref: 00000001400850FE
WSACleanup.WS2_32 ref: 0000000140085104

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Cleanupclosesocketrecv
String ID:
API String ID: 3447645871-0
Opcode ID: 3248a0b65a0aff90a764c3bcdd10502ccd8fc1f849cb315f7dc6aaaf0615aee2
Instruction ID: cb60bd7d26e5350eac542e6f3d6f885aee2211e900085dc02027b0c1c4bc917e
Opcode Fuzzy Hash: 3248a0b65a0aff90a764c3bcdd10502ccd8fc1f849cb315f7dc6aaaf0615aee2
Instruction Fuzzy Hash: 8A917E73A14BC081EA229B26E4543DE6761F79E7E1F505311EBAD07AFADF78C5808740

Function 0000000140087151 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000000140087169
RegEnumKeyExA.ADVAPI32 ref: 00000001400871AE
RegCloseKey.ADVAPI32 ref: 00000001400873A4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseEnumOpen
String ID:
API String ID: 1332880857-0
Opcode ID: 76a734b408ced45406de97eaeb9e62546fddf2c66dd7666b1a2c9ba69c80f19e
Instruction ID: 4eb1fa3da8fed86ec807e8835bf4fdbc3ecb00f2d9d20f4819ab5aef128a13a5
Opcode Fuzzy Hash: 76a734b408ced45406de97eaeb9e62546fddf2c66dd7666b1a2c9ba69c80f19e
Instruction Fuzzy Hash: 75717A73A04B8486EB21CB66E48479E6760F7897E8F204215FFAD17AE9DB78C1C1D700

Function 00000001400870E0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000000140087169
RegEnumKeyExA.ADVAPI32 ref: 00000001400871AE

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
Instruction ID: b10b6130942ee25d8504e7b0700fe5892cfaace6609e80b330833a4265116e58
Opcode Fuzzy Hash: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
Instruction Fuzzy Hash: 37318D32610B8486FB21CFA6E854B9E77A4F7887D8F204215EF9917B68DF78C596C700

Function 00000001400AE244 Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00000001400AE25D
FreeEnvironmentStringsW.KERNEL32 ref: 00000001400AE2CF

Part of subcall function 000000014009E8BC: HeapAlloc.KERNEL32 ref: 000000014009E8FA

FreeEnvironmentStringsW.KERNEL32 ref: 00000001400AE32E

Part of subcall function 000000014009D3C8: HeapFree.KERNEL32 ref: 000000014009D3DE
Part of subcall function 000000014009D3C8: GetLastError.KERNEL32 ref: 000000014009D3E8

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: EnvironmentFreeStrings$Heap$AllocErrorLast
String ID:
API String ID: 3331406755-0
Opcode ID: 1d0bf75b071093d12094f7dee8fd8af945b062a2b8fd277503c0f7ab36c504b9
Instruction ID: 392a091e3126f8e5ed8c60e893e2d7c8a8a3d4fb083367ce5d28b5cc6b9ee0a2
Opcode Fuzzy Hash: 1d0bf75b071093d12094f7dee8fd8af945b062a2b8fd277503c0f7ab36c504b9
Instruction Fuzzy Hash: A631B43121479081EE26AF2764413EE76A4F79CBD4F485319FB9A57BE5DF38C5818700

Function 0000000140086E1B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 0000000140086E37
RegQueryValueExA.ADVAPI32 ref: 0000000140086E76
RegCloseKey.ADVAPI32 ref: 0000000140086F14

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 31d64aad2c838fd9b933cb651b515ab7b0d1113c13a780b84637136f07e831a2
Instruction ID: b17e2a14e5b4f09d81850b6fce2c63a595a4a8a1644ce2fa634cb054cfa3d14a
Opcode Fuzzy Hash: 31d64aad2c838fd9b933cb651b515ab7b0d1113c13a780b84637136f07e831a2
Instruction Fuzzy Hash: 9821A073614B8481EA619B26F49039EA760FBD97D4F505222FB8D43AA9DE3CC184CB00

Function 00000001400858D0 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 00000001400858F7
GetGeoInfoA.KERNEL32 ref: 0000000140085911
GetGeoInfoA.KERNEL32 ref: 0000000140085961

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
Instruction ID: 0d4333e7acfcd10664b751b764566d9c33a0389198715772ff2fcd180fd2e377
Opcode Fuzzy Hash: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
Instruction Fuzzy Hash: 36119D3261878182D7119F62E41075EB3A2FB84BC8F455125EF8503B69DF7CD5908B44

Function 00000001400A4F60 Relevance: 4.5, APIs: 3, Instructions: 15COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00000001400A4F71
TerminateProcess.KERNEL32 ref: 00000001400A4F7C
ExitProcess.KERNEL32 ref: 00000001400A4F8B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 3909df8ddc6717e2b276abcc8b7868d121cee5230461283d2778d4ce90183b93
Instruction ID: e805d3ee5994ab50d8ddfbed6d232eb1317883b916c6c6f4e9f617acb090b269
Opcode Fuzzy Hash: 3909df8ddc6717e2b276abcc8b7868d121cee5230461283d2778d4ce90183b93
Instruction Fuzzy Hash: CBD06C383007049AEB1A7B7258953AC12656BAD782F902938AA02077A3CD39C88A4A50

Function 0000000140041EB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014004209C

Strings

, xrefs: 0000000140041F33

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-3916222277
Opcode ID: 97cec123c8346849d4184d8998ea2100f4717973dead3215a377ca64f46489bd
Instruction ID: 41a150dcf48049a776dd81e3d5e3e1f932dfb0020c84a720df1c1764346652b8
Opcode Fuzzy Hash: 97cec123c8346849d4184d8998ea2100f4717973dead3215a377ca64f46489bd
Instruction Fuzzy Hash: BD516772304B4496EB168F2AD49439C73A0F788BD4F954622EF5D43BA5CF79D4A6C304

Function 0000000140086C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 0000000140086CAC

Strings

Unknown, xrefs: 0000000140086D66

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 210509c86dc14f1746e209744feb747bbd9b4430ef7c40ef9d92e801094aae68
Instruction ID: c76697db59c69994c391a94429b1edd31b5dec6b5dd5d2aab9107e630269dd8f
Opcode Fuzzy Hash: 210509c86dc14f1746e209744feb747bbd9b4430ef7c40ef9d92e801094aae68
Instruction Fuzzy Hash: 7C31AD33628BC086E712CF22E5507DAA760F799B84F546215FBC907A6ADB7CC695CB00

Function 0000000140048560 Relevance: 3.2, APIs: 2, Instructions: 192COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00000001400486A0
Concurrency::cancel_current_task.LIBCPMT ref: 000000014004879F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0cbc12d84685bf8e214339f5dbce44343e83f3b68aedd7f3af7637bb9f21f461
Instruction ID: e93fd745ff60857ba182d59ca98009fa74ac710b246677c65970d569aa4b7534
Opcode Fuzzy Hash: 0cbc12d84685bf8e214339f5dbce44343e83f3b68aedd7f3af7637bb9f21f461
Instruction Fuzzy Hash: BB51A472305B8485FE76AB13A5043DD6255A70CBE4F594A35FF6D0BBE6DE38C4928304

Function 000000014007EED0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 000000014007EF29
CoTaskMemFree.OLE32 ref: 000000014007EFEA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: FolderFreeKnownPathTask
String ID:
API String ID: 969438705-0
Opcode ID: daa1c77eb9c32dbef3806c5310397fa48e45922fdca00e36b5d5352303e1a512
Instruction ID: f6580426b43ef9dac714e4dfbf3249b6456b6a25bef7ae8d87fb4185b3c8d812
Opcode Fuzzy Hash: daa1c77eb9c32dbef3806c5310397fa48e45922fdca00e36b5d5352303e1a512
Instruction Fuzzy Hash: EE313272A14B8481E621CF26E44135EB761F79D7F4F645315FBAC03AA5DB7CC1818B40

Function 0000000140094648 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000014009466F

Part of subcall function 0000000140094604: _invalid_parameter_noinfo.LIBCMT ref: 000000014009461B

_invalid_parameter_noinfo.LIBCMT ref: 0000000140094723

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
Instruction ID: 32101a8edefa4219d4514f40ed930cbc4104b78895ab28f0dc7b75847b3e3112
Opcode Fuzzy Hash: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
Instruction Fuzzy Hash: 3431BD72215A4882EF62DB56E450BE963A1A79EBD4F960111F74A473F2EB38C101C700

Function 000000014007D510 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000000014007D561
RegCloseKey.ADVAPI32 ref: 000000014007D573

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
Instruction ID: 743a173df9f0781bb695bac75db67ed2816ca8ec26105740734809d53537134b
Opcode Fuzzy Hash: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
Instruction Fuzzy Hash: EB21A132714A8486FE519B27E8507DAB760EB9CBD8F585222FB4D47BA9DE3CC481C700

Function 000000014007C7CC Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014003E610: CreateToolhelp32Snapshot.KERNEL32 ref: 000000014003E65A
Part of subcall function 000000014003E610: Process32FirstW.KERNEL32 ref: 000000014003E69C

Part of subcall function 000000014003CA10: CredEnumerateA.ADVAPI32 ref: 000000014003CA72

Part of subcall function 0000000140084A30: recv.WS2_32 ref: 0000000140084C0C

ReleaseMutex.KERNEL32 ref: 000000014007C83B
CloseHandle.KERNEL32 ref: 000000014007C844

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: e119574a8350e80824f1908ecab5050ba2ff655f906829c2af116f0ec1c7f7ee
Instruction ID: 2a0b99272c1cb31f626003b2a647813df244ca7e61e09a724ce0a10173a214b2
Opcode Fuzzy Hash: e119574a8350e80824f1908ecab5050ba2ff655f906829c2af116f0ec1c7f7ee
Instruction Fuzzy Hash: F021C13262468441FAA3B7B7A4177EE6340AF8D7D0F145A15FB9A076F39E3CC0819623

Function 00000001400AEFC8 Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

_set_fmode.LIBCMT ref: 00000001400AEFDF
_RTC_Initialize.LIBCMT ref: 00000001400AF000

Part of subcall function 00000001400BDB08: _invalid_parameter_noinfo.LIBCMT ref: 00000001400BDB3A

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Initialize_invalid_parameter_noinfo_set_fmode
String ID:
API String ID: 3548387204-0
Opcode ID: d990e7904117e8ad445fc8e6d111c2d0f5dc5b035b4e5bb7541dde9c55fd2088
Instruction ID: 3009dc0a6449ae58dd4e5a0a9175f97cc059db256728bd5b9e655376b8b95940
Opcode Fuzzy Hash: d990e7904117e8ad445fc8e6d111c2d0f5dc5b035b4e5bb7541dde9c55fd2088
Instruction Fuzzy Hash: C511F03461014101FE1B7BF3544A7FE22904FBC3C4F441A28BB498B2F3EE7898C1AA62

Function 000000014007C7FD Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140084A30: recv.WS2_32 ref: 0000000140084C0C

ReleaseMutex.KERNEL32 ref: 000000014007C83B
CloseHandle.KERNEL32 ref: 000000014007C844

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseHandleMutexReleaserecv
String ID:
API String ID: 2659716615-0
Opcode ID: 21e0ccb00e2d10dd713e5994f8d9781204bd592773a19dba3220b3e742766e7a
Instruction ID: 03bd4b0dcebcc20fb26472061f81d4572397620754050c7a24bde8720ed44ff3
Opcode Fuzzy Hash: 21e0ccb00e2d10dd713e5994f8d9781204bd592773a19dba3220b3e742766e7a
Instruction Fuzzy Hash: 63110432A146C042FAA3B777A4167EE1350AF8D7D0F045615FB99076F79F3CC0818612

Function 00000001400A0E9C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 00000001400A0EE8
GetLastError.KERNEL32 ref: 00000001400A0EF2

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
Instruction ID: 5e2eb42aa467ccbe49ae57b1676c20c6150fa8cb973f64d98be1cd83441f6eb1
Opcode Fuzzy Hash: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
Instruction Fuzzy Hash: 61119E72214B8482DA21DB26A404399A3A1E758BF4F584321FF791BBE9CF78C4918B40

Function 000000014007C829 Relevance: 3.0, APIs: 2, Instructions: 37synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32 ref: 000000014007C83B
CloseHandle.KERNEL32 ref: 000000014007C844

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseHandleMutexRelease
String ID:
API String ID: 4207627910-0
Opcode ID: 0955192adf33f42df39dae5572b530312d09e9172f489c69063b04ae91b873e1
Instruction ID: b5f5a445ac3f3f3cd162fb05668d1ff4f604e9da58fe67b9f55eb7dea8a957fd
Opcode Fuzzy Hash: 0955192adf33f42df39dae5572b530312d09e9172f489c69063b04ae91b873e1
Instruction Fuzzy Hash: 76017172A106C042FEA6A72AA4153D96350AB8D7D1F545315BBA9476F6DF3CC0818611

Function 00000001400AE888 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00000001400AE8B8

Part of subcall function 00000001400AF8DC: std::bad_alloc::bad_alloc.LIBCMT ref: 00000001400AF8E5

Concurrency::cancel_current_task.LIBCPMT ref: 00000001400AE8BE

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
Instruction ID: 69ec061bac81c01873d89cb0c3132a81b38bc9c219e0f41160fcd813fe823014
Opcode Fuzzy Hash: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
Instruction Fuzzy Hash: 97E04260A1228959FD6A26A715163F911840B6D7F0F2C1B24BF794B2E3AE3889D58A50

Function 000000014009D3C8 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000000014009D3DE
GetLastError.KERNEL32 ref: 000000014009D3E8

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
Instruction ID: 4fb8939859dd21c30d764fca774206093a9adc15e80cf677a28c9fe662fd02f8
Opcode Fuzzy Hash: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
Instruction Fuzzy Hash: 34E01275B0260492FF1A67F398453E922916F9C7C2F4484246B05932B2ED3485958210

Function 000000014008F150 Relevance: 1.7, APIs: 1, Instructions: 189COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014008F3A0

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 9f69786d5a460bd10a7ebb6aefb8860d3e8c2c6fdcd2507370922641760e25d3
Instruction ID: 13db419113c6498c631838fdc6ddb0dd70937527e49e167ce5f06a1b8afcd3c4
Opcode Fuzzy Hash: 9f69786d5a460bd10a7ebb6aefb8860d3e8c2c6fdcd2507370922641760e25d3
Instruction Fuzzy Hash: F8618977300A8485EA169E26D1543BD27A1F318FD8F548611EF6E0B7E9DB38CA96E300

Function 000000014002E2A0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 000000014002E3D3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: 40ed821be508f8261c00edde567c3cb7f439a048a1e6db746762783735ffa18f
Instruction ID: c67aaed08eec3102ff5c9633327f6eea2b26d53348b9d0748cf96172b5992161
Opcode Fuzzy Hash: 40ed821be508f8261c00edde567c3cb7f439a048a1e6db746762783735ffa18f
Instruction Fuzzy Hash: 02619272B50A8086FB12DF6AD4903ED23A1E75C7E8F404629FF2957BE5EE34C9958340

Function 0000000140048E80 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000000140049015

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0258579371ac84c030b687d8f3e9e53793be201047a4711ff45b69c63e3a0462
Instruction ID: 0e68d78e60faff21098140196ff033a2ffaaea4e00a4f5682bb80e4d4b41ae0d
Opcode Fuzzy Hash: 0258579371ac84c030b687d8f3e9e53793be201047a4711ff45b69c63e3a0462
Instruction Fuzzy Hash: 9841AC72304B8485EA229F12A1043DEA262B74DBD4F580A35FFAD0B7AADE39C4858304

Function 0000000140059FB0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014005A157

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 475dc834707bf9b69a2ed6ca5fbd2d93d1c4a33ad04622696f275e0343da7bf5
Instruction ID: 8ad1302b10b5acce4aa3e19f4b665ff3ecb338c093a195a91599cca128cde541
Opcode Fuzzy Hash: 475dc834707bf9b69a2ed6ca5fbd2d93d1c4a33ad04622696f275e0343da7bf5
Instruction Fuzzy Hash: 09418E76215B8481DA2ACB66E5443AEB3A1F74DBD0F548625BFAD03BA5DF3DC081C700

Function 0000000140049030 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00000001400491AC

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: b06bf60d8942ac0ae74babd23b73743ac7a4ad5b3f4cb2543b6c0d650ae8d781
Instruction ID: 2922c6a58d100b8567e20699b5a529503332b7a2c0142c3a3a15086411293361
Opcode Fuzzy Hash: b06bf60d8942ac0ae74babd23b73743ac7a4ad5b3f4cb2543b6c0d650ae8d781
Instruction Fuzzy Hash: AF41C27230578585EE26EB17A5083D9A251A34CBD4F544635BF6D0BBEADE38C582C308

Function 0000000140044600 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000000140044751

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 4ce40286f8a82187cbf7b249125b8b0654a91aa63af007f30e70285513720961
Instruction ID: 5efaee97d33e2a13fb32646ab95501abf4c72ec9c3bcc73401235e526073e405
Opcode Fuzzy Hash: 4ce40286f8a82187cbf7b249125b8b0654a91aa63af007f30e70285513720961
Instruction Fuzzy Hash: 9931E172701A9444FF16AB17E5403E92281A70AFE9F564631AF2D07BE6EE78C4828348

Function 000000014009D8C8 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000014009D8F0

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 506399ceb7efd258d9ee9312528a7fb0108d3bcc24f039aa6e7519c78468f3b6
Instruction ID: 970956ea101780b6a44bc08ac7971c10be475c9fcb23d85d0426192894f7542c
Opcode Fuzzy Hash: 506399ceb7efd258d9ee9312528a7fb0108d3bcc24f039aa6e7519c78468f3b6
Instruction Fuzzy Hash: 4D41AE3224474487EB76DB1EE5413EA73A0E76ABD4F140206EB9A876A1DB39D402CB91

Function 0000000140048D10 Relevance: 1.6, APIs: 1, Instructions: 109COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000000140048E6B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 5181ff7c5b0a20993f7b1f1c64d4329c6f17784107f59b165e945c5c85f77bf9
Instruction ID: 2fe0f6833032918ed672ed661f9a947b9c0af5482e27d8a0f5cd47c8c693ff77
Opcode Fuzzy Hash: 5181ff7c5b0a20993f7b1f1c64d4329c6f17784107f59b165e945c5c85f77bf9
Instruction Fuzzy Hash: A331D27270578095EE269B27A5443DDA395E718BD4F590A35BF6D0BBE6DE38C081C304

Function 0000000140086290 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32 ref: 0000000140086320

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: a77330b9d3d28eaf5942ae84d249442bd6e73fc84a9d3134a5be4133fa6d5067
Instruction ID: d97b727fb9ae17560e619a07645ce3e94e9be86b671885bbfcad117fd56d4268
Opcode Fuzzy Hash: a77330b9d3d28eaf5942ae84d249442bd6e73fc84a9d3134a5be4133fa6d5067
Instruction Fuzzy Hash: 53517C33A14B808AE712CF79D4403DE77A0F799788F505611EB9C53AA9DF78C684CB40

Function 000000014004EC90 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014004EDE3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 48bc597ffaaf7a6948b0a23c2ecc8a39b12294b34e21cf7bc2d5facaa27dc07b
Instruction ID: 711ccb48b434734116a21fbd87490d67915be2623cf57093a34d321b6c17f89b
Opcode Fuzzy Hash: 48bc597ffaaf7a6948b0a23c2ecc8a39b12294b34e21cf7bc2d5facaa27dc07b
Instruction Fuzzy Hash: AE316E71B01B8485EE269B17D6043E9A355A74CBF0F994B31BB7D0B7E9DE78C4818308

Function 00000001400429B0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000000140042AB8

Part of subcall function 000000014002B820: __std_exception_copy.LIBVCRUNTIME ref: 000000014002B868

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task__std_exception_copy
String ID:
API String ID: 317858897-0
Opcode ID: 6049d514389b2d53e4139fc56efaf05ab899489269bfb5c352801ce2b5228899
Instruction ID: e0c424e73107c798dbe20568d75892bd8762e32d7f1318d59332ad997fcd64de
Opcode Fuzzy Hash: 6049d514389b2d53e4139fc56efaf05ab899489269bfb5c352801ce2b5228899
Instruction Fuzzy Hash: 3D21D732701B4042EE2AEB16E5403E96290E758BE4F654731AF7C07BE5EE78C4E2C345

Function 00000001400A080C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400A0892

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
Instruction ID: eadfb93546a9950693f2aa7559f4ccf8f1f0c25cf7c605596cfe9b5c909f97bf
Opcode Fuzzy Hash: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
Instruction Fuzzy Hash: D1316B3261065886F753AB6798413ED2B90B7ACFE5F920305BB99073F2DB7CC4818B55

Function 00000001400A4E91 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000001400A4EBF

Part of subcall function 00000001400A4FB8: GetModuleHandleExW.KERNEL32 ref: 00000001400A4FDD
Part of subcall function 00000001400A4FB8: GetProcAddress.KERNEL32 ref: 00000001400A4FF3
Part of subcall function 00000001400A4FB8: FreeLibrary.KERNEL32 ref: 00000001400A501A

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
Instruction ID: 0e4b959f2545b9961c939cfac364bfd3be1b5b2320958e1345833199399ed5d7
Opcode Fuzzy Hash: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
Instruction Fuzzy Hash: BD217A36A006408EEB268F65C4403EC37A0E3D875DF54173AE72947EEAEB34C485CB40

Function 00000001400BE200 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400BE15D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
Instruction ID: 824ad48f941a611458d9d107f1ba3892ee12638fd4db84a9ea3f894c29f76267
Opcode Fuzzy Hash: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
Instruction Fuzzy Hash: 03116632215A8081EB629F97D4003EEA3B4B79DFC4F554821FB895B7B6DB7CC9418740

Function 00000001400BFEF8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400BFF1B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
Instruction ID: 608a15f6eaf0ef5a496612af3e2485e25ca9acab7b6d14a4bfcd21ba336913f7
Opcode Fuzzy Hash: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
Instruction Fuzzy Hash: 0A21A532214A8187EB629F6AD4407B977B0FBD9BD4F544224FB5D476EADB38C400CB00

Function 0000000140080E00 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 0000000140080E48

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
Instruction ID: 324eafc6b56467617a0271dfae881c0dd6149dee2f0a2b88ad16501ffcdce3d5
Opcode Fuzzy Hash: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
Instruction Fuzzy Hash: 1D01AD32714A8486EB518F1BF94075AA7A0F78CFD4F485230EF5D43B68DB38C9818700

Function 0000000140037633 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 0000000140037676

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
Instruction ID: 198944faf61d7ec3d1a427db0a2f838cdd5696eaf073c2c50a60053681fd637d
Opcode Fuzzy Hash: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
Instruction Fuzzy Hash: 5701FB36218AC081EA72DB57F49579BA364F78CBD4F444026EF8D43B69DE39C886CB00

Function 0000000140097374 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000140097393

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
Instruction ID: 10117cc0a24eac238d1afa44782b5dd388175b2725dd5008568661bd113a274c
Opcode Fuzzy Hash: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
Instruction Fuzzy Hash: 2BE0D832215B4481EF666BBB91417EC71506B5CBF4F548321BF38033E6DB3484905711

Function 00000001400BB4C0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 00000001400BB4C4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
Instruction ID: 55b9ab2d4f23c47d731a4d9c5ea1b4a63ef8b7b9423aaadfc0eff3470f8c37f6
Opcode Fuzzy Hash: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
Instruction Fuzzy Hash: 65C09B39F15941D2E6553F775C823C611E06B5C792F440030DB0481170DE7CC5D78721

Function 00000001400BD0B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32 ref: 00000001400BD0BD

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
Instruction ID: fd872328199e54ae9bef307987e8fd57df0d4d182fee6eb87dab4ff849822d36
Opcode Fuzzy Hash: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
Instruction Fuzzy Hash: 0BB09236A148C0C3C612FB04E8422497331FB98B0FFD00000E78E42624CE2CCA2A8E00

Function 000000014009E8BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000000014009E8FA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
Instruction ID: 9f1c80e48db00bc7a01722dd14718bcfc10f7deb6eb96187868d3df548336582
Opcode Fuzzy Hash: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
Instruction Fuzzy Hash: 97F01C3130128945FE9666B398457EB12806B9DBF5F4947347F2A872E2DA38C8808620

Non-executed Functions

Function 0000000140091220 Relevance: 49.1, APIs: 25, Strings: 2, Instructions: 1888COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000140091557
_invalid_parameter_noinfo.LIBCMT ref: 00000001400917BA
_invalid_parameter_noinfo.LIBCMT ref: 0000000140091A7D
_invalid_parameter_noinfo.LIBCMT ref: 0000000140091D1D
memcpy_s.LIBCPMT ref: 0000000140091F2A
memcpy_s.LIBCPMT ref: 0000000140091FC6
memcpy_s.LIBCPMT ref: 000000014009247E
memcpy_s.LIBCPMT ref: 00000001400924B9
memcpy_s.LIBCPMT ref: 00000001400925E5
memcpy_s.LIBCPMT ref: 000000014009270C
memcpy_s.LIBCPMT ref: 00000001400927B7
memcpy_s.LIBCPMT ref: 00000001400927FF
memcpy_s.LIBCPMT ref: 0000000140092829
memcpy_s.LIBCPMT ref: 00000001400928DA
memcpy_s.LIBCPMT ref: 0000000140092ADA
memcpy_s.LIBCPMT ref: 0000000140092B1F
memcpy_s.LIBCPMT ref: 0000000140092BD6
memcpy_s.LIBCPMT ref: 0000000140092D03
memcpy_s.LIBCPMT ref: 00000001400923CE

Part of subcall function 0000000140093664: _invalid_parameter_noinfo.LIBCMT ref: 0000000140093696

memcpy_s.LIBCPMT ref: 0000000140092449
memcpy_s.LIBCPMT ref: 0000000140092EBD

Strings

, xrefs: 0000000140092C83
, xrefs: 0000000140092DB0

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: memcpy_s$_invalid_parameter_noinfo
String ID: $
API String ID: 2880407647-227171996
Opcode ID: 03eb87c13b275b4caea5dee433730508774416a966b59f4032c8c7413ec91eb6
Instruction ID: a657bb27cda1b9a1f0199fcee91b942ba265a0f8779d78ad39ddf276b9d33eb5
Opcode Fuzzy Hash: 03eb87c13b275b4caea5dee433730508774416a966b59f4032c8c7413ec91eb6
Instruction Fuzzy Hash: 1503AE727146808BE7768F2AD950BEE77A1F3987C8F405119FB06A7BA8D735DA00CB40

Function 000000014008A430 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 000000014008A473
NtAllocateVirtualMemory.NTDLL ref: 000000014008A4AB
lstrcpyW.KERNEL32 ref: 000000014008A50D
lstrcatW.KERNEL32 ref: 000000014008A5C2
NtAllocateVirtualMemory.NTDLL ref: 000000014008A649
lstrcpyW.KERNEL32 ref: 000000014008A6FC
RtlInitUnicodeString.NTDLL ref: 000000014008A711
RtlInitUnicodeString.NTDLL ref: 000000014008A726
LdrEnumerateLoadedModules.NTDLL ref: 000000014008A739
RtlReleasePebLock.NTDLL ref: 000000014008A73F

Part of subcall function 000000014007EED0: SHGetKnownFolderPath.SHELL32 ref: 000000014007EF29
Part of subcall function 000000014007EED0: CoTaskMemFree.OLE32 ref: 000000014007EFEA

CoInitializeEx.OLE32 ref: 000000014008A7EA
lstrcpyW.KERNEL32 ref: 000000014008A9C9
lstrcatW.KERNEL32 ref: 000000014008ABCE
CoGetObject.OLE32 ref: 000000014008ABEC
lstrcpyW.KERNEL32 ref: 000000014008B269
lstrcatW.KERNEL32 ref: 000000014008B48C
CoGetObject.OLE32 ref: 000000014008B4AA
CoUninitialize.OLE32 ref: 000000014008B972

Strings

0, xrefs: 000000014008B0AA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
String ID: 0
API String ID: 1424456515-4108050209
Opcode ID: 8f5edbf287dd535a234f51b7d05bff81e7d1fd2db6bfcf94ae8ca7e622edccb0
Instruction ID: d4c865407b3b5a88cd489df068cd4ff9b7f7d0fd986f16175bd207bd1cd188c2
Opcode Fuzzy Hash: 8f5edbf287dd535a234f51b7d05bff81e7d1fd2db6bfcf94ae8ca7e622edccb0
Instruction Fuzzy Hash: 11C2B736626F988AD7908F69E88169DB3B5F788B88F106215FFCD57B18EB38C154C740

Function 0000000140006180 Relevance: 30.2, Strings: 24, Instructions: 238COMMON

Download Yara Rule

Strings

bootmgr, xrefs: 000000014000655E
bootfont.bin, xrefs: 0000000140006220
bootstat.dat, xrefs: 0000000140006415
gdipfontcachev1.dat, xrefs: 00000001400063B7
winsipolicy.p7b, xrefs: 00000001400062B8
indexervolumeguid, xrefs: 0000000140006473
ntuser.dat, xrefs: 0000000140006304
boot.ini, xrefs: 00000001400061D1
BOOTNXT, xrefs: 000000014000658D
ntldr, xrefs: 0000000140006292
thumbs.db, xrefs: 0000000140006388
bootmgfw.efi, xrefs: 00000001400061F9
desktop.ini, xrefs: 000000014000626C
iconcache.db, xrefs: 00000001400062DE
ntuser.ini, xrefs: 0000000140006359
winre.wim, xrefs: 0000000140006500
wpsettings.dat, xrefs: 00000001400064A2
reagent.xml, xrefs: 000000014000652F
bootsect.bak, xrefs: 0000000140006246
ntuser.dat.log, xrefs: 000000014000632D
d3d9caps.dat, xrefs: 00000001400063E6
mib.bin, xrefs: 0000000140006444
boot.sdi, xrefs: 00000001400064D1
autorun.inf, xrefs: 00000001400061A8

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
API String ID: 118556049-850610325
Opcode ID: 22dcfd16a23274500c0631d97ecb7b22965bfb45e38d580db89ddce6ecc7947a
Instruction ID: 9af6f5fb2451f039e3f2e29efcbad565e8741d3969121260d1ea1181c48c6de1
Opcode Fuzzy Hash: 22dcfd16a23274500c0631d97ecb7b22965bfb45e38d580db89ddce6ecc7947a
Instruction Fuzzy Hash: 64C14562D60BC985E722DF36D8823E65361F7EE784F50A7067A8866866EF74D3C4C340

Function 000000014007B420 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32 ref: 000000014007B9A7

Strings

open, xrefs: 000000014007B91D
ios_base::badbit set, xrefs: 000000014007BBBA
.ps1, xrefs: 000000014007B4B4
.vbs, xrefs: 000000014007B512
ios_base::failbit set, xrefs: 000000014007BBC5
ios_base::eofbit set, xrefs: 000000014007BBCC
.exe, xrefs: 000000014007B56D
.exe, xrefs: 000000014007B485
runas, xrefs: 000000014007B926
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 000000014007B5B4
.cmd, xrefs: 000000014007B4E3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
API String ID: 587946157-4093014531
Opcode ID: 315483b7c795b93d48f9b0f35670784bb43dfe226b5cc985f694ee31121de8e6
Instruction ID: e64ee07ffd1cac2cfd0fc144e315d25c75a5b9d17199e52aade8a2fe2e984c9d
Opcode Fuzzy Hash: 315483b7c795b93d48f9b0f35670784bb43dfe226b5cc985f694ee31121de8e6
Instruction Fuzzy Hash: 7A228B72A10B8489EB11DF2AE8803DD67A1F7887D8F509216FF9D47AA9DF78C584C740

Function 00000001400AA3C8 Relevance: 20.4, APIs: 8, Strings: 3, Instructions: 1156COMMON

Download Yara Rule

Strings

s, xrefs: 00000001400AB3F1
s, xrefs: 00000001400AB4D2
W$, xrefs: 00000001400AA530

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: s$s$W$
API String ID: 3215553584-4165748295
Opcode ID: e8a348ae70a7e8e6c8dc96ee98d649d45766d8ccdc8954c97f752620c1f32d2c
Instruction ID: 9c23e8f5d791de3a81c7dc2569aff22aa5110c8414dce3997c0390da00aabe92
Opcode Fuzzy Hash: e8a348ae70a7e8e6c8dc96ee98d649d45766d8ccdc8954c97f752620c1f32d2c
Instruction Fuzzy Hash: 63A2D172B142908BE7768F66D440BED77A1F3697C8F405215EB0A5BAE9D738DA80CF40

Function 000000014008A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014008A430: RtlAcquirePebLock.NTDLL ref: 000000014008A473
Part of subcall function 000000014008A430: NtAllocateVirtualMemory.NTDLL ref: 000000014008A4AB
Part of subcall function 000000014008A430: lstrcpyW.KERNEL32 ref: 000000014008A50D
Part of subcall function 000000014008A430: lstrcatW.KERNEL32 ref: 000000014008A5C2

CoInitializeEx.OLE32 ref: 000000014008A7EA
lstrcpyW.KERNEL32 ref: 000000014008A9C9
lstrcatW.KERNEL32 ref: 000000014008ABCE
CoGetObject.OLE32 ref: 000000014008ABEC
lstrcpyW.KERNEL32 ref: 000000014008B269
lstrcatW.KERNEL32 ref: 000000014008B48C
CoGetObject.OLE32 ref: 000000014008B4AA
CoUninitialize.OLE32 ref: 000000014008B972

Strings

0, xrefs: 000000014008B0AA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
String ID: 0
API String ID: 3636535045-4108050209
Opcode ID: f81eb009de86b6c444231f19861b7892c29bf8f20dd4133f3e5d2f442cec1830
Instruction ID: b9de4dd26ae70b31327b14156477d7184851864b7bbd00916b50dd9a12508fe7
Opcode Fuzzy Hash: f81eb009de86b6c444231f19861b7892c29bf8f20dd4133f3e5d2f442cec1830
Instruction Fuzzy Hash: 2FB28936626F988AD7808F69F88165EB3B5F788B88F106215FFCD57B18EB38C1548740

Function 0000000140078440 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

BCryptOpenAlgorithmProvider.BCRYPT ref: 00000001400784D8
BCryptSetProperty.BCRYPT ref: 0000000140078502
BCryptGenerateSymmetricKey.BCRYPT ref: 000000014007853B
Concurrency::cancel_current_task.LIBCPMT ref: 0000000140078661

Strings

ChainingModeGCM, xrefs: 00000001400784F0
ChainingMode, xrefs: 00000001400784F7
AES, xrefs: 00000001400784CD

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Crypt$AlgorithmConcurrency::cancel_current_taskGenerateOpenPropertyProviderSymmetric
String ID: AES$ChainingMode$ChainingModeGCM
API String ID: 2222192889-1213888626
Opcode ID: eb1767030f7357d1bfa97f94af3308b705369d1faf0ddb6f04020e41878bc72c
Instruction ID: f28bd28e0eb8214e6e1a560f29bcde7bb753b3cc16860b90a9d8975a1a4d3131
Opcode Fuzzy Hash: eb1767030f7357d1bfa97f94af3308b705369d1faf0ddb6f04020e41878bc72c
Instruction Fuzzy Hash: 5361C172710B8486FB269F66E8407D96360E78DBE4F544725BF6C0BBE6DB38C5918700

Function 00000001400A8C04 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140099EEC: GetLastError.KERNEL32 ref: 0000000140099EFB
Part of subcall function 0000000140099EEC: FlsGetValue.KERNEL32 ref: 0000000140099F10
Part of subcall function 0000000140099EEC: SetLastError.KERNEL32 ref: 0000000140099F9B

TranslateName.LIBCMT ref: 00000001400A8C6E
TranslateName.LIBCMT ref: 00000001400A8CA9
GetACP.KERNEL32 ref: 00000001400A8CF0
IsValidCodePage.KERNEL32 ref: 00000001400A8D28
GetLocaleInfoW.KERNEL32 ref: 00000001400A8EE5

Strings

utf8, xrefs: 00000001400A8E0C

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
Instruction ID: 8349dc3027b5bf838b073474c1dbd6b6b718dd048b030d4317e83b54c1e9017f
Opcode Fuzzy Hash: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
Instruction Fuzzy Hash: 3B916A3220178186FB76EF63D4513E963A5F7ACBC0F448221AF59477A6EB39C991CB10

Function 00000001400A964C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140099EEC: GetLastError.KERNEL32 ref: 0000000140099EFB
Part of subcall function 0000000140099EEC: FlsGetValue.KERNEL32 ref: 0000000140099F10
Part of subcall function 0000000140099EEC: SetLastError.KERNEL32 ref: 0000000140099F9B

Part of subcall function 0000000140099EEC: FlsSetValue.KERNEL32 ref: 0000000140099F31

GetUserDefaultLCID.KERNEL32 ref: 00000001400A97BC

Part of subcall function 0000000140099EEC: FlsSetValue.KERNEL32 ref: 0000000140099F5E
Part of subcall function 0000000140099EEC: FlsSetValue.KERNEL32 ref: 0000000140099F6F
Part of subcall function 0000000140099EEC: FlsSetValue.KERNEL32 ref: 0000000140099F80

EnumSystemLocalesW.KERNEL32 ref: 00000001400A97A3
ProcessCodePage.LIBCMT ref: 00000001400A97E6
IsValidCodePage.KERNEL32 ref: 00000001400A97F8
IsValidLocale.KERNEL32 ref: 00000001400A980E
GetLocaleInfoW.KERNEL32 ref: 00000001400A986A
GetLocaleInfoW.KERNEL32 ref: 00000001400A9886

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 35311c5f5cbb088db9cafc063da405a92d1dac0a49a1e36eea51d3b328654a2c
Instruction ID: 7bd31282f7cea42ea7c1da278a9239bc261f869a6e572b599c6795b1d4aeb46e
Opcode Fuzzy Hash: 35311c5f5cbb088db9cafc063da405a92d1dac0a49a1e36eea51d3b328654a2c
Instruction Fuzzy Hash: 98716D327106508AFF52DFA2D8507ED33B4BB5CBC4F444626AF1957AA5EB38C885CB60

Function 00000001400AF2B8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00000001400AF2D4
RtlCaptureContext.KERNEL32 ref: 00000001400AF301
RtlLookupFunctionEntry.KERNEL32 ref: 00000001400AF31B
RtlVirtualUnwind.KERNEL32 ref: 00000001400AF35C
IsDebuggerPresent.KERNEL32 ref: 00000001400AF3B0
SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400AF3CD
UnhandledExceptionFilter.KERNEL32 ref: 00000001400AF3D8

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 6458172863af31e20951f5f8dc1d486a5fb90de472876968ccfd77d10a4e7fe6
Instruction ID: 3eaaca77e3044fe114672d1de19e5a1b13903de1a1951330ac21f52225543186
Opcode Fuzzy Hash: 6458172863af31e20951f5f8dc1d486a5fb90de472876968ccfd77d10a4e7fe6
Instruction Fuzzy Hash: 81314376205B8086EB61DFA1E8803ED7374F799785F44412AEB4E47BA9DF38C649CB10

Function 00000001400702C0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140070474
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140070482
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140070705
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140070713

Strings

value, xrefs: 000000014007039A, 0000000140070633

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 09f8d0a92ac73c88ae252c5613f038994e78c7a469ba81a1b627514a1177f4ab
Instruction ID: 2f0a74b06a620db2c6074f5de4abd2660f00365e9c853ea50482cebdeb1d6260
Opcode Fuzzy Hash: 09f8d0a92ac73c88ae252c5613f038994e78c7a469ba81a1b627514a1177f4ab
Instruction Fuzzy Hash: 4C027A72A14BC085EB52CBB6D4803EE6761E7897E4F105312FB9D13AEADE78C185C740

Function 00000001400070E0 Relevance: 8.7, Strings: 2, Instructions: 6192COMMON

Download Yara Rule

Strings

0| , xrefs: 000000014000A83D
\| , xrefs: 000000014000C52D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0| $\|
API String ID: 0-2050777373
Opcode ID: ad8b8a06ee8e7dbd9eb0ed87f328e0d9eefed4ef2557dac10ab3baeca558fbf1
Instruction ID: 284daf97a714ec00d6c1b3d7287322477c9a22568bbb2eccfed623d737d0f244
Opcode Fuzzy Hash: ad8b8a06ee8e7dbd9eb0ed87f328e0d9eefed4ef2557dac10ab3baeca558fbf1
Instruction Fuzzy Hash: D904D032915FC489D7759F39EC853D977A8F79978CF106219EB8C1AB29EB3483A08305

Function 00000001400398CD Relevance: 7.4, Strings: 5, Instructions: 1142COMMON

Download Yara Rule

Strings

users, xrefs: 000000014003A262
content, xrefs: 0000000140039B9F, 0000000140039F27, 000000014003A844
filename, xrefs: 0000000140039B46, 0000000140039ECE, 000000014003A762
status, xrefs: 000000014003AD67
config, xrefs: 0000000140039CDD

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: config$content$filename$status$users
API String ID: 0-2677590375
Opcode ID: 0cac4ccc4fc600b7a900a897fb3a143b7273e9353b553c03d40e8d842885445b
Instruction ID: 8466b02c89f5d3f5ca8fd9f45cea41b65bbce8c294ac8a6e5fda3690ef307a81
Opcode Fuzzy Hash: 0cac4ccc4fc600b7a900a897fb3a143b7273e9353b553c03d40e8d842885445b
Instruction Fuzzy Hash: 3CC23B72611BC589DB329F36D8903DD6361F789798F405216EB9D4BBAAEF38C684C340

Function 00000001400BD804 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00000001400BD865
IsDebuggerPresent.KERNEL32 ref: 00000001400BD87D
OutputDebugStringW.KERNEL32 ref: 00000001400BD88E

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001400BD887

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
Instruction ID: 156b50a59491b522b95133cc87a66bc9d4c90f318aca79d238700763b05f87d6
Opcode Fuzzy Hash: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
Instruction Fuzzy Hash: 5F115A32210B40A7F75A9B27E6943E933A1FB4C786F449125EB4983A70EF78D0B8C750

Function 00000001400AA44F Relevance: 6.4, Strings: 5, Instructions: 198COMMON

Download Yara Rule

Strings

1#IND, xrefs: 00000001400AA49F
1#SNAN, xrefs: 00000001400AA4C2
1#QNAN, xrefs: 00000001400AA4CB
1#INF, xrefs: 00000001400AA4DB
W$, xrefs: 00000001400AA530

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 1#IND$1#INF$1#QNAN$1#SNAN$W$
API String ID: 3215553584-4287779413
Opcode ID: e914ef83dae64b72f50003c00f300a4745ddd1fbbdf1c541f482026cce5ebf66
Instruction ID: 4d4210e12aeee8e9f5e94711e4e8cd733dc4b39c4ec79285a3ee6235da0bb1d1
Opcode Fuzzy Hash: e914ef83dae64b72f50003c00f300a4745ddd1fbbdf1c541f482026cce5ebf66
Instruction Fuzzy Hash: 93711172B242414BE7228F3AD4447EDB3A1A7AD3D4F044725BB199BAE5DB3CD9818F00

Function 0000000140099038 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 000000014009908F
GetSystemInfo.KERNEL32 ref: 00000001400990A8
VirtualAlloc.KERNEL32 ref: 0000000140099116
VirtualProtect.KERNEL32 ref: 0000000140099131

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 6131e7ac5c004b666fb02de1823fa69e50ababb2f1d6eff18536aed83fe204ab
Instruction ID: 2006030ddcdfcd66f6cc748a20a45c9b0152b93ab0e2963e6fa905ca9af8d5f1
Opcode Fuzzy Hash: 6131e7ac5c004b666fb02de1823fa69e50ababb2f1d6eff18536aed83fe204ab
Instruction Fuzzy Hash: 84311632310A859EEB21DF36D8547D923A5F74CBC8F944125AA494BB68DF38D646C740

Function 00000001400A36A8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400A3ADE
_get_daylight.LIBCMT ref: 00000001400A3B79
_get_daylight.LIBCMT ref: 00000001400A3B92

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID:
API String ID: 1286766494-0
Opcode ID: 91154ea289c3556cf103cf6e37fc2ba0624cd5322ab1aec8ddf48183395d8b30
Instruction ID: 4fad86f6d9d594f3f7bfe3a69b32873ea402f7dc870d61de0be478661a220898
Opcode Fuzzy Hash: 91154ea289c3556cf103cf6e37fc2ba0624cd5322ab1aec8ddf48183395d8b30
Instruction Fuzzy Hash: 4D92E03660479087EB668F26D5503EE37A5F7A97C8F548215FB8907FA9DB38C990CB00

Function 00000001400BB170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32 ref: 00000001400BB196
FormatMessageA.KERNEL32 ref: 00000001400BB1C9

Strings

!x-sys-default-locale, xrefs: 00000001400BB189

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
Instruction ID: 3c92f31fd4891f13edf4352e9aacb77233aaeb4dc1a43732f9876fdfe1b241ce
Opcode Fuzzy Hash: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
Instruction Fuzzy Hash: 61018C72714B8083EB229F57B8647AA67A2F7887C5F848025EB5547AA8CB7CC606C700

Function 0000000140093150 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00000001400931B6
memcpy_s.LIBCPMT ref: 00000001400931E1

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: eb07a1fe8bff8429000d82fc6708e1dd14e73367c47fa60bb37c8b50ad77a0f3
Instruction ID: c4b91031d082ce85d0071a6aadb3f9c9206e35f87d0b51ac34ed733270a5ee20
Opcode Fuzzy Hash: eb07a1fe8bff8429000d82fc6708e1dd14e73367c47fa60bb37c8b50ad77a0f3
Instruction Fuzzy Hash: 70C1167231468487EB26CF1AE0447AEB7A1F39CBC4F459125EB5A43BA4DB39E901CF40

Function 00000001400A90C8 Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140099EEC: GetLastError.KERNEL32 ref: 0000000140099EFB
Part of subcall function 0000000140099EEC: FlsGetValue.KERNEL32 ref: 0000000140099F10
Part of subcall function 0000000140099EEC: SetLastError.KERNEL32 ref: 0000000140099F9B

Part of subcall function 0000000140099EEC: FlsSetValue.KERNEL32 ref: 0000000140099F31

GetLocaleInfoW.KERNEL32 ref: 00000001400A9134

Part of subcall function 000000014008FBA0: _invalid_parameter_noinfo.LIBCMT ref: 000000014008FBBD

GetLocaleInfoW.KERNEL32 ref: 00000001400A917D

Part of subcall function 000000014008FBA0: _invalid_parameter_noinfo.LIBCMT ref: 000000014008FC16

GetLocaleInfoW.KERNEL32 ref: 00000001400A9245

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 8cdfe7f1b5fd9999da327c4f4609675d5690c7bae2d768c40d9912784c01383a
Instruction ID: 5aa2a0d1c8725bc235ac10c78bb89a9ef32e388b198462fc47fde5f37f4abd7d
Opcode Fuzzy Hash: 8cdfe7f1b5fd9999da327c4f4609675d5690c7bae2d768c40d9912784c01383a
Instruction Fuzzy Hash: 3761B2327006419AEB369FA6E5503ED73A1F7AC7C5F408325EB9A936E1DB38D591CB00

Function 00000001400763A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON

Download Yara Rule

Strings

Ybz2hAQ21TM=, xrefs: 00000001400764D1
oCywl7ReztFbsuK4ypJDH6s9P43vLtP1WL04vYsxKXc=, xrefs: 0000000140076449
port, xrefs: 000000014007705F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Ybz2hAQ21TM=$oCywl7ReztFbsuK4ypJDH6s9P43vLtP1WL04vYsxKXc=$port
API String ID: 0-2237839651
Opcode ID: 0f27eef421dd33c6d8438041d9c3ea8376fabf61cda118a290c9fcad06a7c02d
Instruction ID: 9b4862e95f6fcc26d2417899f4ab57a580ce994f7de1a64d19b262a48ac5c7d0
Opcode Fuzzy Hash: 0f27eef421dd33c6d8438041d9c3ea8376fabf61cda118a290c9fcad06a7c02d
Instruction Fuzzy Hash: 0A724C72629BC485EA61CB25E4803DEB3A5F7D9784F505215EBCD13BA9EF38C191CB04

Function 000000014009F0D8 Relevance: 3.9, Strings: 3, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 000000014009F1E5
-, xrefs: 000000014009F237
gfff, xrefs: 000000014009F262

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: -$e+000$gfff
API String ID: 0-2620144452
Opcode ID: c7e19593615f5b016f33edca04d76eabfb088503034d3aa1c419b3a715446e94
Instruction ID: 5492b00e63e4a759c2255974a7dbe939dc967fd202c0368106c7b13000663624
Opcode Fuzzy Hash: c7e19593615f5b016f33edca04d76eabfb088503034d3aa1c419b3a715446e94
Instruction Fuzzy Hash: C45157767147C486E7268F36E9017A9BB91F348BD4F48D222EBA48BBE5CB79C445C700

Function 0000000140051AF0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 0000000140051D4E

Strings

parse_error, xrefs: 0000000140051B7E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_copy
String ID: parse_error
API String ID: 592178966-3903021949
Opcode ID: 1c6de8c288794efa2f7cfd91f2ac11df9fd421ef5c5d34333d0ccb5f80645a74
Instruction ID: 3c4670f40cc9ab17b43fc29367b9fa31500672bc97c50587d62b6602c41e7cfc
Opcode Fuzzy Hash: 1c6de8c288794efa2f7cfd91f2ac11df9fd421ef5c5d34333d0ccb5f80645a74
Instruction Fuzzy Hash: FEA17E72B10B8489EB12CB66E4403ED6362E79D7D8F109711EF9C17AAAEB39C195C340

Function 000000014009E020 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 000000014009E094

Strings

GetLocaleInfoEx, xrefs: 000000014009E03C, 000000014009E04D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 099550578a3a416ea78b7fa52ed638fc0f733537aeae7f3447c0ea0cdfd8c17a
Instruction ID: fb935f9c2ab31aa5e90575f03674e7bf2486afca9488b688b185203ea02026ac
Opcode Fuzzy Hash: 099550578a3a416ea78b7fa52ed638fc0f733537aeae7f3447c0ea0cdfd8c17a
Instruction Fuzzy Hash: 80016D35704A8086EB569B57F4407DAA761FB9CBC0F984426FF4913BBADE38C9428790

Function 0000000140078020 Relevance: 3.2, APIs: 2, Instructions: 248COMMON

Download Yara Rule

APIs

BCryptDecrypt.BCRYPT ref: 00000001400781E0

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CryptDecrypt
String ID:
API String ID: 2620231605-0
Opcode ID: 26be2a797bee493e3ad2b3ec1d6e55a9b045376b36a316b3c0ef38d451224750
Instruction ID: f7f5fd7e2185f9db639c3601158b2a71c7d2ea5875eccf7afe32dc6e5bc30884
Opcode Fuzzy Hash: 26be2a797bee493e3ad2b3ec1d6e55a9b045376b36a316b3c0ef38d451224750
Instruction Fuzzy Hash: 7FB16A72B48B809AEB61CB66E4503AD37B5F34978CF008216EF4817BA9DB79C599D340

Function 00000001400A14E4 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00000001400A1733
RaiseException.KERNEL32 ref: 00000001400A1744

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 7fa2203b5ce5cf4252278981a869295bf258e597fb1a3e488d01a74adacce12a
Instruction ID: ce3cffeaddecb57bd5aa004852814d0472f37fd234069d5227336842901e8d70
Opcode Fuzzy Hash: 7fa2203b5ce5cf4252278981a869295bf258e597fb1a3e488d01a74adacce12a
Instruction Fuzzy Hash: 82B1FD77610B848BEB56CF2AD44539C7BE0F398B98F198A15EB59877B4CB39C491CB00

Function 00000001400AC128 Relevance: 3.2, APIs: 2, Instructions: 208COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00000001400AC1CD
_invalid_parameter_noinfo.LIBCMT ref: 00000001400AC38F

Part of subcall function 000000014009DA30: HeapAlloc.KERNEL32 ref: 000000014009DA85

Part of subcall function 000000014009D3C8: HeapFree.KERNEL32 ref: 000000014009D3DE
Part of subcall function 000000014009D3C8: GetLastError.KERNEL32 ref: 000000014009D3E8

Part of subcall function 00000001400AD894: _invalid_parameter_noinfo.LIBCMT ref: 00000001400AD8C7

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorHeapLast_invalid_parameter_noinfo$AllocFree
String ID:
API String ID: 749460637-0
Opcode ID: 27640a1b4452658f619c330b6942f42c57ed7cbddb1e0b5935f25c2a2fe2ad05
Instruction ID: a0cc71780de81b772317908ff88ec895ebc3ca39ef53a965ae4e9244de46f0ae
Opcode Fuzzy Hash: 27640a1b4452658f619c330b6942f42c57ed7cbddb1e0b5935f25c2a2fe2ad05
Instruction Fuzzy Hash: 92612B3231478142EB669F67A810BEEB3D1B7DCBC0F454626BF49477A5EE38C8818B04

Function 0000000140086540 Relevance: 3.2, APIs: 2, Instructions: 187COMMON

Download Yara Rule

APIs

EnumDisplayDevicesW.USER32 ref: 0000000140086657
EnumDisplayDevicesW.USER32 ref: 00000001400866FB

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: DevicesDisplayEnum
String ID:
API String ID: 2211661463-0
Opcode ID: be865eeff10d166dc6103f7ebc966a270325f175452e2d6742989484897e37eb
Instruction ID: c35878f14fd4ace50e34acaeaa391da43f012d67d0405fd52747271c3f58506e
Opcode Fuzzy Hash: be865eeff10d166dc6103f7ebc966a270325f175452e2d6742989484897e37eb
Instruction Fuzzy Hash: 7E81AB33A14B8486E721CF26E84479E77A5F388798F515215EF9C17BA9EF78C681CB00

Function 0000000140037C20 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0000000140037CAD
LocalFree.KERNEL32 ref: 0000000140037D3F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: c46a61c8bef13cf4ed1d54852e8ad14d3f6827ea61f97f3034c871f01e507e4d
Instruction ID: 7f40ee8586bf01c3048f34f820df491f9ea945d51269d3c7e357f259fb1b8b85
Opcode Fuzzy Hash: c46a61c8bef13cf4ed1d54852e8ad14d3f6827ea61f97f3034c871f01e507e4d
Instruction Fuzzy Hash: D2616632B14B809AEB22DF76E4403DD73B1E75978CF008229EB8D17E9ADB78C5948350

Function 0000000140078B00 Relevance: 3.0, Strings: 2, Instructions: 529COMMON

Download Yara Rule

Strings

%, xrefs: 0000000140079164
+, xrefs: 000000014007917F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %$+
API String ID: 0-2626897407
Opcode ID: f234ca16ff53dd273389edab1ef266ed9367d6f2217fc034884727a39b7d57cc
Instruction ID: 4f07d37735d6ed429a9df18d9a74b6349316186db300b3afe0c233002630e10c
Opcode Fuzzy Hash: f234ca16ff53dd273389edab1ef266ed9367d6f2217fc034884727a39b7d57cc
Instruction Fuzzy Hash: 1F221333B14A848AFB26CB66E4503ED67A2E7597D8F444222EF4917BE9DB3CC445C350

Function 00000001400A46E4 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE

Download Yara Rule

Strings

a/p, xrefs: 00000001400A49FE
am/pm, xrefs: 00000001400A4993

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: a/p$am/pm
API String ID: 0-3206640213
Opcode ID: 3aa2d18b96f53096dafde024e84d8e74b450cb229927da4525f6c74ea8e41481
Instruction ID: 282e28f27db02fe1aa2beadafee1f9428e67b57fa7ec56f663f6cb2ab2f17a07
Opcode Fuzzy Hash: 3aa2d18b96f53096dafde024e84d8e74b450cb229927da4525f6c74ea8e41481
Instruction Fuzzy Hash: A0E1ED3A61468085EB668F2791547FE23A4FBB97C4F654302FB4A07FA4DB38C991CB11

Function 0000000140030A80 Relevance: 2.7, Strings: 2, Instructions: 226COMMON

Download Yara Rule

Strings

emoji, xrefs: 0000000140030AF0
dumps, xrefs: 0000000140030AC8

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: dumps$emoji
API String ID: 0-2873254224
Opcode ID: 9c1d1d90ca4f88bc8268b0322e863aaa792dfa8aa99b6ae742cb4d4f1446b717
Instruction ID: de1d32d498b1603b3283e1e425eee834114ee630492cf4a12f2e42a933c28d9c
Opcode Fuzzy Hash: 9c1d1d90ca4f88bc8268b0322e863aaa792dfa8aa99b6ae742cb4d4f1446b717
Instruction Fuzzy Hash: EEB1FA32929BC486E661CB25E88039AB7A4F79D788F116315FBCD53B59DB38D290CB00

Function 0000000140060AC0 Relevance: 2.0, APIs: 1, Instructions: 470COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000000140060B3B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 27d41652c40ed87ce4fa114c6ff06a1910c43d14d329ed21a01f6af745dd494c
Instruction ID: 3ea09d183f0e17230624784c327211b13ac9c21796c8a57e93de2c3ba86a3c65
Opcode Fuzzy Hash: 27d41652c40ed87ce4fa114c6ff06a1910c43d14d329ed21a01f6af745dd494c
Instruction Fuzzy Hash: 9F029B72711B8585EB11CFA6D8403EE63A2E748BD8F589622EF9C177A9DF34C495C380

Function 00000001400A6A68 Relevance: 1.9, APIs: 1, Instructions: 373COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00000001400A6BB0

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 90946a6b15058c528e056b8d8cd1a92ef4f6d2102c32f556ef9c06fc4cf9f037
Instruction ID: a529babc2d6e8ba6f5e828ff2b22bd3019f6cc999c29afac651c8859d6e64573
Opcode Fuzzy Hash: 90946a6b15058c528e056b8d8cd1a92ef4f6d2102c32f556ef9c06fc4cf9f037
Instruction Fuzzy Hash: 06128A32A08BC486E752CF3994457ED73A4F76D788F459316EB98876A2EB34D2C4CB00

Function 00000001400A71D8 Relevance: 1.8, APIs: 1, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c78c0f44f628b309bf0bf25ef07213807af04e49cf24dc8ac6838a16b865059
Instruction ID: bb940daf5543c1f9a79ee97aaadeda5922451d7e61c1cde4f32fc15d938a2440
Opcode Fuzzy Hash: 1c78c0f44f628b309bf0bf25ef07213807af04e49cf24dc8ac6838a16b865059
Instruction Fuzzy Hash: 4CE15036704B8086E721DB62E4417EE77A4F3A97C8F418626EF8D53B66EB78D245C700

Function 000000014005C0F0 Relevance: 1.7, APIs: 1, Instructions: 232COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014005C40B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 77270c227ffeb004b750eba44a016f14a5b20c8e9565abcba5683151d7bf73c1
Instruction ID: 3367cc3590d20919b635da020e6a9838ec97f649690dd723de14dcaa02d71857
Opcode Fuzzy Hash: 77270c227ffeb004b750eba44a016f14a5b20c8e9565abcba5683151d7bf73c1
Instruction Fuzzy Hash: 4DA17932715B9889EB02CBAAD4803EC37B0F359B88F548516EF8E57B69DB39C195C350

Function 000000014005BAB0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014005BDC4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ee8b0f9f2e73586f7a4fc3912ce6b8e3a620c06cd61257d921c36885d417bf64
Instruction ID: e7e758f77b730658fa2183651e0bcda9456a6a66edef94dbe68809bbbcb91688
Opcode Fuzzy Hash: ee8b0f9f2e73586f7a4fc3912ce6b8e3a620c06cd61257d921c36885d417bf64
Instruction Fuzzy Hash: 4AA18932615B98C9EB01CB6AD4803EC3BB0F359B88F548516EF8D57769DB79D191C310

Function 000000014005B780 Relevance: 1.7, APIs: 1, Instructions: 220COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014005BAA9

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a0e78a6ef54e2a893f1caef4e4e4ab9343fbc453b4b6cae2b4af0f6514b75cbd
Instruction ID: fa854fabc025c76a206bed3a6f1c0845178dcea3b927583e1f4c4cda74e7147e
Opcode Fuzzy Hash: a0e78a6ef54e2a893f1caef4e4e4ab9343fbc453b4b6cae2b4af0f6514b75cbd
Instruction Fuzzy Hash: 0FA18A32A15B98C9EB01CBAAD4803EC77B0F359B88F548516EF8D57B69DB39D095C300

Function 000000014005B480 Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014005B778

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 9546bb3a3fc2cd0186fd8e81e805c14f61dec66cf7b42dca47b712199baa8138
Instruction ID: d35a4813ebe911b3f3d06accd323ebf2fe1b7b1083f9830a8cc86ee30199d110
Opcode Fuzzy Hash: 9546bb3a3fc2cd0186fd8e81e805c14f61dec66cf7b42dca47b712199baa8138
Instruction Fuzzy Hash: D2A17832715B98C9EB12CB6AD4803EC67B0F359B88F648416EF8D57BA5EB39D095C300

Function 000000014005C420 Relevance: 1.7, APIs: 1, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000000014005C718

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: b591e7a311cd117aeb4adf489aa1e802da64c31dc096dcf9c35f5bab099bf382
Instruction ID: 854463cf17bdd6b58da1f7546ddcdbe712e6ab292ec46fef6426cf4f233b86a0
Opcode Fuzzy Hash: b591e7a311cd117aeb4adf489aa1e802da64c31dc096dcf9c35f5bab099bf382
Instruction Fuzzy Hash: 4FA19C72721B9889EB02CBAAD4907EC37B0F359B88F549416EF8E57B65DB39C191C340

Function 00000001400A9310 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140099EEC: GetLastError.KERNEL32 ref: 0000000140099EFB
Part of subcall function 0000000140099EEC: FlsGetValue.KERNEL32 ref: 0000000140099F10
Part of subcall function 0000000140099EEC: SetLastError.KERNEL32 ref: 0000000140099F9B

Part of subcall function 0000000140099EEC: FlsSetValue.KERNEL32 ref: 0000000140099F31

GetLocaleInfoW.KERNEL32 ref: 00000001400A9378

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
Instruction ID: a4ca8649259d75ba04167a6e259112765b42d28c6b5c3f01e538b8ae298da7d2
Opcode Fuzzy Hash: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
Instruction Fuzzy Hash: 9431713270468186EF6ADB67E4513DE73A1F79C7C4F408225BB8A876A5DF38D691CB00

Function 0000000140026510 Relevance: 1.6, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

QN , xrefs: 0000000140026877

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: QN
API String ID: 0-3349929942
Opcode ID: 4adeaebae40e5ff169471ee5d4a8d23a557c17ee84dec89bc840266fd6fece81
Instruction ID: 4f3d7730723fade62404a711111efc0fb212951dde9af45be0f290200e40d11c
Opcode Fuzzy Hash: 4adeaebae40e5ff169471ee5d4a8d23a557c17ee84dec89bc840266fd6fece81
Instruction Fuzzy Hash: BB02D432915BC489E7628F39E8813D977A4F7AD788F105315EBCC6BB69EB74C2908740

Function 00000001400A9518 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140099EEC: GetLastError.KERNEL32 ref: 0000000140099EFB
Part of subcall function 0000000140099EEC: FlsGetValue.KERNEL32 ref: 0000000140099F10
Part of subcall function 0000000140099EEC: SetLastError.KERNEL32 ref: 0000000140099F9B

GetLocaleInfoW.KERNEL32 ref: 00000001400A954F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
Instruction ID: a262072600bdabd7c0679cf6d9857ba45dbebfe756d1e7f3d1e5b58b444c0772
Opcode Fuzzy Hash: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
Instruction Fuzzy Hash: B1110A32B1495183E7778777A04179E62A1E76C7E4F548721F766477E4E636C8C18B00

Function 00000001400A9030 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140099EEC: GetLastError.KERNEL32 ref: 0000000140099EFB
Part of subcall function 0000000140099EEC: FlsGetValue.KERNEL32 ref: 0000000140099F10
Part of subcall function 0000000140099EEC: SetLastError.KERNEL32 ref: 0000000140099F9B

EnumSystemLocalesW.KERNEL32 ref: 00000001400A90AE

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 0c241287891358d20c5c1590d81d3974ae3e0a48a457f3cbc01ffa927b921278
Instruction ID: 6ae5d8b3708d6626887a23f7dbcc4907dd0624352dc3dc594ae9d114bdff575e
Opcode Fuzzy Hash: 0c241287891358d20c5c1590d81d3974ae3e0a48a457f3cbc01ffa927b921278
Instruction Fuzzy Hash: 4D01D472B042808AEB128FA7E440BD976A1E768BE4F458321E765473E9CB7588C1CB00

Function 00000001400783C0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

BCryptCloseAlgorithmProvider.BCRYPT ref: 00000001400783D9

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: AlgorithmCloseCryptProvider
String ID:
API String ID: 3378198380-0
Opcode ID: 65ba22bee9f219e95710a788156d61738fbf3692be3f1b4b0f6c47b5bcc97fc1
Instruction ID: 46cd3e4ecf0bf3881bc472a46e152dc7da49fa282612d15e85770da4dfb79c46
Opcode Fuzzy Hash: 65ba22bee9f219e95710a788156d61738fbf3692be3f1b4b0f6c47b5bcc97fc1
Instruction Fuzzy Hash: E901AFB2700A8481EF299B22E4583AD2361E748FC9F944410EF4C076A9DFBDC8858380

Function 000000014009DAE0 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 000000014009DB2F

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
Instruction ID: de712f23fd13e8c4d5100720269348e510cf31078cf0cbf84c59e1ff34ea8840
Opcode Fuzzy Hash: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
Instruction Fuzzy Hash: D8F037B2304B4083E705DB2AF8907D973A2E79DBC0F549126EB4983379CE38C9A1C300

Function 0000000140096164 Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

, xrefs: 0000000140096346

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: d56b133698f6429a15668cf33a50c2b0452d3e907794045ce25e286071ddca93
Instruction ID: 5985c16e8c7ee05d195531540a6d0c9df7fc115bbda66a9a795bdfadb218e8cb
Opcode Fuzzy Hash: d56b133698f6429a15668cf33a50c2b0452d3e907794045ce25e286071ddca93
Instruction Fuzzy Hash: CCB16D72204B848AEB66CF3AD0503AD3BB4F34DF88F684116EB8A473A5DB36C951C745

Function 00000001400283D0 Relevance: .8, Instructions: 795COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0538767b6b45461ea7b05e4291f3168d71c376be44ab5dc851c2711e80cf8c7
Instruction ID: 11b7f8a1af85b3332e8e9ec774ad9aafbdc42df1fa3ac2c6f6e342fe0cafe42d
Opcode Fuzzy Hash: d0538767b6b45461ea7b05e4291f3168d71c376be44ab5dc851c2711e80cf8c7
Instruction Fuzzy Hash: 6AA27136615FD88AD7418FAAEC8129973B6F748BA8B101619EFCC57F18EBB4C164C740

Function 0000000140025520 Relevance: .8, Instructions: 792COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e6ece7ce69c095957c4864fcc3e87f2bc5eb18ec43adb6e1f4c5b19e5582c4
Instruction ID: beef6051a45bce1b1226442735bbb051317004564f72870a77c8f5785136e9d7
Opcode Fuzzy Hash: a1e6ece7ce69c095957c4864fcc3e87f2bc5eb18ec43adb6e1f4c5b19e5582c4
Instruction Fuzzy Hash: B092B432915BC88AD7718F25E8813DAB7A8F79D788F505315EACC16B19EB38D394C704

Function 0000000140062750 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
Instruction ID: 1d33147da6fef292ddb6e3dfce7d4f5fb46f2d394935471198070cec947208fe
Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
Instruction Fuzzy Hash: 23C1D073725A9487EB56CF63D9447A9B762F3D8BE0F55D120EB4A07B98CA38C846C700

Function 0000000140006610 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c199abf99ea0f33a9296d6ec493677b6e8d4c25f5b9629a72f2ffc9cf317a90f
Instruction ID: dae7188b58aa12ed6a721d46ece6e361adde1b5e6735e4fc9e27f5ef3900fc0f
Opcode Fuzzy Hash: c199abf99ea0f33a9296d6ec493677b6e8d4c25f5b9629a72f2ffc9cf317a90f
Instruction Fuzzy Hash: DD12C532619BC88AE7718F29E84139AB7A4F79D788F505315EBCC57B19EB38C254CB04

Function 0000000140075AB0 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
Instruction ID: 447b2b773560c4beaa4e67ccb80f79841d332dbb345d5add23c245d827f16df0
Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
Instruction Fuzzy Hash: 38C1C4B3A146948BE355CF2DD401A5D7BA0F398B84F40A629EB56C3B01E778D9A5CF80

Function 000000014009A924 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: a2379e98abae736fe33e8b4f9fedcc0141c51f1be06055089ccb01d873b85599
Instruction ID: 81f69587606c8d6d2920975f800801ad71658ffe686509f5888f9c5868ecb4cc
Opcode Fuzzy Hash: a2379e98abae736fe33e8b4f9fedcc0141c51f1be06055089ccb01d873b85599
Instruction Fuzzy Hash: BFC1C27630468086EB629B6799107EA37A1F79ABC8F404115FF8A8BBE5EF3CC545C740

Function 000000014009666C Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0c2dc1868310f7be340402d514fcc5ddbcaaf30b09b4b1a75e66e521b583746
Instruction ID: 3a803396a737e7e09fc37ffe396adff213b7af43b5bde25c7abf1f4bb1d46515
Opcode Fuzzy Hash: f0c2dc1868310f7be340402d514fcc5ddbcaaf30b09b4b1a75e66e521b583746
Instruction Fuzzy Hash: 21C1B832604A4486EB2ACF3BC5507AE37A0E749BCCF248215EF595B7E5DB3AC846D740

Function 00000001400A8674 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$Value_invalid_parameter_noinfo
String ID:
API String ID: 1500699246-0
Opcode ID: 468b93f19c7ca54f8d79ce9aecab092ca155e8bca1880fa3cbddf3014db9fedd
Instruction ID: 219554444d32d0e4537ad1326bba152ffa5b4e92018c9ef7381ea1e0fb4a3fed
Opcode Fuzzy Hash: 468b93f19c7ca54f8d79ce9aecab092ca155e8bca1880fa3cbddf3014db9fedd
Instruction Fuzzy Hash: A8B1CE7261468482EB76DF22D4117EA33A0F3A8BC8F544326EF56836E9DF78C595CB40

Function 0000000140054720 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8096616a82d0af589e55529d9e21aaaddb0a4067eb04550f42ec58ec897b5e0e
Instruction ID: b20235c530f76bdce2ee3876d0716f49ee890a7daca5df87e94b1965b3cc0896
Opcode Fuzzy Hash: 8096616a82d0af589e55529d9e21aaaddb0a4067eb04550f42ec58ec897b5e0e
Instruction Fuzzy Hash: 8661B172714BC882DB21CB2AE4453EDA3A1F75D7D8F549211EB9D47BA8EB79D280C340

Function 000000014009F7E6 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd72482e03d17e0c267891211c2a08fffdf3b2de236a6c27577c882ac387638
Instruction ID: e2c9dfdefbb9d112d0675f23ad41226c04d3d172fc5c8865881e53bf685bf733
Opcode Fuzzy Hash: afd72482e03d17e0c267891211c2a08fffdf3b2de236a6c27577c882ac387638
Instruction Fuzzy Hash: 4B51D87261878086EBB5CB2BA4413BAA690F74E7D4F544225FB9E43BE9DB3CC5409B00

Function 000000014007E2F0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 138ce084abc59b7a62cd21c0bdb32c0536e72d2a6f022af23bd525f26c324e99
Instruction ID: 027d60879b43b0a81cc45adc781a0af0a38eddb82efb1c2e3e36529c8144405a
Opcode Fuzzy Hash: 138ce084abc59b7a62cd21c0bdb32c0536e72d2a6f022af23bd525f26c324e99
Instruction Fuzzy Hash: F85104A3B0568443DB248B49F842796F7A5FB987C5F00A126EE8D57B69EB3CD580C700

Function 0000000140095394 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction ID: 99ad1355632ae1fd69952ade0b8b880547fb4266a066a210fa678cc3ea636d96
Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction Fuzzy Hash: 6D519236624A5086E7669B2BD0543AC3BA1E35CFDEF258111EF89477B5C736C893C740

Function 0000000140095598 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction ID: 1a5f552ae487ea52881a4b4007291b9de41d1dc95850a7e92b2562e97dc69483
Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction Fuzzy Hash: 8B51C136224A50C6E7269B2BE0403A97BA1E34CFD9F684111EF49477B5D732CD43CB80

Function 000000014009579C Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction ID: bf005c958525c39f9f98a73881a786616db269bc64c82d253bf23c47cd79f0e7
Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction Fuzzy Hash: B3518036624A50C6E7269F2BC0503A93BA1E34DFA9F288111EF89577B4CB36CD43C780

Function 00000001400ABB90 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: d05f01d9c7e6d1227e296b3139dc3c4d5665c446069bb1063acdd8e7d0dd9ca1
Instruction ID: be5b461f7ee288339d9b570e5532cccf87377d3a7bff12cd17e984541771d2f7
Opcode Fuzzy Hash: d05f01d9c7e6d1227e296b3139dc3c4d5665c446069bb1063acdd8e7d0dd9ca1
Instruction Fuzzy Hash: 7641B172310A5482EF19CF2BD9647A973A1B35CFD0F59A126EF0D87B68EE38C5818700

Function 00000001400D56F8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4c301f195e669e6877f5ced79d700ac9dd8bbab9aa6e5de489f1ad1fe475649
Instruction ID: e12f2dd183da2f85393af15a73360979131419ec6d7815a0da4720aa5d6fbaab
Opcode Fuzzy Hash: b4c301f195e669e6877f5ced79d700ac9dd8bbab9aa6e5de489f1ad1fe475649
Instruction Fuzzy Hash: 69F04F6780E7C08FE397AE34286A3DC2FA0EB56F41F594157D791872D3D418484B8B72

Function 00000001400D52E0 Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea83fc18505f2aec0aeadda38b4f7302af226c24597ec8790b9032a9d7608d4a
Instruction ID: 48634cd6b6f79a422a2871dfac5fccf436270be75c96d97fc60a073adddc48b3
Opcode Fuzzy Hash: ea83fc18505f2aec0aeadda38b4f7302af226c24597ec8790b9032a9d7608d4a
Instruction Fuzzy Hash: 58F0629B60EFC105F29351690D2778C1ED0AF57BE5F1C034AAF70071E3996389079225

Function 00000001400D53A0 Relevance: .0, Instructions: 15COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3dd416ff2e489d3ed173b5fe4ae9d3e1e48df3bffbcaea8da678e58af167c03
Instruction ID: 273d408b52aee44de5321585d19bb597ab9da39ced04c31ce7cd87fe25fec753
Opcode Fuzzy Hash: b3dd416ff2e489d3ed173b5fe4ae9d3e1e48df3bffbcaea8da678e58af167c03
Instruction Fuzzy Hash: F0E0CDDB81CBC001F3130525091939D1F804F47BF6F09436E9FB4132D3D66B99069310

Function 00000001400D53B8 Relevance: .0, Instructions: 3COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77a31c27909e9975095eeefd5dee5a76baab0230a3fefe714aa7b06cfff02c8e
Instruction ID: 16cef07493e79951dd783a00ba9aab815a848c90a36d2758bff0ded1b12a4b6f
Opcode Fuzzy Hash: 77a31c27909e9975095eeefd5dee5a76baab0230a3fefe714aa7b06cfff02c8e
Instruction Fuzzy Hash: F4A012C7C0DBC102D303411051047191F004702105F0710BD8FA8126C2994D94044200

Function 00000001400AF498 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261fe6521d892542d75bab8d3c7c41f58578a8ad23917a021c9647768b8a2587
Instruction ID: 21f96874aefc6780fb4cc87987608e11b01dfb94e8bba2c9a4a0b173746f94ca
Opcode Fuzzy Hash: 261fe6521d892542d75bab8d3c7c41f58578a8ad23917a021c9647768b8a2587
Instruction Fuzzy Hash: 2AA00231144C01E4E606AB82E8513B52330F76D3D3F800111F609434709B38C486D724

Function 00000001400D5100 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d86e3ee49bece079fed1a8dafc567eba119ae3c71a3d36371c2989893f02372
Instruction ID: 62b65cd507f7fc6337e7e282158079c2d2517fe4007b7e964c035561b45bb801
Opcode Fuzzy Hash: 1d86e3ee49bece079fed1a8dafc567eba119ae3c71a3d36371c2989893f02372
Instruction Fuzzy Hash:

Function 0000000140074A30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0000000140074A86
Process32FirstW.KERNEL32 ref: 0000000140074ACA
Process32NextW.KERNEL32 ref: 0000000140074ADF
OpenProcess.KERNEL32 ref: 0000000140074B1B
OpenProcessToken.ADVAPI32 ref: 0000000140074B42
GetTokenInformation.ADVAPI32 ref: 0000000140074B6E
GetLastError.KERNEL32 ref: 0000000140074B7C
GetTokenInformation.ADVAPI32 ref: 0000000140074BBC
ConvertSidToStringSidA.ADVAPI32 ref: 0000000140074BD3
CloseHandle.KERNEL32 ref: 0000000140074C46
CloseHandle.KERNEL32 ref: 0000000140074C51
CloseHandle.KERNEL32 ref: 0000000140074CB6
Process32NextW.KERNEL32 ref: 0000000140074CC3
CloseHandle.KERNEL32 ref: 0000000140074CE9
CloseHandle.KERNEL32 ref: 0000000140074CF2
CloseHandle.KERNEL32 ref: 0000000140074D07

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
String ID:
API String ID: 3925315391-0
Opcode ID: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
Instruction ID: 68b79e17468d5ffc7bdb11eb9da1f300de3bde19eb7119fa88f07868e24a99b8
Opcode Fuzzy Hash: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
Instruction Fuzzy Hash: E1815636215B8082EB52DB27E8507AEA7A4FB8CBD5F404115EF8947BA8DF7CC506CB00

Function 0000000140057C00 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 202COMMON

Download Yara Rule

Strings

key declared, but no value, xrefs: 000000014005925D, 0000000140059284, 0000000140059398
key opened, but never closed, xrefs: 00000001400593BF
No closed word, xrefs: 0000000140059317, 000000014005933E
word wasnt properly ended, xrefs: 0000000140059365, 00000001400593EC
unexpected '}', xrefs: 0000000140059413
object is not closed with '}', xrefs: 000000014005920F
quote was opened but not closed., xrefs: 0000000140059236, 00000001400592AB
unexpected key without object, xrefs: 00000001400592EA

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-2700065129
Opcode ID: 5fc3d60f49601516bdae5cee68e3ba5303d225f816b90e9e18301a6df3b2e120
Instruction ID: 44ba6145ae1bfc3c9eee5221331825ba00ebf41b129be2c708582a987009f12d
Opcode Fuzzy Hash: 5fc3d60f49601516bdae5cee68e3ba5303d225f816b90e9e18301a6df3b2e120
Instruction Fuzzy Hash: E3B1FB72111BC698EB72EF62DC817D83364E758388F809616E74D4B9BAEF74C699C700

Function 0000000140090254 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000140090283
_invalid_parameter_noinfo.LIBCMT ref: 0000000140090353

Strings

0, xrefs: 000000014009037D
0, xrefs: 000000014009038F
0, xrefs: 0000000140090325

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$0$0
API String ID: 3215553584-3137946472
Opcode ID: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
Instruction ID: 3213ef2b50ecd163c7d14e926568a975ace41416199d29b45c1ca283887101a0
Opcode Fuzzy Hash: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
Instruction Fuzzy Hash: BDE1D532506A858EF7629F2AC5903ED3BE5E75ABC4F558012FB84477F6C739886AC700

Function 0000000140089B70 Relevance: 13.6, APIs: 9, Instructions: 117COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 0000000140089BA1
GetProcessId.KERNEL32 ref: 0000000140089BAA
RmStartSession.RSTRTMGR ref: 0000000140089BCA
RmRegisterResources.RSTRTMGR ref: 0000000140089BF5
RmGetList.RSTRTMGR ref: 0000000140089C2E
RmGetList.RSTRTMGR ref: 0000000140089C90
RmEndSession.RSTRTMGR ref: 0000000140089CCB
RmEndSession.RSTRTMGR ref: 0000000140089D02
RmEndSession.RSTRTMGR ref: 0000000140089D17

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Session$ListProcess$CurrentRegisterResourcesStart
String ID:
API String ID: 3299295986-0
Opcode ID: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
Instruction ID: 4c793500f816d282acb2aabb8fc29ea38f6b32d5493fd496aff2a0b1b3cfbeb8
Opcode Fuzzy Hash: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
Instruction Fuzzy Hash: 96512A32B10A518AFB11DFA6E4507DD33B1B78C789F54412AEF0A67BA8DE38C906C750

Function 00000001400B1A44 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00000001400B1AA1

Part of subcall function 00000001400B3E5C: __GetUnwindTryBlock.LIBCMT ref: 00000001400B3E9F
Part of subcall function 00000001400B3E5C: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00000001400B3EC4

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00000001400B1B79
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00000001400B1DC7
std::bad_alloc::bad_alloc.LIBCMT ref: 00000001400B1ED4

Strings

csm, xrefs: 00000001400B1B9C
csm, xrefs: 00000001400B1B22
csm, xrefs: 00000001400B1ABB

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 87f7853886ee61f29f56f81403aa3bad4796f85446d19706bffb75b38971f930
Instruction ID: 52567fcd6340f2ace1d089672c57a13f5b3a925fdbe16a0481c229fe0baae95c
Opcode Fuzzy Hash: 87f7853886ee61f29f56f81403aa3bad4796f85446d19706bffb75b38971f930
Instruction Fuzzy Hash: A0D15A32600B408AEB62DFA694803ED77B0F7997D8F504215FF8957BAADB34D491CB40

Function 000000014009DB5C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 000000014009DCD8
GetProcAddress.KERNEL32 ref: 000000014009DCE4

Strings

api-ms-, xrefs: 000000014009DC22
ext-ms-, xrefs: 000000014009DC35

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
Instruction ID: f73114aa169cb76ed7bb151e5edde51fcbf1469d6d678e3e652b687f2da571e4
Opcode Fuzzy Hash: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
Instruction Fuzzy Hash: 6341AE72351A1182FA27DB27A8147DA33D5BB4DBE1F494626BF0D877A8EE78C446C340

Function 000000014007B2D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 000000014007B33B
InternetOpenUrlA.WININET ref: 000000014007B370
InternetReadFile.WININET ref: 000000014007B391
InternetReadFile.WININET ref: 000000014007B3CF
InternetCloseHandle.WININET ref: 000000014007B3DC
InternetCloseHandle.WININET ref: 000000014007B3E5

Strings

File Downloader, xrefs: 000000014007B334

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: 1e9de7057c166f37b575db31b5f1dc468b519a1c6aad4c6b10908d5ac9de1539
Instruction ID: 6b715f6a660270e928626361db48bc2de02284253a52f84719e93bd1f762254a
Opcode Fuzzy Hash: 1e9de7057c166f37b575db31b5f1dc468b519a1c6aad4c6b10908d5ac9de1539
Instruction Fuzzy Hash: 6B313B32214B8486EB229F26F85079EB3A1FB89BC5F545116FF8943B68DF7CC5958B00

Function 00000001400938F0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000140093933
_invalid_parameter_noinfo.LIBCMT ref: 0000000140093D20
_invalid_parameter_noinfo.LIBCMT ref: 0000000140093FBC

Strings

p, xrefs: 00000001400939E5
f, xrefs: 0000000140093A55
p, xrefs: 0000000140093A5D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
Instruction ID: 8ef2ce2b4433a5174d3e3dbe1a20b96cbda26b55fe283d1aa6820eb14bd99968
Opcode Fuzzy Hash: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
Instruction Fuzzy Hash: 8912E572A0864186FB229B16E0687FA76A1F7887D4FC84115F7D6876F4D738C980CF10

Function 00000001400B43CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000001400B4451
GetLastError.KERNEL32 ref: 00000001400B445F
LoadLibraryExW.KERNEL32 ref: 00000001400B4489
FreeLibrary.KERNEL32 ref: 00000001400B44F7
GetProcAddress.KERNEL32 ref: 00000001400B4503

Strings

api-ms-, xrefs: 00000001400B4471

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 081807f0f237e99e654a6d52eb3ba83cc0c1c8883019cc9f4ec60aedd52be443
Instruction ID: d2d2b12301ccee3db6092258b470e539f8c69494279eba12926322fb6e990f4b
Opcode Fuzzy Hash: 081807f0f237e99e654a6d52eb3ba83cc0c1c8883019cc9f4ec60aedd52be443
Instruction Fuzzy Hash: C2315831212A9092EF23DF97A8007A963E4BB4CBE5F498625EF191B7A4EF38C5558310

Function 00000001400AC8CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00000001400AC8FD
GetLastError.KERNEL32 ref: 00000001400AC909
CloseHandle.KERNEL32 ref: 00000001400AC921
CreateFileW.KERNEL32 ref: 00000001400AC94C
WriteConsoleW.KERNEL32 ref: 00000001400AC96B

Strings

CONOUT$, xrefs: 00000001400AC92D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
Instruction ID: f15e57fd0cbad3ac117247ebeab47ab85c390eb31785d7c6841302a8b2ce117c
Opcode Fuzzy Hash: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
Instruction Fuzzy Hash: A111BC35324B8086F7529B07E85479AA3A4FB9CFE9F040224EF5987BB4CF78C8858740

Function 00000001400BD42C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00000001400BD4D9
MultiByteToWideChar.KERNEL32 ref: 00000001400BD575
MultiByteToWideChar.KERNEL32 ref: 00000001400BD61E
MultiByteToWideChar.KERNEL32 ref: 00000001400BD648
MultiByteToWideChar.KERNEL32 ref: 00000001400BD6F0
CompareStringEx.KERNEL32 ref: 00000001400BD73D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
Instruction ID: f3d77999423992fadc64f97f79b2d010f51e5ad261fed549977a36ea05826e58
Opcode Fuzzy Hash: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
Instruction Fuzzy Hash: 44A1AD72645F8086EB339FA694507EDB7A1E749BE8F484622FB59077E5FB38C8448700

Function 00000001400BD0CC Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00000001400BD13C
MultiByteToWideChar.KERNEL32 ref: 00000001400BD1DA
LCMapStringEx.KERNEL32 ref: 00000001400BD243
LCMapStringEx.KERNEL32 ref: 00000001400BD295
LCMapStringEx.KERNEL32 ref: 00000001400BD33A
WideCharToMultiByte.KERNEL32 ref: 00000001400BD394

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 7d9f455a94f84a05f587d57d339c879795f99f0f1217d4298ff39db3fa6ba98e
Instruction ID: 6204e7013e5cadcd1b8727ff30a8d0596e87d4a89eb5434169e5949405e06915
Opcode Fuzzy Hash: 7d9f455a94f84a05f587d57d339c879795f99f0f1217d4298ff39db3fa6ba98e
Instruction Fuzzy Hash: EE81A572200B8086EB629F66E8407DDB3F5FB58BE8F144616FB5947BE9EB38C5418700

Function 0000000140090840 Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400908B2
_invalid_parameter_noinfo.LIBCMT ref: 00000001400908E3
_invalid_parameter_noinfo.LIBCMT ref: 0000000140090923
_invalid_parameter_noinfo.LIBCMT ref: 0000000140090965
_invalid_parameter_noinfo.LIBCMT ref: 000000014009099A
_invalid_parameter_noinfo.LIBCMT ref: 0000000140090A17

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
Instruction ID: 7b56d8f3e7d84661432cdb72d15b1222586d501d367448fe89141b583d9e4598
Opcode Fuzzy Hash: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
Instruction Fuzzy Hash: D0517633605B8489FB639F26D0603ED37A1A75EFC4F998052E7D8473A6CA3D8846C752

Function 000000014009A064 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000014009A073
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0A9
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0D6
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0E7
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0F8
SetLastError.KERNEL32 ref: 000000014009A113

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 9171995ea5c336ae991c260a04bbd1332f14451c84c9f4660891b61a794840d0
Instruction ID: eeff4923b96ffbeaac783fc6dd0fa1487e36d7b8cfc170d4ae8f5156a2ba4d41
Opcode Fuzzy Hash: 9171995ea5c336ae991c260a04bbd1332f14451c84c9f4660891b61a794840d0
Instruction Fuzzy Hash: 98111C3034568042FA5BA7336A623FD62925B8D7F0F544729BB3B07BF6DE39D4419241

Function 000000014002DCE0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 000000014002DD3F

Part of subcall function 00000001400BB260: AreFileApisANSI.KERNEL32 ref: 00000001400BB272

__std_exception_destroy.LIBVCRUNTIME ref: 000000014002DFE7
__std_exception_destroy.LIBVCRUNTIME ref: 000000014002E0A1

Strings

: ", xrefs: 000000014002DDFA
", ", xrefs: 000000014002DE2D

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy$ApisFile__std_fs_code_page
String ID: ", "$: "
API String ID: 741338541-747220369
Opcode ID: 2c062e25483d2eca155dcbad927ea592646f55c0d7d00b677cf4262805b9b337
Instruction ID: a0ebd77add875ad15dad381f545e36b6a5c96292ae31a13c06a59994470402d1
Opcode Fuzzy Hash: 2c062e25483d2eca155dcbad927ea592646f55c0d7d00b677cf4262805b9b337
Instruction Fuzzy Hash: 2DB19C72700A8086EB05EF66E4943ED3361E758BC8F508526EF5D17BAADF38C895C384

Function 00000001400B1314 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00000001400B1437
__AdjustPointer.LIBCMT ref: 00000001400B1482

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 3df3621708c9e1d29be45954cd8076bff015c977087edb3d15e3ad851c434b44
Instruction ID: 41cb3884d18e3d7aac6dd593d0dde361e415a54a90db4f7c0cd28a3af3c10cc3
Opcode Fuzzy Hash: 3df3621708c9e1d29be45954cd8076bff015c977087edb3d15e3ad851c434b44
Instruction Fuzzy Hash: 05B16F32206E8081EA67DF97A5447E967B4EBDCBC4F998525BF4907BADDB34C4428700

Function 00000001400A11C8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00000001400A1207
_set_statfp.LIBCMT ref: 00000001400A1225
_set_statfp.LIBCMT ref: 00000001400A124E
_set_statfp.LIBCMT ref: 00000001400A148A

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: c46414ac3fdd85b4477068871368765e537dd3c713840e1e7e27798a249fd8b8
Instruction ID: 7c99d57823d5afb7077b860ae2a769dfa0901ed505b92b6df9dbc51602fe9605
Opcode Fuzzy Hash: c46414ac3fdd85b4477068871368765e537dd3c713840e1e7e27798a249fd8b8
Instruction Fuzzy Hash: 8D81B232510A4449F7738B3BB4503EAA695AFAD7D8F144301BF96279F5E734C9D18E00

Function 000000014009A12C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A14B
FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A16A
FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A192
FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A1A3
FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A1B4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 899af4340b37942fc89d2eda1bd92b937099c6712e87118af2802e5ac3ca3c8d
Instruction ID: 0eecc3e7c070fbf0bcafe1dd48680c6a3d0408fcd47933c8e5bef9cf617aa8ce
Opcode Fuzzy Hash: 899af4340b37942fc89d2eda1bd92b937099c6712e87118af2802e5ac3ca3c8d
Instruction Fuzzy Hash: 58118F3034524042FA5B93376A623FA62925B8D7F0F444325BB3E47BF6DE3CC4018240

Function 0000000140049990 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000140049A00
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000000140049A48
_Getcoll.LIBCPMT ref: 0000000140049A7C

Strings

bad locale name, xrefs: 0000000140049B81

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1287851536-1405518554
Opcode ID: cc10867d4be3635566e46bad597e8c8b955bfcb897929158dd3c031fe7904370
Instruction ID: 9a2edcff680919b35428e1209fb65e27f44ba661b4d9c7d5374eb54866a69a42
Opcode Fuzzy Hash: cc10867d4be3635566e46bad597e8c8b955bfcb897929158dd3c031fe7904370
Instruction Fuzzy Hash: 6E917A72B01B808AEB16DFA6E4903DD7362EB48BC8F044535EF5D57AAADF38C4558384

Function 00000001400BF0DC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400BF3BB

Part of subcall function 00000001400AC4AC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400AC4C9

Strings

ccs, xrefs: 00000001400BF2F6
UTF-8, xrefs: 00000001400BF33A
UTF-16LEUNICODE, xrefs: 00000001400BF359

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: a61b9dafeebeef71c778538e02d1dd93d241f4be75a88b4b5df5efb2b9ec5def
Instruction ID: 8cb6542061ef7d37a80eb2345665ae9640161e3f439a4ea34f0695e2e3c1826a
Opcode Fuzzy Hash: a61b9dafeebeef71c778538e02d1dd93d241f4be75a88b4b5df5efb2b9ec5def
Instruction Fuzzy Hash: 02818A7A604A4085FBAB9FABC1503F93BF0E319BC8F958405EB02972B5D339CA41A741

Function 00000001400B2688 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00000001400B26F8
_CallSETranslator.LIBVCRUNTIME ref: 00000001400B2743

Strings

RCC, xrefs: 00000001400B2714
MOC, xrefs: 00000001400B270C

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 9c00d47a1c5516f7bd2be0d164cd20731702100fa42f3d3dd2f3d47e27ffce20
Instruction ID: 0bca953fdf33b9ad83e23bb3243ae714b6286ddf27e3bb4087caff64ac5815b8
Opcode Fuzzy Hash: 9c00d47a1c5516f7bd2be0d164cd20731702100fa42f3d3dd2f3d47e27ffce20
Instruction Fuzzy Hash: 5D916A73604B808AE752DFA6E8803DD7BB0F7497C8F14411AEB8957B69DB38C195CB00

Function 00000001400B2418 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00000001400B2477
_CallSETranslator.LIBVCRUNTIME ref: 00000001400B24C3

Strings

RCC, xrefs: 00000001400B2493
MOC, xrefs: 00000001400B248B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: a60986bc9adbf2c75a94aae45f25198f4bb40c34f31260bb5ef7955aadcba44f
Instruction ID: f5b259ee515619902a5d128d7cb9eaef2be3e26f63f7a3474eb2bc1e490a6338
Opcode Fuzzy Hash: a60986bc9adbf2c75a94aae45f25198f4bb40c34f31260bb5ef7955aadcba44f
Instruction Fuzzy Hash: 9F616932508BC486EB72DF66E4407DAB7A0F799BD8F044215FB9807BA9DB78C190CB00

Function 00000001400B2C08 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001400B2C30
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00000001400B2D18

Strings

csm, xrefs: 00000001400B2D6A
csm, xrefs: 00000001400B2C52

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 1075979170a2e9a18e477d88d2de6d235b634f407b84dd7ceece1c898f0d7b57
Instruction ID: 54ecd6d1438185d50b972ba826f5ce2af5ba67c0f274a1b1d786e80e0e72cb3f
Opcode Fuzzy Hash: 1075979170a2e9a18e477d88d2de6d235b634f407b84dd7ceece1c898f0d7b57
Instruction Fuzzy Hash: 75516D32200B808AEB769FA794443D977B0F759BD5F188226EB9857BE5CB38D461CB01

Function 000000014002CA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000000014002CACF
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000000014002CB17
_Getctype.LIBCPMT ref: 000000014002CB55

Strings

bad locale name, xrefs: 000000014002CC0E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 026e47313af15043398a11391e273b1130a8867416237ca342cef0d4e4808d66
Instruction ID: 207d3642c3b50f17bf177e439d3fe9f40958c29cbdde464f884d1d612c46b59d
Opcode Fuzzy Hash: 026e47313af15043398a11391e273b1130a8867416237ca342cef0d4e4808d66
Instruction Fuzzy Hash: 71516836711B408AEB16DFB2E4917EC33B5EB48788F044429EF8927AA6DF34C526D344

Function 00000001400BB210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000001400BB226
GetProcAddress.KERNEL32 ref: 00000001400BB236

Strings

kernel32.dll, xrefs: 00000001400BB21F
GetTempPath2W, xrefs: 00000001400BB22C

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
Instruction ID: 8948df6339a09da6af2494f7b4aca6647369a72829e4e3643078e2be1e3806b8
Opcode Fuzzy Hash: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
Instruction Fuzzy Hash: 25E01231300A0582EE06AB12F9887AD6321FF8CBC2F985025EF0E07334EE3CC44A8710

Function 0000000140075180 Relevance: 6.5, APIs: 4, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140074A30: CreateToolhelp32Snapshot.KERNEL32 ref: 0000000140074A86
Part of subcall function 0000000140074A30: Process32FirstW.KERNEL32 ref: 0000000140074ACA
Part of subcall function 0000000140074A30: Process32NextW.KERNEL32 ref: 0000000140074ADF
Part of subcall function 0000000140074A30: OpenProcess.KERNEL32 ref: 0000000140074B1B
Part of subcall function 0000000140074A30: OpenProcessToken.ADVAPI32 ref: 0000000140074B42
Part of subcall function 0000000140074A30: CloseHandle.KERNEL32 ref: 0000000140074CB6
Part of subcall function 0000000140074A30: Process32NextW.KERNEL32 ref: 0000000140074CC3
Part of subcall function 0000000140074A30: CloseHandle.KERNEL32 ref: 0000000140074D07

ImpersonateLoggedOnUser.ADVAPI32 ref: 00000001400751DD
ImpersonateLoggedOnUser.ADVAPI32 ref: 00000001400756C8
RevertToSelf.ADVAPI32 ref: 00000001400756E6

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
String ID:
API String ID: 1562318730-0
Opcode ID: f1ebe36250e4ae1f5146be0e15a3303fc8c8e053ea8c4df6f5ed4d7960e6b148
Instruction ID: b989d0c3521bf1bda4b832789374d1dbd4a24a2220b16c2c936b04ff1824fe50
Opcode Fuzzy Hash: f1ebe36250e4ae1f5146be0e15a3303fc8c8e053ea8c4df6f5ed4d7960e6b148
Instruction Fuzzy Hash: A722AB72B14B8086FB02AB6AD4443DD2761E7897E8F505615FBAD17AFADFB8C481C700

Function 000000014009C578 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000000014009C5F7
WriteFile.KERNEL32 ref: 000000014009C8BF
WriteFile.KERNEL32 ref: 000000014009C905
GetLastError.KERNEL32 ref: 000000014009C9BB

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
Instruction ID: 83f89cefb2d932c64b68d175d5ea0fe2b41a0143d6f3692f9e6e20abd60b4dae
Opcode Fuzzy Hash: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
Instruction Fuzzy Hash: 4BD1CF72B24A808AE712CF6AD444BDC37B1F758BD8F444216EF9E97BA9DA34C446C740

Function 000000014008A260 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 000000014008A280
FreeEnvironmentStringsW.KERNEL32 ref: 000000014008A37B
RtlInitUnicodeString.NTDLL ref: 000000014008A3EE
RtlInitUnicodeString.NTDLL ref: 000000014008A3FB

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free
String ID:
API String ID: 2488768755-0
Opcode ID: efafd639e9174d00bc146c1560cf1528ed8c856197ad0565266ce7339dd8c3cd
Instruction ID: 87069c6435efe869352e4d7ec8a553a9e77cee2d25ee79a4713f5d8602df03e1
Opcode Fuzzy Hash: efafd639e9174d00bc146c1560cf1528ed8c856197ad0565266ce7339dd8c3cd
Instruction Fuzzy Hash: EF518C72A18B80C2EB129F1AE44039D7760FB99BD4F589215EB9903BA5DF7CD2E1C704

Function 0000000140042C80 Relevance: 6.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400BC5EC: std::_Lockit::_Lockit.LIBCPMT ref: 00000001400BC609
Part of subcall function 00000001400BC5EC: std::locale::_Setgloballocale.LIBCPMT ref: 00000001400BC62C

std::_Lockit::_Lockit.LIBCPMT ref: 0000000140042CC1
std::_Lockit::_Lockit.LIBCPMT ref: 0000000140042CE6
std::_Facet_Register.LIBCPMT ref: 0000000140042D92
Concurrency::cancel_current_task.LIBCPMT ref: 0000000140042DF4

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: 3d7667ad2e0602b66abf42365a29bfb2d0932d23135c08196bf5434fa8e63462
Instruction ID: be7052521538f46ca31769c5e8ad34a96fa69d07cef5d8ccdfe7c05edfc6c238
Opcode Fuzzy Hash: 3d7667ad2e0602b66abf42365a29bfb2d0932d23135c08196bf5434fa8e63462
Instruction Fuzzy Hash: 4E415A32324A8082EA66DF16E4507D973A4F78CBD4F9A5621FB99477B5DF38C482C704

Function 00000001400906FC Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000140090775
_invalid_parameter_noinfo.LIBCMT ref: 00000001400907D1
_invalid_parameter_noinfo.LIBCMT ref: 000000014009080C
_invalid_parameter_noinfo.LIBCMT ref: 0000000140090831

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f1f9df1a05da3301ed415653e8360f7cb12179a044a2575d07df28b1a0800ec9
Instruction ID: 9d625922f0084f738925744b6ce75ac3468dc28db60b1638888baded20588c2c
Opcode Fuzzy Hash: f1f9df1a05da3301ed415653e8360f7cb12179a044a2575d07df28b1a0800ec9
Instruction Fuzzy Hash: 63417F32509A8489EB63CF66C4203ED7BA0FB4DFD4F4AC042EB88073A6DA39C446C711

Function 00000001400478A0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00000001400478CB
std::_Lockit::_Lockit.LIBCPMT ref: 00000001400478F0
std::_Facet_Register.LIBCPMT ref: 000000014004799B
Concurrency::cancel_current_task.LIBCPMT ref: 00000001400479E6

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
Instruction ID: 13c908d1154428c6937b5c3509377b7ccdd79ff15f68ab15f939c0ebe6def4ce
Opcode Fuzzy Hash: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
Instruction Fuzzy Hash: 70413932224A4081FA26DF17E850BD96760F78CBE4F591622EB9D477B9DF38D982C704

Function 000000014007AB80 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000000014007ABAB
std::_Lockit::_Lockit.LIBCPMT ref: 000000014007ABD0
std::_Facet_Register.LIBCPMT ref: 000000014007AC7B
Concurrency::cancel_current_task.LIBCPMT ref: 000000014007ACC6

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 73d040060e39de7473f733929aeeb815445ca65359d0c265211a911782271014
Instruction ID: 74d7fc06fc51955d11541e88f1d53fd6ed53de51744ee963c2a23d3aba2a14c1
Opcode Fuzzy Hash: 73d040060e39de7473f733929aeeb815445ca65359d0c265211a911782271014
Instruction Fuzzy Hash: E2415B36214A8096FA27DF27E8507DA67A0F78DBE4F581621BB9D477B5DE3CC4818700

Function 00000001400BB3F4 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400BB43D
GetLastError.KERNEL32 ref: 00000001400BB44B
WideCharToMultiByte.KERNEL32 ref: 00000001400BB480
GetLastError.KERNEL32 ref: 00000001400BB48E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: b0c4d9c72fcc6461851340ae7f6c093d4e41e08a8bab11e5154c9cbc0382217d
Instruction ID: a031f3bea18fd59b085b3d452c6f81a1a71a70fbd363d9f8fa6e03f334feb155
Opcode Fuzzy Hash: b0c4d9c72fcc6461851340ae7f6c093d4e41e08a8bab11e5154c9cbc0382217d
Instruction Fuzzy Hash: 0A216D76614B848BE7208F12E44435FBBB4F79DFD5F240128EB8997B65DB38C5028B00

Function 00000001400BB8E0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400BB210: GetModuleHandleW.KERNEL32 ref: 00000001400BB226
Part of subcall function 00000001400BB210: GetProcAddress.KERNEL32 ref: 00000001400BB236

GetLastError.KERNEL32 ref: 00000001400BB904

Part of subcall function 00000001400998B4: IsProcessorFeaturePresent.KERNEL32 ref: 00000001400998DA

GetFileAttributesW.KERNEL32 ref: 00000001400BB913
__std_fs_open_handle.LIBCPMT ref: 00000001400BB93C
CloseHandle.KERNEL32 ref: 00000001400BB94E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
String ID:
API String ID: 156590933-0
Opcode ID: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
Instruction ID: 62e66b62d14fa543578834bf2b4ef4b7e56291556af98af6738b9ddd7679e05d
Opcode Fuzzy Hash: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
Instruction Fuzzy Hash: 4A11A032218A4087FB625FABA0843BE6371E78C7F0F100614BBB747AF5DAB8C5418B00

Function 00000001400AF908 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00000001400AF934
GetCurrentThreadId.KERNEL32 ref: 00000001400AF942
GetCurrentProcessId.KERNEL32 ref: 00000001400AF94E
QueryPerformanceCounter.KERNEL32 ref: 00000001400AF95E

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
Instruction ID: b655b697fc6b073ddc816c875066984fbd2aa83c7f17d9a519f4fc4b792de05b
Opcode Fuzzy Hash: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
Instruction Fuzzy Hash: 1A111532710F008AEB01DB62E8543A833A4F71DB99F441A25EF6D877A4DF78C1A98380

Function 000000014002EBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 000000014002ED2B

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: a37ded9bff8d57877a3e8f21b215507d511e9f3cab336643ec59d7db0ab53dab
Instruction ID: 9bf36a7d67488c1de92e381038431f8e667d7f893a013056b17c91b8c17c49e4
Opcode Fuzzy Hash: a37ded9bff8d57877a3e8f21b215507d511e9f3cab336643ec59d7db0ab53dab
Instruction Fuzzy Hash: DA71D172F10B9085FB02CF7AE8413DD67A1E799BD8F245215EF5917BAADB78C4828340

Function 00000001400B089C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001400B08C7
RtlUnwindEx.KERNEL32 ref: 00000001400B09B8

Strings

csm, xrefs: 00000001400B0945

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: Unwind__except_validate_context_record
String ID: csm
API String ID: 2208346422-1018135373
Opcode ID: b6b4ec287b03b43af7135d47e4a928fccc53e45a76218f894a62c54d13e92dd1
Instruction ID: 19c601aaea4a852408da0c01ce0685467ec383445de2fce7942d3b672fa0fc06
Opcode Fuzzy Hash: b6b4ec287b03b43af7135d47e4a928fccc53e45a76218f894a62c54d13e92dd1
Instruction Fuzzy Hash: 3551BF32312B008AEB56CF56E454BAC73B1F748BD8F558521FB9A477A9EB78C841C700

Function 000000014007B100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000000014007B16F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000000014007B1B7

Strings

bad locale name, xrefs: 000000014007B28C

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 1d48ec966220e33eb46537d50b65b025bdb0597fdae6c4422fb9f30e2bae3d48
Instruction ID: a70bdc5d483a3a6709f00792b18fb0141f1d3f3c4e5a5c8a55365fd5953b6739
Opcode Fuzzy Hash: 1d48ec966220e33eb46537d50b65b025bdb0597fdae6c4422fb9f30e2bae3d48
Instruction Fuzzy Hash: C7514D33702A408AEB56DFB2E4503ED33B4EB58B88F044025FF5967AA6DE38C5168344

Function 000000014004A600 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000000014004A66F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000000014004A6B7

Strings

bad locale name, xrefs: 000000014004A796

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 133dae14c956dc43492fc21a5fc6e50363224602403c47e4697dbaa5a0c0d9d7
Instruction ID: 198352202ef1475b794fd52093b47f8c285fde63b82ab9b5d546a8a9e2019f38
Opcode Fuzzy Hash: 133dae14c956dc43492fc21a5fc6e50363224602403c47e4697dbaa5a0c0d9d7
Instruction Fuzzy Hash: 87513A32706A4089EB56DFB2E8907EC33B4EB58788F044535FB4967AA6DF38C525D348

Function 00000001400B3530 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001400B35DA
_CreateFrameInfo.LIBVCRUNTIME ref: 00000001400B3603

Strings

csm, xrefs: 00000001400B3703

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 30dd612b4e4b9212e9166655247be16b5f23695bfc4863c6a6ebc2986465c29c
Instruction ID: dcb4dcb3da8c4b404caa3ed0d2c3029b21496a08969d053362ec2df929759ba3
Opcode Fuzzy Hash: 30dd612b4e4b9212e9166655247be16b5f23695bfc4863c6a6ebc2986465c29c
Instruction Fuzzy Hash: E6510776219B4086E672EF66E4413AE77B4F38DBE0F140125BB8907BA6DB38D461CB01

Function 000000014009CC10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000000014009CD27
GetLastError.KERNEL32 ref: 000000014009CD49

Strings

U, xrefs: 000000014009CCD3

Memory Dump Source

Source File: 00000002.00000002.2270697476.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_file.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
Instruction ID: 265af7a89e28bd5e55a3246d438a373a726ea37e60e0b815f1dbf572d141d70c
Opcode Fuzzy Hash: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
Instruction Fuzzy Hash: A4419F72625A8082EB219F26E4447EA67A0F79CBD4F444121EF4D877A8EB3CC441CB40

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Meduza Stealer

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

\Device\Null

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
file.exe

Function 0000000140085B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Function 00000001400BB5B0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Function 000000014003D570 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862
libraryloaderCOMMON

Function 0000000140065970 Relevance: 17.8, Strings: 14, Instructions: 304
COMMON

Function 000000014007C600 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173
synchronizationCOMMON

Function 0000000140032CA0 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 789
registryCOMMON

Function 00000001400A2E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Function 0000000140085240 Relevance: 13.9, APIs: 9, Instructions: 408
networkfileCOMMON

Function 00000001400C0658 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 0000000140066350 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1136
COMMON

Function 00000001400320B0 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 684
registryCOMMON

Function 000000014007F020 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451
fileCOMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre