Edit tour

Windows Analysis Report
cXjy5Y6dXX.exe

Overview

General Information

Sample name:	cXjy5Y6dXX.exe renamed because original name is a hash value
Original sample name:	c3159d554310d51982d1eaa16b3b5b87e8b5bc90598fd4f1749596d8bd8c9e4b.exe
Analysis ID:	1571397
MD5:	9725864712cc93935c58e8908dfa66d2
SHA1:	40db5ea80d64ef64ec45d01c5e53767e44aadec0
SHA256:	c3159d554310d51982d1eaa16b3b5b87e8b5bc90598fd4f1749596d8bd8c9e4b
Tags:	C2-at-pastebin-yd1QnTjKexeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected RHADAMANTHYS Stealer

.NET source code contains potential unpacker

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Switches to a custom stack to bypass stack traces

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query network adapater information

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Dllhost Internet Connection

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

cXjy5Y6dXX.exe (PID: 2172 cmdline: "C:\Users\user\Desktop\cXjy5Y6dXX.exe" MD5: 9725864712CC93935C58E8908DFA66D2)

OpenWith.exe (PID: 6532 cmdline: "C:\Windows\system32\openwith.exe" MD5: 0ED31792A7FFF811883F80047CBCFC91)

OpenWith.exe (PID: 5448 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)

wmplayer.exe (PID: 2172 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)

dllhost.exe (PID: 2336 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://0xmrmagnezi.github.io/malware%20analysis/Rhadamanthys/ https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000003.1892936653.000001D97E718000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000002.00000003.1892527686.000001D97E718000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1891865924.000001D97E718000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000000.00000003.1699421762.0000000000CF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000001.00000003.1733027808.00000000053DF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000003.1702483647.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000000.00000003.1702281326.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000001.00000002.1802524391.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: cXjy5Y6dXX.exe PID: 2172	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: OpenWith.exe PID: 6532	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: OpenWith.exe PID: 5448	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author
1.3.OpenWith.exe.5690000.7.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
1.3.OpenWith.exe.5470000.6.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0.3.cXjy5Y6dXX.exe.47d0000.7.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0.3.cXjy5Y6dXX.exe.45b0000.6.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security

Sigma Signatures

Sigma detected: Dllhost Internet Connection

Source: Network Connection

Author: bartblaze: Data: DestinationIp: 193.124.205.63, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 2336, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49767

Suricata Signatures

ETPRO JA3 HASH Suspected Malware Related Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T10:57:17.773799+0100	2854824	2	Potentially Bad Traffic	193.124.205.63	7390	192.168.2.4	49743	TCP
2024-12-09T10:57:40.977743+0100	2854824	2	Potentially Bad Traffic	193.124.205.63	7390	192.168.2.4	49766	TCP

ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T10:56:30.769221+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	7390	192.168.2.4	49730	TCP
2024-12-09T10:57:17.773799+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	7390	192.168.2.4	49743	TCP
2024-12-09T10:57:40.977743+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	7390	192.168.2.4	49766	TCP
2024-12-09T10:57:49.614905+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	443	192.168.2.4	49767	TCP
2024-12-09T10:57:56.693486+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	443	192.168.2.4	49769	TCP
2024-12-09T10:58:03.889138+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	443	192.168.2.4	49770	TCP
2024-12-09T10:58:11.168085+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	443	192.168.2.4	49771	TCP
2024-12-09T10:58:18.378284+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	443	192.168.2.4	49772	TCP
2024-12-09T10:58:25.530374+0100	2854802	1	Domain Observed Used for C2 Detected	193.124.205.63	443	192.168.2.4	49773	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: cXjy5Y6dXX.exe

Avira: detected

Found malware configuration

Source: cXjy5Y6dXX.exe

Malware Configuration Extractor: Rhadamanthys {"C2 url": "https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e"}

Multi AV Scanner detection for submitted file

Source: cXjy5Y6dXX.exe

ReversingLabs: Detection: 73%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: cXjy5Y6dXX.exe

Joe Sandbox ML: detected

Source: C:\Windows\System32\OpenWith.exe

Code function: 2_3_00007DF41C302258 CryptUnprotectData,

2_3_00007DF41C302258

Source: cXjy5Y6dXX.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: cXjy5Y6dXX.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1701161608.0000000002B00000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701232479.0000000004630000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703967518.0000000005590000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703898487.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1700442462.00000000047A0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700288468.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703408581.0000000005660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703256425.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1700824435.0000000004750000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700675923.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703744621.0000000005610000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703610731.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1700442462.00000000047A0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700288468.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703408581.0000000005660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703256425.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1700824435.0000000004750000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700675923.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703744621.0000000005610000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703610731.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: wmplayer.exe, 00000006.00000003.2474293998.0000019552AB0000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000006.00000003.2474329227.0000019552D90000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1701161608.0000000002B00000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701232479.0000000004630000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703967518.0000000005590000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703898487.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000006.00000003.2474293998.0000019552AB0000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000006.00000003.2474329227.0000019552D90000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Code function: 4x nop then dec esp	2_3_00007DF41C30E261
Source: C:\Windows\System32\OpenWith.exe	Code function: 4x nop then dec esp	2_2_000001D97CC40511
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 4x nop then dec esp	6_2_00000195528E5641

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:7390 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:7390 -> 192.168.2.4:49766
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:443 -> 192.168.2.4:49767
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:7390 -> 192.168.2.4:49743
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:443 -> 192.168.2.4:49770
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:443 -> 192.168.2.4:49773
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:443 -> 192.168.2.4:49772
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:443 -> 192.168.2.4:49769
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 193.124.205.63:443 -> 192.168.2.4:49771

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 193.124.205.63 ports 7390,0,3,443,7,9

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 193.124.205.63:7390

Source: Joe Sandbox View

ASN Name: AS-REGRU AS-REGRU

Source: Joe Sandbox View

JA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6

Source: Network traffic	Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 193.124.205.63:7390 -> 192.168.2.4:49766
Source: Network traffic	Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 193.124.205.63:7390 -> 192.168.2.4:49743

Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63
Source: unknown	TCP traffic detected without corresponding DNS query: 193.124.205.63

Source: C:\Windows\System32\OpenWith.exe

Code function: 2_3_00007DF41C334520 WSARecv,

2_3_00007DF41C334520

Source: OpenWith.exe, OpenWith.exe, 00000002.00000003.1905007083.000001D97E725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2254977500.000001D97E72B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2265166668.000001D97E724000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1904967740.000001D97E721000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2265320418.000001D97E72B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891561606.000001D97E738000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2572823315.000001D97E671000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2576770717.000001D97E673000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2260947776.000001D97E72C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1860501152.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2512051542.000001D97E728000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1886690134.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2577025289.000001D97E72E000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2255219401.000001D97E725000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e
Source: OpenWith.exe, 00000001.00000002.1802162479.000000000309C000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e(
Source: OpenWith.exe, 00000001.00000002.1803067572.000000000594A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3ekernelbasentdllkernel32GetProcessMitigation
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: OpenWith.exe, 00000002.00000003.1904637498.000001D97F173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discord.com
Source: OpenWith.exe, 00000002.00000003.1904637498.000001D97F173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com
Source: OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: OpenWith.exe, 00000002.00000003.1894898672.000001D97E764000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com
Source: OpenWith.exe, 00000002.00000003.1901858513.000001D97E689000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894017600.000001D97E67B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: OpenWith.exe, 00000002.00000003.1892322694.000001D97F16F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: OpenWith.exe, 00000002.00000003.1901858513.000001D97E689000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894017600.000001D97E67B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: OpenWith.exe, 00000002.00000003.1892322694.000001D97F16F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: OpenWith.exe, 00000002.00000003.1892527686.000001D97E764000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893118476.000001D97E764000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.124.205.63:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_49afc89a-f

Source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_a452f6ad-5

Source: Yara match	File source: 1.3.OpenWith.exe.5690000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.OpenWith.exe.5470000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.cXjy5Y6dXX.exe.47d0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.cXjy5Y6dXX.exe.45b0000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cXjy5Y6dXX.exe PID: 2172, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: OpenWith.exe PID: 6532, type: MEMORYSTR

Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E6430C7 NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlFreeHeap,RtlFreeHeap,	2_3_000001D97E6430C7
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30AC0C NtAcceptConnectPort,	2_3_00007DF41C30AC0C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30ACE8 NtAcceptConnectPort,	2_3_00007DF41C30ACE8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30ACC8 NtAcceptConnectPort,	2_3_00007DF41C30ACC8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30BCC0 NtAcceptConnectPort,NtAcceptConnectPort,free,	2_3_00007DF41C30BCC0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30AD14 NtAcceptConnectPort,	2_3_00007DF41C30AD14
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30ADD4 NtAcceptConnectPort,	2_3_00007DF41C30ADD4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30BE6C NtAcceptConnectPort,	2_3_00007DF41C30BE6C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30AE5C NtAcceptConnectPort,	2_3_00007DF41C30AE5C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30AF60 NtAcceptConnectPort,	2_3_00007DF41C30AF60
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30AF40 NtAcceptConnectPort,	2_3_00007DF41C30AF40
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30C7CC NtAcceptConnectPort,	2_3_00007DF41C30C7CC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30D3C0 NtAcceptConnectPort,NtAcceptConnectPort,	2_3_00007DF41C30D3C0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30B498 NtAcceptConnectPort,calloc,DuplicateHandle,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,	2_3_00007DF41C30B498
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30C47C NtAcceptConnectPort,	2_3_00007DF41C30C47C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30C70C NtAcceptConnectPort,	2_3_00007DF41C30C70C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30C10C NtAcceptConnectPort,	2_3_00007DF41C30C10C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30D2F4 NtAcceptConnectPort,NtAcceptConnectPort,	2_3_00007DF41C30D2F4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_2_000001D97CC40AC8 NtAcceptConnectPort,NtAcceptConnectPort,	2_2_000001D97CC40AC8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_2_000001D97CC415AC NtAcceptConnectPort,	2_2_000001D97CC415AC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_2_000001D97CC41CD0 NtAcceptConnectPort,CloseHandle,	2_2_000001D97CC41CD0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_2_000001D97CC41A90 NtAcceptConnectPort,NtAcceptConnectPort,	2_2_000001D97CC41A90
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_00007DF4C3601CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,	6_3_00007DF4C3601CE8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_00007DF4C3601958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,	6_3_00007DF4C3601958
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F2990 NtAcceptConnectPort,	6_2_00000195528F2990
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F29D4 NtAcceptConnectPort,	6_2_00000195528F29D4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F27B8 NtAcceptConnectPort,	6_2_00000195528F27B8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F288C NtAcceptConnectPort,	6_2_00000195528F288C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F28B8 NtAcceptConnectPort,	6_2_00000195528F28B8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F28E8 NtAcceptConnectPort,	6_2_00000195528F28E8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F252C NtAcceptConnectPort,	6_2_00000195528F252C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F2418 NtAcceptConnectPort,	6_2_00000195528F2418
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F2C64 NtAcceptConnectPort,	6_2_00000195528F2C64
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00007DF4C3612704 NtQuerySystemInformation,malloc,NtQuerySystemInformation,	6_2_00007DF4C3612704
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E65579385C NtQuerySystemInformation,	8_2_000002E65579385C

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00C00BC1	0_2_00C00BC1
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E64279C	2_3_000001D97E64279C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E641BA6	2_3_000001D97E641BA6
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E644A38	2_3_000001D97E644A38
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E645E7C	2_3_000001D97E645E7C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E64557C	2_3_000001D97E64557C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E6458FC	2_3_000001D97E6458FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E6424F7	2_3_000001D97E6424F7
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_000001D97E642C3C	2_3_000001D97E642C3C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2E2634	2_3_00007DF41C2E2634
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3BEBE4	2_3_00007DF41C3BEBE4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2E5C24	2_3_00007DF41C2E5C24
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C34DC54	2_3_00007DF41C34DC54
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C386C60	2_3_00007DF41C386C60
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C32FDE0	2_3_00007DF41C32FDE0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3C3D84	2_3_00007DF41C3C3D84
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3D6DAC	2_3_00007DF41C3D6DAC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3CAE00	2_3_00007DF41C3CAE00
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2F1E54	2_3_00007DF41C2F1E54
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C319F4C	2_3_00007DF41C319F4C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3C9F68	2_3_00007DF41C3C9F68
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C310F04	2_3_00007DF41C310F04
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C33B7B8	2_3_00007DF41C33B7B8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3CA8BC	2_3_00007DF41C3CA8BC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C30996C	2_3_00007DF41C30996C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2FF95C	2_3_00007DF41C2FF95C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2FD9F0	2_3_00007DF41C2FD9F0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3C69A8	2_3_00007DF41C3C69A8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C33CA38	2_3_00007DF41C33CA38
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C359AE0	2_3_00007DF41C359AE0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C32FA94	2_3_00007DF41C32FA94
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C349B38	2_3_00007DF41C349B38
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2FFB24	2_3_00007DF41C2FFB24
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C339B70	2_3_00007DF41C339B70
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3DCB04	2_3_00007DF41C3DCB04
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C32F3B8	2_3_00007DF41C32F3B8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3BA3D4	2_3_00007DF41C3BA3D4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3493F4	2_3_00007DF41C3493F4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3243F8	2_3_00007DF41C3243F8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C33A430	2_3_00007DF41C33A430
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3CA4A0	2_3_00007DF41C3CA4A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C332524	2_3_00007DF41C332524
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3495D0	2_3_00007DF41C3495D0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3375E4	2_3_00007DF41C3375E4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C33D594	2_3_00007DF41C33D594
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2EF624	2_3_00007DF41C2EF624
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3496E0	2_3_00007DF41C3496E0
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C35CFB4	2_3_00007DF41C35CFB4
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3DBFCC	2_3_00007DF41C3DBFCC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3CAF80	2_3_00007DF41C3CAF80
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C2E1058	2_3_00007DF41C2E1058
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C32F02C	2_3_00007DF41C32F02C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3520BC	2_3_00007DF41C3520BC
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3AA168	2_3_00007DF41C3AA168
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C33B104	2_3_00007DF41C33B104
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C37E24C	2_3_00007DF41C37E24C
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3D72C8	2_3_00007DF41C3D72C8
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C3CB318	2_3_00007DF41C3CB318
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_2_000001D97CC40C5C	2_2_000001D97CC40C5C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AC1F40	6_3_0000019552AC1F40
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AC027B	6_3_0000019552AC027B
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AC2718	6_3_0000019552AC2718
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AC170E	6_3_0000019552AC170E
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AC3660	6_3_0000019552AC3660
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_00007DF4C360392C	6_3_00007DF4C360392C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_00007DF4C3604EFC	6_3_00007DF4C3604EFC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_00007DF4C3602204	6_3_00007DF4C3602204
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528EC25C	6_2_00000195528EC25C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F2D24	6_2_00000195528F2D24
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528E2628	6_2_00000195528E2628
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955291E984	6_2_000001955291E984
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955291F1D0	6_2_000001955291F1D0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552915918	6_2_0000019552915918
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955291F940	6_2_000001955291F940
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552900174	6_2_0000019552900174
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F5ADC	6_2_00000195528F5ADC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552914A50	6_2_0000019552914A50
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552923A4D	6_2_0000019552923A4D
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552913A38	6_2_0000019552913A38
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552920270	6_2_0000019552920270
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F7270	6_2_00000195528F7270
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528F6F24	6_2_00000195528F6F24
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528FC750	6_2_00000195528FC750
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552913F70	6_2_0000019552913F70
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552907094	6_2_0000019552907094
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195529148D0	6_2_00000195529148D0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528FD010	6_2_00000195528FD010
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955291A81C	6_2_000001955291A81C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955290D854	6_2_000001955290D854
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552920874	6_2_0000019552920874
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552920D90	6_2_0000019552920D90
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195529155B0	6_2_00000195529155B0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195529195D4	6_2_00000195529195D4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552914DE8	6_2_0000019552914DE8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552906D18	6_2_0000019552906D18
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552907684	6_2_0000019552907684
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195529086B4	6_2_00000195529086B4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552903EA4	6_2_0000019552903EA4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552915EC8	6_2_0000019552915EC8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528FBEB8	6_2_00000195528FBEB8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528FF618	6_2_00000195528FF618
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528FE398	6_2_00000195528FE398
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552910478	6_2_0000019552910478
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528E14D0	6_2_00000195528E14D0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955291ECE4	6_2_000001955291ECE4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528FDCE4	6_2_00000195528FDCE4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_000001955291CC00	6_2_000001955291CC00
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_0000019552926434	6_2_0000019552926434
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00007DF4C36222CC	6_2_00007DF4C36222CC
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E65579737C	8_2_000002E65579737C
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B3B40	8_2_000002E6557B3B40
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557963CF	8_2_000002E6557963CF
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A53C8	8_2_000002E6557A53C8
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557BEBAC	8_2_000002E6557BEBAC
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B2AA0	8_2_000002E6557B2AA0
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B2254	8_2_000002E6557B2254
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A92D4	8_2_000002E6557A92D4
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A9D30	8_2_000002E6557A9D30
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557C1E08	8_2_000002E6557C1E08
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E65579D604	8_2_000002E65579D604
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E655798DF4	8_2_000002E655798DF4
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E655796DD1	8_2_000002E655796DD1
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E65579C5D4	8_2_000002E65579C5D4
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B25B4	8_2_000002E6557B25B4
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E65579BC68	8_2_000002E65579BC68
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557AE51C	8_2_000002E6557AE51C
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557BC500	8_2_000002E6557BC500
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A27A4	8_2_000002E6557A27A4
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E655796784	8_2_000002E655796784
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557AF76C	8_2_000002E6557AF76C
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A9818	8_2_000002E6557A9818
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E65579BFE4	8_2_000002E65579BFE4
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A6E94	8_2_000002E6557A6E94
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557BC668	8_2_000002E6557BC668
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B4660	8_2_000002E6557B4660
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557BF6F1	8_2_000002E6557BF6F1
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A8EB8	8_2_000002E6557A8EB8
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A9998	8_2_000002E6557A9998
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E655797192	8_2_000002E655797192
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557A8980	8_2_000002E6557A8980
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B4144	8_2_000002E6557B4144
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557B3210	8_2_000002E6557B3210
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557AA860	8_2_000002E6557AA860
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557970BD	8_2_000002E6557970BD

Source: cXjy5Y6dXX.exe, 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename4 vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1700675923.00000000046D3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1701161608.0000000002B00000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1700288468.0000000004728000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1700442462.0000000004926000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000049B1000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKernelbase.dllj% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1700824435.000000000487D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1701161608.0000000002B92000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1701232479.0000000004680000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1701232479.0000000004630000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs cXjy5Y6dXX.exe
Source: cXjy5Y6dXX.exe, 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKernelbase.dllj% vs cXjy5Y6dXX.exe

Source: cXjy5Y6dXX.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.OpenWith.exe.1d97eead970.2.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 2.3.OpenWith.exe.1d97eead970.2.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 2.3.OpenWith.exe.1d97eead970.6.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 2.3.OpenWith.exe.1d97eead970.3.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 2.3.OpenWith.exe.1d97eead970.4.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@9/0@0/1

Source: C:\Windows\System32\OpenWith.exe

Code function: 2_3_00007DF41C2E2634 CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread,

2_3_00007DF41C2E2634

Source: C:\Windows\SysWOW64\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}

Source: C:\Windows\SysWOW64\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: OpenWith.exe, 00000002.00000003.1889277529.000001D97F1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890507524.000001D97F1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891731098.000001D97F16F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: OpenWith.exe, 00000002.00000003.1855797044.000001D97E7CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2576319056.00007DF41C3E2000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2570391467.000001D97ED1A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1847713311.000001D97E7CE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: cXjy5Y6dXX.exe

ReversingLabs: Detection: 73%

Source: unknown	Process created: C:\Users\user\Desktop\cXjy5Y6dXX.exe "C:\Users\user\Desktop\cXjy5Y6dXX.exe"
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe"
Source: C:\Windows\SysWOW64\OpenWith.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"	Jump to behavior

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior

Source: C:\Windows\SysWOW64\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook

Jump to behavior

Source: cXjy5Y6dXX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: cXjy5Y6dXX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: cXjy5Y6dXX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: cXjy5Y6dXX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: cXjy5Y6dXX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: cXjy5Y6dXX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: cXjy5Y6dXX.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: cXjy5Y6dXX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1701161608.0000000002B00000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701232479.0000000004630000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703967518.0000000005590000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703898487.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1700442462.00000000047A0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700288468.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703408581.0000000005660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703256425.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1700824435.0000000004750000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700675923.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703744621.0000000005610000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703610731.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1700442462.00000000047A0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700288468.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703408581.0000000005660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703256425.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: cXjy5Y6dXX.exe, 00000000.00000003.1700824435.0000000004750000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1700675923.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703744621.0000000005610000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703610731.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: wmplayer.exe, 00000006.00000003.2474293998.0000019552AB0000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000006.00000003.2474329227.0000019552D90000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: cXjy5Y6dXX.exe, 00000000.00000003.1701161608.0000000002B00000.00000004.00000001.00020000.00000000.sdmp, cXjy5Y6dXX.exe, 00000000.00000003.1701232479.0000000004630000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703967518.0000000005590000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000003.1703898487.0000000005470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000006.00000003.2474293998.0000019552AB0000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000006.00000003.2474329227.0000019552D90000.00000004.00000001.00020000.00000000.sdmp

Source: cXjy5Y6dXX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: cXjy5Y6dXX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: cXjy5Y6dXX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: cXjy5Y6dXX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: cXjy5Y6dXX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

.NET source code contains potential unpacker

Source: 2.3.OpenWith.exe.1d97eead970.2.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.3.OpenWith.exe.1d97eead970.2.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 2.3.OpenWith.exe.1d97eea9d60.5.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.3.OpenWith.exe.1d97eea9d60.5.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 2.3.OpenWith.exe.1d97eead970.3.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.3.OpenWith.exe.1d97eead970.3.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 2.2.OpenWith.exe.1d97eead970.2.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.2.OpenWith.exe.1d97eead970.2.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 2.3.OpenWith.exe.1d97eead970.4.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.3.OpenWith.exe.1d97eead970.4.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 2.2.OpenWith.exe.1d97eea9d60.1.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.2.OpenWith.exe.1d97eea9d60.1.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 2.3.OpenWith.exe.1d97eead970.6.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 2.3.OpenWith.exe.1d97eead970.6.raw.unpack, Runtime.cs	.Net Code: CoreMain

Source: cXjy5Y6dXX.exe

Static PE information: section name: .textbss

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C06A80 push edx; ret	0_3_00C06A81
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C04C95 push es; retf	0_3_00C04C91
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C04C62 push es; retf	0_3_00C04C91
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C05E69 push ebx; iretd	0_3_00C05E6A
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C061E2 push eax; retf	0_3_00C061F1
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C047A2 push ebp; iretd	0_3_00C047A3
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C02F50 push eax; retf	0_3_00C02F51
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C04170 push ecx; iretd	0_3_00C0417C
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C06777 push esi; ret	0_3_00C06782
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C04130 pushad ; ret	0_3_00C04138
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00BAC01A push ds; iretd	0_2_00BAC036
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00C012F4 push ecx; ret	0_2_00C01307
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00BA1436 push ds; retf	0_2_00BA143B
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00BAE5F8 push ebx; ret	0_2_00BAE5F9
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C4B00 push edx; ret	1_3_030C4B01
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C2D15 push es; retf	1_3_030C2D11
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C21B0 pushad ; ret	1_3_030C21B8
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C0FD0 push eax; retf	1_3_030C0FD1
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C47F7 push esi; ret	1_3_030C4802
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C21F0 push ecx; iretd	1_3_030C21FC
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C2822 push ebp; iretd	1_3_030C2823
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C4262 push eax; retf	1_3_030C4271
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C3EE9 push ebx; iretd	1_3_030C3EEA
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C2CE2 push es; retf	1_3_030C2D11
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AB64B1 push rcx; retn 0023h	6_3_0000019552AB64B2
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AB59B8 push rcx; ret	6_3_0000019552AB59B9
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_3_0000019552AB1AB8 push rax; iretd	6_3_0000019552AB1B01
Source: C:\Windows\System32\dllhost.exe	Code function: 8_2_000002E6557C3590 push ebx; retf	8_2_000002E6557C3592

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	API/Special instruction interceptor: Address: 7FFE2220D044
Source: C:\Windows\SysWOW64\OpenWith.exe	API/Special instruction interceptor: Address: 7FFE2220D044
Source: C:\Windows\SysWOW64\OpenWith.exe	API/Special instruction interceptor: Address: 57FA83A

Source: C:\Windows\System32\dllhost.exe

Code function: GetAdaptersInfo,

8_2_000002E655792AC4

Source: C:\Windows\SysWOW64\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\OpenWith.exe

Code function: 2_3_00007DF41C369F04 GetSystemInfo,

2_3_00007DF41C369F04

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft	Jump to behavior

Source: OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
Source: OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
Source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: OpenWith.exe, 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: OpenWith.exe, 00000002.00000003.1861667423.000001D97E718000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMCIDevSymbol
Source: OpenWith.exe, 00000001.00000002.1802200658.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000001.00000002.1802200658.0000000003135000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000006.00000002.2913582811.0000019552B13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: OpenWith.exe, 00000002.00000003.1904926871.000001D97E710000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-
Source: OpenWith.exe, 00000002.00000003.1861667423.000001D97E718000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLink
Source: OpenWith.exe, 00000002.00000003.1904926871.000001D97E710000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&0
Source: OpenWith.exe, 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe

Code function: 0_2_00BF9AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00BF9AB4

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_3_00C02277 mov eax, dword ptr fs:[00000030h]	0_3_00C02277
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00C02277 mov eax, dword ptr fs:[00000030h]	0_2_00C02277
Source: C:\Windows\SysWOW64\OpenWith.exe	Code function: 1_3_030C0283 mov eax, dword ptr fs:[00000030h]	1_3_030C0283

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe

Code function: 0_2_00BF4E5A GetProcessHeap,RtlAllocateHeap,GetModuleFileNameW,_wcsrchr,lstrlenW,GetProcessHeap,RtlFreeHeap,MulDiv,

0_2_00BF4E5A

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00BF9AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00BF9AB4
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00BF5A33 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00BF5A33
Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Code function: 0_2_00BF55A9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00BF55A9

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Program Files\Windows Media Player\wmplayer.exe

Memory allocated: C:\Windows\System32\dllhost.exe base: 2E655790000 protect: page read and write

Jump to behavior

Writes to foreign memory regions

Source: C:\Program Files\Windows Media Player\wmplayer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 2E655790000			Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0			Jump to behavior

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe	Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\OpenWith.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"	Jump to behavior

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe

Code function: 0_2_00BF5845 cpuid

0_2_00BF5845

Source: C:\Windows\System32\OpenWith.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Windows\SysWOW64\OpenWith.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Code function: 2_3_00007DF41C301B18 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,

2_3_00007DF41C301B18

Source: C:\Users\user\Desktop\cXjy5Y6dXX.exe

Code function: 0_2_00BF5490 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00BF5490

Source: C:\Windows\SysWOW64\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000000.00000003.1699421762.0000000000CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1733027808.00000000053DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1702483647.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1702281326.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1802524391.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: OpenWith.exe, 00000002.00000003.1905007083.000001D97E725000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: !CP:Defichain-Electrum
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\ElectronCash\config
Source: OpenWith.exe, 00000002.00000003.1905007083.000001D97E725000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \user\AppData\Roaming\com.liberty.jaxx
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: OpenWith.exe, 00000002.00000003.1905007083.000001D97E725000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
Source: OpenWith.exe, 00000002.00000002.2576620197.000001D97CCA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Liveletsg

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Directory queried: C:\Users\user\Documents\DVWHKMNFNN

Jump to behavior

Source: Yara match	File source: 00000002.00000003.1892936653.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1892527686.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1891865924.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: OpenWith.exe PID: 5448, type: MEMORYSTR

Remote Access Functionality

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000000.00000003.1699421762.0000000000CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1733027808.00000000053DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1702483647.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1702281326.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1802524391.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C301B18 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,	2_3_00007DF41C301B18
Source: C:\Windows\System32\OpenWith.exe	Code function: 2_3_00007DF41C334088 socket,bind,	2_3_00007DF41C334088
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 6_2_00000195528ECDF4 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,	6_2_00000195528ECDF4

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 DLL Side-Loading	212 Process Injection	1 Virtualization/Sandbox Evasion	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Email Collection	22 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	212 Process Injection	21 Input Capture	131 Security Software Discovery	Remote Desktop Protocol	21 Input Capture	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	1 Credentials in Registry	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Archive Collected Data	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	21 Data from Local System	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	11 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	136 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
cXjy5Y6dXX.exe	74%	ReversingLabs	Win32.Spyware.Rhadamanthys
cXjy5Y6dXX.exe	100%	Avira	TR/Redcap.olqyx
cXjy5Y6dXX.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e	0%	Avira URL Cloud	safe
https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e(	0%	Avira URL Cloud	safe
https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3ekernelbasentdllkernel32GetProcessMitigation	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ac.ecosia.org/autocomplete?q=	OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://discord.com	OpenWith.exe, 00000002.00000003.1904637498.000001D97F173000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6	OpenWith.exe, 00000002.00000003.1892527686.000001D97E764000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893118476.000001D97E764000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E764000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com	OpenWith.exe, 00000002.00000003.1894898672.000001D97E764000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E764000.00000004.00000020.00020000.00000000.sdmp	false		high
https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3e(	OpenWith.exe, 00000001.00000002.1802162479.000000000309C000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	OpenWith.exe, 00000002.00000003.1892322694.000001D97F16F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://discordapp.com	OpenWith.exe, 00000002.00000003.1904637498.000001D97F173000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	OpenWith.exe, 00000002.00000003.1901858513.000001D97E689000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894017600.000001D97E67B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	OpenWith.exe, 00000002.00000003.1892322694.000001D97F16F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	OpenWith.exe, 00000002.00000003.1901858513.000001D97E689000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894017600.000001D97E67B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E764000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	OpenWith.exe, 00000002.00000003.1896175031.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1900847894.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1898559412.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1887761148.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892936653.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1890892896.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894325206.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1888694128.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1892527686.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1897381631.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1899031471.000001D97E6BC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1891865924.000001D97E6B8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1894799613.000001D97E6BA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000003.1889700748.000001D97E6BD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://193.124.205.63:7390/1d7c07d7f0b063/xtt6wabb.8qt3ekernelbasentdllkernel32GetProcessMitigation	OpenWith.exe, 00000001.00000002.1803067572.000000000594A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.124.205.63	unknown	Russian Federation		197695	AS-REGRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1571397
Start date and time:	2024-12-09 10:55:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	cXjy5Y6dXX.exe renamed because original name is a hash value
Original Sample Name:	c3159d554310d51982d1eaa16b3b5b87e8b5bc90598fd4f1749596d8bd8c9e4b.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@9/0@0/1
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 61% Number of executed functions: 156 Number of non-executed functions: 20
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target OpenWith.exe, PID 6532 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: cXjy5Y6dXX.exe

Simulations

Behavior and APIs

Time	Type	Description
04:57:44	API Interceptor	1x Sleep call for process: wmplayer.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-REGRU	SRT68.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	New Order.exe	Get hash	malicious	FormBook	Browse	31.31.196.17
	72STaC6BmljfbIQ.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	attached invoice.exe	Get hash	malicious	FormBook	Browse	31.31.196.17
	specification and drawing.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	194.58.112.174
	Pre Alert PO TVKJEANSA00967.bat.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	194.58.112.174
	DO-COSU6387686280.pdf.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	37.140.192.206
	Fi#U015f.exe	Get hash	malicious	FormBook	Browse	31.31.196.177
	ZAMOWIEN.BAT.exe	Get hash	malicious	FormBook, GuLoader	Browse	31.31.196.177
	CV Lic H&S Olivetti Renzo.exe	Get hash	malicious	FormBook	Browse	194.58.112.174

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
caec7ddf6889590d999d7ca1b76373b6	payload_1.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	193.124.205.63
	List of Required items xlsx.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	193.124.205.63
	ab.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	193.124.205.63
	download.exe	Get hash	malicious	RHADAMANTHYS	Browse	193.124.205.63
	wE1inOhJA5.msi	Get hash	malicious	Remcos, RHADAMANTHYS	Browse	193.124.205.63
	0a0#U00a0.js	Get hash	malicious	RHADAMANTHYS	Browse	193.124.205.63
	UGcjMkPWwW.exe	Get hash	malicious	RHADAMANTHYS	Browse	193.124.205.63
	XAhzDHAVZ2.exe	Get hash	malicious	RHADAMANTHYS	Browse	193.124.205.63
	TctqdRX5Wq.exe	Get hash	malicious	RHADAMANTHYS	Browse	193.124.205.63
	g753nr4GI9.exe	Get hash	malicious	RHADAMANTHYS	Browse	193.124.205.63

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.554215795001397
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	cXjy5Y6dXX.exe
File size:	433'152 bytes
MD5:	9725864712cc93935c58e8908dfa66d2
SHA1:	40db5ea80d64ef64ec45d01c5e53767e44aadec0
SHA256:	c3159d554310d51982d1eaa16b3b5b87e8b5bc90598fd4f1749596d8bd8c9e4b
SHA512:	33727107b4cd3b52656d0f90c43692bb203fe70ff09f11ea3ff3a91ed0768db4863a6e9e2fd4658a0b9d707c3746fe834e2ded711cd531b981cad67d9146ea19
SSDEEP:	6144:YAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSW3ChNeK06iiRzmi0F9:YWBqf/qq3R5W8ZB4zmRzba5sViRUF9
TLSH:	1A94F14CB5D2C175E9724A32C85496F05E3DBD50CB179EE773A43E293A302E05E32A7A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......UP.\|.1@/.1@/.1@/ZIC..1@/ZIE..1@/ZID..1@/.NE.71@/.ND..1@/.NC..1@/ZIA..1@/.1A/v1@/+.D..1@/.1@/.1@/+../.1@/+.B..1@/Rich.1@/.......

File Icon


Icon Hash:	100109193979390f

Static PE Info

General

Entrypoint:	0x455235
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x645F7B5F [Sat May 13 11:58:23 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	1cda62d85d4d631949032bd51ab17a29

Entrypoint Preview

Instruction
call 00007F0CC851DE08h
jmp 00007F0CC851D9DFh
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F0CC851DB7Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F0CC851DB6Ch
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F0CC851DB6Eh
add edx, 28h
cmp edx, esi
jne 00007F0CC851DB4Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F0CC851DB5Bh
push esi
call 00007F0CC851E2F5h
test eax, eax
je 00007F0CC851DB82h
mov eax, dword ptr fs:[00000018h]
mov esi, 004798E4h
mov edx, dword ptr [eax+04h]
jmp 00007F0CC851DB66h
cmp edx, eax
je 00007F0CC851DB72h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F0CC851DB52h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F0CC851DB69h
mov byte ptr [004798E8h], 00000001h
call 00007F0CC851E0E0h
call 00007F0CC851EDC4h
test al, al
jne 00007F0CC851DB66h
xor al, al
pop ebp
ret
call 00007F0CC85218D3h
test al, al
jne 00007F0CC851DB6Ch
push 00000000h
call 00007F0CC851EDCBh
pop ecx
jmp 00007F0CC851DB4Bh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [004798E9h], 00000000h
je 00007F0CC851DB66h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7794c	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7b000	0x1498	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7d000	0xf40	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x76e40	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x76d80	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x72000	0x164	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x60533	0x60600	45fcf518887f4fc5fe7868d86ca89d6a	False	0.6513785870622568	data	5.481499832906695	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.textbss	0x62000	0x10000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x72000	0x611e	0x6200	a34d227343b26b448c2fbf0c5a1bcb3e	False	0.4164540816326531	data	4.833087325483854	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x79000	0x1320	0xa00	62f04be8889719ef402cb8fde140eaa0	False	0.1546875	DOS executable (block device driver \277DN)	2.040813955897899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x7b000	0x1498	0x1600	f89593d6580680aa51828d8936d570bd	False	0.2762784090909091	data	3.8859060526590135	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x7d000	0xf40	0x1000	aee597d25215ac27829b6f1ddaaf38bd	False	0.755615234375	data	6.454880869273466	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x7b0f0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m	English	United States	0.2619606003752345
RT_GROUP_ICON	0x7c198	0x14	data	English	United States	1.1
RT_VERSION	0x7c1b0	0x2e4	data	English	United States	0.4554054054054054

Imports

DLL	Import
KERNEL32.dll	CloseHandle, HeapCreate, HeapDestroy, HeapAlloc, HeapFree, GetProcessHeap, WaitForSingleObject, CreateEventA, GetModuleFileNameW, GetModuleHandleA, MulDiv, lstrlenW, WriteConsoleW, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapReAlloc, HeapSize, LCMapStringW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, DecodePointer
USER32.dll	LoadImageA, GetIconInfo, DialogBoxParamA, EndDialog, SendMessageW, InflateRect, SetForegroundWindow, OffsetRect, GetWindowLongA, SendDlgItemMessageA, GetDlgItem, SetWindowPos, UnionRect
ole32.dll	CoInitializeEx, CoTaskMemFree

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-09T10:56:30.769221+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	7390	192.168.2.4	49730	TCP
2024-12-09T10:57:17.773799+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	7390	192.168.2.4	49743	TCP
2024-12-09T10:57:17.773799+0100	2854824	ETPRO JA3 HASH Suspected Malware Related Response	2	193.124.205.63	7390	192.168.2.4	49743	TCP
2024-12-09T10:57:40.977743+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	7390	192.168.2.4	49766	TCP
2024-12-09T10:57:40.977743+0100	2854824	ETPRO JA3 HASH Suspected Malware Related Response	2	193.124.205.63	7390	192.168.2.4	49766	TCP
2024-12-09T10:57:49.614905+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	443	192.168.2.4	49767	TCP
2024-12-09T10:57:56.693486+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	443	192.168.2.4	49769	TCP
2024-12-09T10:58:03.889138+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	443	192.168.2.4	49770	TCP
2024-12-09T10:58:11.168085+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	443	192.168.2.4	49771	TCP
2024-12-09T10:58:18.378284+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	443	192.168.2.4	49772	TCP
2024-12-09T10:58:25.530374+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	193.124.205.63	443	192.168.2.4	49773	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2024 10:56:29.266041040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:29.385760069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:29.388334036 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:29.388516903 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:29.507842064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:30.642461061 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:30.647236109 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:30.769221067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.041929960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.058027983 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.177429914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475562096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475626945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475646973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475658894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475671053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475672960 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.475693941 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.475879908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475891113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475903034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475914955 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.475915909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.475931883 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.484177113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.484231949 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.486864090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.486984968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.487025976 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.596806049 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.640372038 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.669027090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.669115067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.669159889 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.672894001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.674273968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.674323082 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.674452066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.678677082 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.678733110 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.678828955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.686338902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.686408043 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.686515093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.693977118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.693999052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.694041967 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.702315092 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.702369928 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.702600956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.709254026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.709304094 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.709417105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.716866970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.716921091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.717015982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.724447012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.724458933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.724488020 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.734200001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.734211922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.735089064 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.740206957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.740220070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.740262985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.762207985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.762222052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.762280941 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.790204048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.843489885 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.859714031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.859829903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.859870911 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.863540888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.863636017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.863673925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.871184111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.873917103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.873961926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.873964071 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.881664038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.881685019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.881706953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.889240026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.889288902 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.889343023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.896941900 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.896994114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.897031069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.911461115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.911514997 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.911546946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.911561012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.911601067 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.911647081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.915095091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.915132999 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.915148020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.918313980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.918364048 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.918430090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.922956944 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.923028946 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.923130035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.927575111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.927638054 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.927644968 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.932182074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.932245970 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.932292938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.936697960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.936753988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.936860085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.941488028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.941538095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.941538095 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.946012974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.946176052 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.946261883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.950536966 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.950587988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.950628996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.955239058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.955277920 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.955369949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.959856987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.959906101 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.960026026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.964296103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.964334011 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:31.964376926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.968879938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:31.968924046 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.052011013 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.052138090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.052248001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.054215908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.054281950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.054330111 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.058655977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.058813095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.058862925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.063096046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.063209057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.063251019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.067627907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.067747116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.067794085 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.071912050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.071980953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.072029114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.075917959 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.076064110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.076109886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.079902887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.080013037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.080058098 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.083781004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.083821058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.083863020 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.087395906 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.087498903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.087544918 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.091072083 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.091140985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.091181993 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.094727039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.094837904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.094875097 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.098001957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.098128080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.098176003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.101104975 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.101124048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.101161957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.104157925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.104340076 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.104378939 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.107702017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.107779026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.107819080 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.110568047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.110625982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.110667944 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.113723040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.113780975 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.113820076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.116058111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.116226912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.116265059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.118997097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.119185925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.119230986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.122085094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.122176886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.122216940 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.125145912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.125158072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.125197887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.128118992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.128238916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.128278017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.131092072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.131247044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.131288052 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.134135962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.134433031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.134475946 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.137132883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.137356043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.137399912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.140063047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.140218019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.140259027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.143213034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.143299103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.143335104 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.146172047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.146222115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.146266937 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.149502993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.149600983 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.149641991 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.152106047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.152312994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.152359009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.155200005 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.202883959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.244259119 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.245522022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.245573997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.245599985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.246192932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.246237040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.248239994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.248255014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.248300076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.252861023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.252872944 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.252916098 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.254196882 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.254209995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.254261017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.255645990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.255659103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.255702019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.258060932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.258071899 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.258115053 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.260284901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.262227058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.262294054 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.263487101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.263511896 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.263572931 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.266228914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.266247034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.266299963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.268660069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.268672943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.268718958 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.270214081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.270226002 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.270281076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.272592068 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.272603035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.272660971 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.274230003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.274244070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.274292946 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.275862932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.275882006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.275922060 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.278081894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.278094053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.278145075 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.279916048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.282025099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.282056093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.282063961 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.282181978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.282217026 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.284265041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.285834074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.285876036 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.288367987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.288378954 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.288391113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.288403034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.288419962 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.288455009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.291546106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.291558027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.291610003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.293119907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.293131113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.293169975 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.296964884 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.296977997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.296991110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.297003031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.297019005 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.297048092 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.300338984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.300355911 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.300405025 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.302217007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.302229881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.302264929 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.304770947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.304783106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.304795980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.304838896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.306195974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.306241035 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.309246063 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.309263945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.309276104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.309309959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.310204983 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.310247898 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.313327074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.313338995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.313349009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.313359976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.313390017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.313412905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.315362930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.315375090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.315408945 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.317327023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.317337990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.317393064 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.321391106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.321403027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.321413040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.321444988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.322190046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.322243929 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.323463917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.325875044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.325891018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.325906038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.325927019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.325942993 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.327831984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.327845097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.327889919 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.330193996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.330205917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.330248117 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.332370043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.332381964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.332421064 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.334193945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.334206104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.334249020 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.335890055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.337912083 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.337943077 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.337958097 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.338186026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.338227987 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.340351105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.340362072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.340400934 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.342221022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.342233896 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.342273951 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.344261885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.344274044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.344312906 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.347358942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.347371101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.347410917 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.349296093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.349308014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.349345922 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.352391958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.352404118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.352416039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.352447033 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.354198933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.354243040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.356174946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.356187105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.356228113 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.436716080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.436729908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.436887026 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.437364101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.437779903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.437827110 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.441731930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.441749096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.441792965 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.441894054 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.441906929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.441945076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.443803072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.443938017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.443979025 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.445436001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.445569992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.445609093 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.447098017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.447118044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.447159052 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.448472023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.448483944 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.448523045 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.450094938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.450218916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.450262070 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.451637030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.451649904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.451689959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.453212023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.453345060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.453386068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.454689980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.454833031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.454873085 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.456243038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.456257105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.456288099 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.457577944 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.457727909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.457767010 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.459352970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.459527969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.459577084 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.459815979 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.460273027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.460314035 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.461961031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.462106943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.462148905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.463500977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.463520050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.463557959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.464781046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.464792967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.464824915 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.464831114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.465029955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.465070963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.466197968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.466665983 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.466708899 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.467806101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.467818022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.467850924 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.469057083 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.469069004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.469124079 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.470566988 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.470578909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.470623970 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.471780062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.471904039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.471945047 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.473640919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.473653078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.473695040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.474560022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.474580050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.474613905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.475857019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.475868940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.475970984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.477169991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.477644920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.477688074 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.478569031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.478585005 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.478621006 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.479795933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.480195999 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.480236053 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.482815027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.482826948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.482839108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.482851982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.482860088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.482889891 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.483956099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.483969927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.484112978 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.485500097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.485517025 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.485589981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.486325979 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.486454964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.486498117 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.487853050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.487865925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.487907887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.489013910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.489087105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.489126921 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.490346909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.490428925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.490468979 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.491934061 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.492032051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.492068052 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.492892981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.493637085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.493683100 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.494298935 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.494494915 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.494534969 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.495732069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.495748043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.495789051 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.496953011 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.498234987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.498250008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.498281002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.498405933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.498445034 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.499510050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.499747038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.499783993 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.500833988 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.500920057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.500960112 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.502322912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.502348900 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.502383947 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.503540993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.503689051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.503730059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.504796982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.504967928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.505007029 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.506169081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.506217957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.506253958 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.507606983 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.507623911 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.507661104 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.508938074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.508951902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.508991957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.510138035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.562280893 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.636976004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.637023926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.637084961 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.637454033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.637494087 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.637528896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.638602018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.638617039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.638653040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.639462948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.639579058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.639621019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.640686035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.640701056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.640733004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.641556978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.641654015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.641691923 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.642544031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.642652035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.642688036 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.643517971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.643680096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.643713951 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.644546986 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.644687891 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.644722939 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.645632029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.645692110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.645726919 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.646678925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.646689892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.646723032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.647587061 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.647799969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.647844076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.648591995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.648694038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.648734093 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.649638891 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.649717093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.649751902 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.650684118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.650765896 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.650804996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.651792049 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.651804924 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.651839018 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.652652979 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.652718067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.652755022 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.653744936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.653794050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.653831959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.654743910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.654756069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.654792070 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.655774117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.655858994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.655889034 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.656781912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.656831026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.656877041 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.658051968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.658063889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.658093929 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.658881903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.658894062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.658921003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.659830093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.659914970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.659946918 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.660832882 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.660926104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.660964966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.661883116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.661946058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.661981106 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.663052082 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.663063049 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.663090944 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.663909912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.664026022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.664061069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.664910078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.665050983 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.665086031 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.665923119 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.666075945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.666115046 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.666943073 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.667166948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.667206049 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.667951107 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.668046951 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.668085098 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.669017076 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.669075012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.669111967 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.670027971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.670047045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.670084953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.671040058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.671140909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.671180010 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.672034025 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.672157049 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.672195911 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.673089027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.673141956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.673178911 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.674092054 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.674269915 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.674309969 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.675086021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.675225019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.675278902 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.676115990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.676265955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.676305056 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.677155018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.677222967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.677261114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.678241014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.678252935 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.678303957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.679224014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.679259062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.679291010 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.680172920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.680352926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.680388927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.681238890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.681375980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.681416988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.682229042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.682396889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.682431936 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.683289051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.683362007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.683397055 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.684257984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.684392929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.684431076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.685338974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.685408115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.685445070 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.686304092 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.686348915 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.686387062 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.687320948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.687365055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.687396049 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.688343048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.688451052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.688493967 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.689378023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.689471006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.689508915 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.690387964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.734138966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.821057081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.821244001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.821301937 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.821474075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.821486950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.821618080 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.822441101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.822560072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.822607040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.823519945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.823546886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.823580980 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.824551105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.824800968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.824840069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.825506926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.825639963 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.825675964 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.826518059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.826772928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.826807022 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.827528000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.827727079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.827764988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.828788996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.828907013 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.828946114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.829570055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.829670906 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.829709053 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.830682039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.830697060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.830743074 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.831588984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.832531929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.832578897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.832678080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.832757950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.832794905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.833688021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.833976984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.834022045 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.834781885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.834795952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.834830999 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.835779905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.835793972 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.835830927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.836790085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.836803913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.836853027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.837749958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.837866068 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.837905884 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.838747025 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.838937998 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.838980913 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.839848995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.839862108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.839895964 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.840903997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.840917110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.840946913 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.841799974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.841906071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.841939926 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.842803001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.843369007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.843414068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.843859911 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.843966007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.844005108 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.844800949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.845602989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.845648050 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.845855951 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.845907927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.845946074 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.846927881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.846952915 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.846986055 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.848001957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.848016024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.848057032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.849070072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.849083900 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.849114895 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.850893021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.850905895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.850944042 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.851118088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.851135969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.851171970 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.852229118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.852241993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.852273941 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.852946997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.853123903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.853163004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.854085922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.854099035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.854137897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.855005026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.855154037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.855189085 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.856116056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.856128931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.856172085 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.857009888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.857156992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.857198954 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.858112097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.858129978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.858167887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.859179974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.859236956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.859289885 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.860208988 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.860219955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.860256910 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.861167908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.861179113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.861208916 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.862303019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.862313986 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.862348080 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.863239050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.863251925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.863289118 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.864316940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.864330053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.864372015 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.865303993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.865315914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.865350962 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.869482994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.869502068 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.869514942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.869530916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.869544983 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.869566917 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.869786024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.869966984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.869999886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.871233940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.871277094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.871321917 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.871737003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.871898890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.871929884 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.872848034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.872869015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.872906923 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.873792887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.873941898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.873991013 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.874845982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.875020027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.875061989 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:32.875785112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:32.921952009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.013484955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.013499022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.013567924 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.014010906 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.014023066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.014075041 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.014585018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.014651060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.014688015 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.015588999 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.015602112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.015634060 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.016426086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.017494917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.017508030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.017535925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.018197060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.018244028 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.018569946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.018583059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.018610001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.019618034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.019630909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.019659996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.020539045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.021545887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.021559000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.021594048 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.022192001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.022233009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.022702932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.022716045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.022756100 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.023797035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.023809910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.023848057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.024842024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.024854898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.024884939 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.025794983 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.025809050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.025842905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.026822090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.026834011 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.026865005 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.027883053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.027895927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.027944088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.028740883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.028753042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.028781891 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.029860020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.029872894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.029902935 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.030767918 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.030781031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.030827999 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.031867981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.031879902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.031918049 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.032742023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.033747911 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.033797026 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.033811092 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.034770966 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.034782887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.034820080 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.035293102 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.035331964 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.035834074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.035851002 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.035886049 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.037182093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.037194967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.037226915 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.038295031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.038306952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.038337946 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.039170027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.039181948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.039211035 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.040064096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.040429115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.040478945 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.040891886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.041944981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.041958094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.041989088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.042078972 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.042115927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.043030024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.043041945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.043071985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.044002056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.044112921 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.044167042 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.045833111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.045845985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.045891047 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.046020985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.046088934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.046127081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.047033072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.047162056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.047207117 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.052109003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052124977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052167892 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.052181959 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052195072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052206993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052221060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052238941 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.052265882 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.052571058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052599907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052611113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052622080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.052634001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.052650928 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.053097010 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.053206921 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.053246021 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.054168940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.054265976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.054311037 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.055151939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.055279016 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.055321932 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.056420088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.056433916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.056468010 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.057241917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.057292938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.057337046 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.058202982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.058325052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.058365107 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.062433958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.062448978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.062458992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.062472105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.062482119 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.062508106 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.062737942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.062752008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.062781096 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.063703060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.063842058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.063885927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.064704895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.064995050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.065030098 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.065815926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.065984964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.066025019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.066962957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.067121029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.067158937 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.067401886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.109162092 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.205990076 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.206007957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.206213951 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.206306934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.206429958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.206473112 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.207288980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.207545042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.207586050 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.208349943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.208364010 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.208403111 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.209254026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.209438086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.209475994 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.210329056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.210434914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.210474014 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.211363077 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.211378098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.211416006 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.212368965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.212388039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.212424040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.213416100 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.213428974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.213469028 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.214415073 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.214428902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.214468956 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.215379000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.215835094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.215876102 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.216557026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.216569901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.216609001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.217443943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.217518091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.217559099 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.218405962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.218456030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.218512058 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.219435930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.219469070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.219505072 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.220487118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.220571995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.220612049 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.221462965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.221554041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.221594095 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.222542048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.222635984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.222676992 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.223548889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.223562956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.223608017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.224618912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.224637985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.224673986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.225647926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.225661039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.225694895 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.226562023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.226665020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.226700068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.227721930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.227735043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.227767944 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.228789091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.228805065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.228878021 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.229628086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.229984045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.230035067 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.230684996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.230770111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.230811119 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.231725931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.231739044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.231795073 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.232728958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.232850075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.232888937 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.233711004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.234220982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.234276056 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.234796047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.234817982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.234859943 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.235865116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.235877991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.235933065 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.236871958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.236885071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.236937046 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.237951040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.237962961 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.237998962 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.238791943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.239840031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.239850998 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.239877939 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.240675926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.240715027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.240909100 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.241179943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.241219044 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.241915941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.242878914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.242889881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.242918968 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.242954969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.242986917 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.243890047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.244184017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.244225025 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.244925022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.244936943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.244968891 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.246097088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.246948957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.246959925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.246985912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.247158051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.247198105 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.248016119 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.248028040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.248058081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.248961926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.249494076 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.249535084 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.250361919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.250876904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.250926018 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.251224041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.251236916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.251280069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.252209902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.252576113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.252610922 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.253083944 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.253097057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.253134966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.254205942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.254553080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.254590034 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.255131960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.256125927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.256141901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.256167889 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.256202936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.256239891 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.257123947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.258276939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.258289099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.258320093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.258322001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.258356094 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.259306908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.312259912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.397831917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.397895098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.397939920 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.398283958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.398443937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.398482084 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.399241924 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.399394989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.399430037 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.400289059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.401392937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.401406050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.401438951 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.401451111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.401484966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.402565956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.402620077 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.402657032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.403352976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.403788090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.403820992 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.404428005 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.404515028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.404547930 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.405381918 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.406213045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.406255007 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.406413078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.406425953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.406466007 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.407443047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.407597065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.407635927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.408977032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.408991098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.409029007 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.409636021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.409650087 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.409686089 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.410556078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.411010981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.411061049 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.411562920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.411575079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.411607981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.413034916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.413047075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.413083076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.413515091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.414216995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.414249897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.414546967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.414558887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.414592981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.415606976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.416131973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.416178942 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.416717052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.416898012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.416938066 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.417798042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.418133974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.418174982 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.418704987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.419569016 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.419610023 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.419696093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.419713974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.419744015 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.420675039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.421224117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.421262980 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.421685934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.422499895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.422559977 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.422655106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.422667980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.422710896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.423717022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.423729897 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.423774004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.424746990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.424876928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.424918890 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.425954103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.425966978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.426003933 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.427051067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.427063942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.427097082 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.427809000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.428157091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.428194046 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.428926945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.428940058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.428978920 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.429811954 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.430205107 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.430247068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.431149006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.431160927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.431191921 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.432054043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.432065964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.432095051 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.432868004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.432881117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.432912111 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.433900118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.433913946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.433949947 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.435005903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.435018063 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.435059071 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.435975075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.435986996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.436028004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.437036991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.437048912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.437087059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.437988043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.438000917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.438040018 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.438958883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.440093994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.440112114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.440124035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.440139055 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.440162897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.441087008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.442126036 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.442137957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.442174911 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.442176104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.442210913 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.443126917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.443337917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.443381071 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.444109917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.444123030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.444150925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.445266962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.445844889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.445878983 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.446228981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.446242094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.446274996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.447114944 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.447360039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.447402954 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.448432922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.449085951 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.449132919 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.449137926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.450084925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.450126886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.450189114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.450268030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.450304031 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.451208115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.499874115 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.590229034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.590629101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.590641022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.590652943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.590687990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.590715885 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.591515064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.592577934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.592592001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.592618942 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.593664885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.593679905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.593705893 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.594199896 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.594240904 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.595617056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.595630884 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.595670938 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.596549988 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.596564054 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.596601009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.597174883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.597188950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.597218990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.597870111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.598206043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.598239899 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.599695921 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.599709034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.599720001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.599744081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.600688934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.600702047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.600737095 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.601696014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.601708889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.601736069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.602128029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.602161884 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.603619099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.603631973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.603665113 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.603784084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.603795052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.603832960 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.604950905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.604964018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.605000973 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.605830908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.605844021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.605878115 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.607847929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.607861042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.607872009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.608030081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.608266115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.608304977 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.609940052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.609951973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.609987020 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.610033035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.610044003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.610084057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.611032009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.612276077 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.612286091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.612297058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.612320900 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.612344027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.613260984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.613342047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.613374949 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.614059925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.615034103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.615045071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.615084887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.616012096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.616022110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.616055012 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.616995096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.617007017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.617036104 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.617974043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.617985010 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.618010044 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.618977070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.618988037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.619024992 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.619276047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.619311094 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.620261908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.620273113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.620309114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.621037960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.622210026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.622220993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.622258902 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.623064995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.623075008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.623106956 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.624191999 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.624203920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.624236107 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.625365973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.625377893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.625411987 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.626040936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.626077890 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.626190901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.627142906 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.627154112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.627187967 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.628161907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.628173113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.628206015 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.629177094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.629188061 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.629219055 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.630209923 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.630249023 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.630270004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.630280972 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.630311966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.631934881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.631946087 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.631979942 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.632262945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.632273912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.632316113 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.633255005 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.634197950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.634238005 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.635296106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.635307074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.635334969 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.635340929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.636324883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.636336088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.636362076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.637377977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.637389898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.637399912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.637418985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.637432098 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.638432980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.638444901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.638472080 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.639805079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.639816046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.639858007 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.641453981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.641464949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.641475916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.641500950 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.642191887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.642222881 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.642570972 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.642581940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.642606974 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.643436909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.687263012 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.782526970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.782857895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.782926083 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.782973051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.782987118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.783129930 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.783961058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.784079075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.784126997 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.785262108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.785507917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.785547018 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.786075115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.786340952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.786381006 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.787026882 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.787081957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.787122011 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.787899971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.788085938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.788124084 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.788953066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.789123058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.789175987 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.789999008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.790050030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.790081978 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.791014910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.791299105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.791341066 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.792069912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.792298079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.792337894 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.793006897 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.793150902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.793190002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.794061899 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.794714928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.794758081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.795087099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.795211077 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.795245886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.796209097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.796396017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.796437025 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.797149897 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.798409939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.798425913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.798439026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.798469067 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.798491001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.799218893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.799319029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.799364090 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.800151110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.800426006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.800482988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.801214933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.801948071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.802001953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.802272081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.802807093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.802879095 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.803183079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.804128885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.804168940 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.804244041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.804256916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.804307938 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.805347919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.806130886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.806190968 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.806230068 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.806391954 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.806444883 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.807394028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.808139086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.808197975 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.808377981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.809351921 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.809365034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.809402943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.809406042 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.809438944 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.810578108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.810636044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.810679913 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.811539888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.811649084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.811703920 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.812650919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.812860012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.812906027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.813643932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.814209938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.814256907 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.814564943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.814846992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.814891100 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.815438032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.816128016 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.816175938 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.816468000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.816482067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.816524982 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.817500114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.818481922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.818502903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.818535089 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.818542004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.818614006 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.819752932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.819989920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.820041895 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.820827007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.821204901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.821260929 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.821715117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.821893930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.821942091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.822717905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.823636055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.823652029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.823693991 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.823704958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.823751926 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.824613094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.825557947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.825613976 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.825706005 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.825719118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.825763941 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.826661110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.827708006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.827722073 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.827759981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.827830076 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.827905893 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.828664064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.828766108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.828814030 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.829725981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.830029964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.830081940 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.830768108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.830878019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.830928087 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.831773996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.832067013 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.832115889 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.832931042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.833082914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.833133936 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.833758116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.833987951 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.834039927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.834883928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.835529089 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.835592985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.835865021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.890460968 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.974800110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.974818945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.974999905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.975202084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.975378990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.975421906 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.976212025 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.976397991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.976443052 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.977247953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.977452040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.977504969 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.978240967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.978780985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.978837013 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.979242086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.979460955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.979510069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.980353117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.980433941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.980484009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.981277943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.981314898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.981368065 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.982320070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.982728958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.982801914 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.983345032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.983683109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.983731985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.984360933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.984507084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.984559059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.985533953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.985548973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.985589981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.986555099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.987339973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.987395048 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.987416029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.987731934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.987772942 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.988523006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.988599062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.988641977 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.989491940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.989583015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.989629030 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.990462065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.990853071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.990894079 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.991472960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.991554022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.991595984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.992511034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.993038893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.993079901 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.993524075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.993535995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.993566990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.994575977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.994751930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.994793892 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.995538950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.996107101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.996144056 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.996596098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.996920109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.996963978 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.997575998 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.997723103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.997765064 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.998584032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.998670101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.998711109 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:33.999641895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.999778986 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:33.999821901 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.000646114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.001065969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.001121044 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.001677990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.002402067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.002454996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.002626896 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.002646923 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.002684116 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.003667116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.004117966 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.004167080 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.004709005 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.004983902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.005032063 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.005731106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.006119013 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.006161928 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.006738901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.006901979 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.006944895 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.007778883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.008083105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.008131027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.008774042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.009684086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.009732008 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.009823084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.009860039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.009901047 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.010873079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.011569977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.011616945 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.011811972 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.011957884 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.012003899 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.012893915 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.012906075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.012954950 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.013953924 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.013987064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.014025927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.014916897 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.015958071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.015969992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.016000986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.016011953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.016057014 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.017075062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.017983913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.017998934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.018039942 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.018100023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.018143892 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.018965006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.019171953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.019217014 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.020083904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.020204067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.020260096 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.021153927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.021539927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.021584034 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.022027969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.022308111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.022345066 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.023052931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.023169041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.023211002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.024107933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.024415970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.024460077 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.025149107 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.026125908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.026139021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.026170969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.026175022 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.026206017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.027179003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.027384043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.027427912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.028086901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.078015089 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.167027950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.167432070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.167447090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.167490959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.167603016 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.167638063 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.167936087 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.168745041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.168790102 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.168912888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.169751883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.169802904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.169806004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.170681000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.170734882 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.170890093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.171819925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.171835899 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.171880960 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.173108101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.173151970 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.173192978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.174180031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.174227953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.174262047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.174972057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.175017118 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.175254107 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.176001072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.176023006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.176047087 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.176819086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.176865101 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.177149057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.177874088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.177923918 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.178196907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.178853989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.178901911 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.179080009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.179876089 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.179923058 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.180080891 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.180859089 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.180907011 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.181222916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.181906939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.181961060 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.182138920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.182924032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.182976961 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.183784962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.184024096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.184072971 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.184233904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.184937954 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.184990883 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.185139894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.185992002 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.186013937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.186039925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.187026978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.187068939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.187077999 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.187963009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.188014984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.188288927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.189340115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.189393997 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.189977884 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.190193892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.190207958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.190270901 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.191045046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.191096067 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.191147089 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.192091942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.192153931 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.192842007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.193098068 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.193150043 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.194046021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.194116116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.194128036 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.194168091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.195096970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.195157051 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.195349932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.196249008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.196299076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.196557999 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.197186947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.197237015 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.197267056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.198271990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.198340893 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.199229002 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.199243069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.199297905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.199361086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.200212002 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.200268030 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.200278997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.201220036 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.201273918 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.201944113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.202351093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.202397108 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.202773094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.203274965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.203339100 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.203901052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.204432964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.204495907 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.204837084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.205331087 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.205401897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.205729008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.206423044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.206449032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.206480980 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.207362890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.207415104 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.207439899 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.208419085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.208477020 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.208623886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.209391117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.209404945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.209434986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.210433960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.210491896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.211422920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.211467028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.211479902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.211522102 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.212419033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.212471008 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.212692022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.213521004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.213574886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.213658094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.214471102 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.214536905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.215502977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.215517044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.215545893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.215570927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.216499090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.216546059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.216620922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.217530012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.217566967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.217573881 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.218600988 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.218668938 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.219038963 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.219563007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.219608068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.219645977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.265398979 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.359535933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.359808922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.359862089 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.360001087 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.360182047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.360320091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.361342907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.361692905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.361732960 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.362104893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.362204075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.362257004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.363008022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.363028049 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.363079071 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.364008904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.364334106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.364387035 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.365045071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.365250111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.365289927 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.366143942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.366265059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.366313934 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.367176056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.367372036 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.367420912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.371303082 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.371325970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.371386051 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.371489048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.371501923 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.371537924 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.371543884 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.371551991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.371591091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.372529984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.372541904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.372587919 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.373481989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.373852968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.373900890 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.374690056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.374982119 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.375025988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.375475883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.375650883 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.375688076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.376507044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.376527071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.376564980 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.376738071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.376761913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.376800060 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.377530098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.377543926 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.377593994 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.380865097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.380880117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.380939960 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.381835938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.381849051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.381894112 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.382010937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.382179976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.382213116 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.382870913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.383969069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.383981943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.384016037 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.384169102 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.384210110 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.384960890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.385629892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.385680914 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.385926962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.386276960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.386318922 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.387059927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.387406111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.387449980 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.387866020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.388228893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.388267994 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.388854027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.388865948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.388906002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.389832020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.390345097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.390403986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.390809059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.390989065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.391026974 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.391786098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.391932011 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.391973972 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.392915964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.393395901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.393441916 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.393892050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.393903971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.393944979 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.394751072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.395653009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.395694017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.395778894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.395956039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.395993948 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.397140026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.397279978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.397325993 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.397943020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.398113012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.398154974 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.399072886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.399085999 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.399132013 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.399986029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.400091887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.400132895 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.400140047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.401218891 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.401267052 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.401974916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.402086020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.402126074 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.402890921 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.402904987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.402950048 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.403733015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.404459000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.404473066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.404484034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.404504061 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.404525042 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.405462027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.405474901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.405514002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.405946970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.406480074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.406533003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.406903982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.407257080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.407289982 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.408109903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.408430099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.408463955 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.409023046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.409817934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.409854889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.409866095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.409868956 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.409895897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.410864115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.411011934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.411056042 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.411941051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.412081957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.412123919 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.412930965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.457865953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.551884890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.552119970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.552162886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.552391052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.552547932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.552587032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.553447008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.553523064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.553566933 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.554609060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.554899931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.554944992 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.556169033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.556184053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.556230068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.557673931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.557687998 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.557702065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.557719946 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.558208942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.558244944 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.559222937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.559237003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.559271097 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.559863091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.559875011 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.559906960 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.561233997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.562086105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.562098980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.562119961 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.563215971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.563229084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.563256025 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.564241886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.564282894 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.564630032 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.564640045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.564682007 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.566327095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.566343069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.566381931 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.566504002 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.566514969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.566549063 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.567799091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.567810059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.567848921 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.568568945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.568579912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.568620920 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.570204973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.570271969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.570283890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.570311069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.570626974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.570669889 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.571898937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.571911097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.571923018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.571945906 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.573025942 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.573038101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.573061943 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.573884010 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.573920965 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.575467110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.575479031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.575490952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.575520039 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.576231956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.576270103 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.576827049 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.576838970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.576872110 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.577435017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.578419924 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.578433037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.578444004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.578466892 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.578486919 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.579551935 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.579564095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.579602957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.580297947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.580311060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.580359936 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.581038952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.581049919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.581083059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.582205057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.582880020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.582890034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.582901955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.582927942 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.582952023 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.584132910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.584145069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.584183931 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.585216999 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.586374044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.586385012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.586416006 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.587276936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.587287903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.587327003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.588072062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.588083029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.588114977 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.588227987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.588267088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.589077950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.589088917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.589133024 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.590245962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.590256929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.590306997 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.591566086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.591577053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.591619015 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.592170000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.592183113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.592226982 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.593235970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.593247890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.593296051 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.594122887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.594136000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.594177961 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.595194101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.595205069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.595237970 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.596107960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.596179008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.596237898 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.597167015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.597178936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.597218990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.598306894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.598320007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.598359108 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.599483013 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.599494934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.599529028 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.600229025 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.601291895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.601303101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.601336002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.602241039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.602252960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.602283955 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.602835894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.602875948 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.603230000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.604248047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.604259014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.604290009 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.606204033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.606214046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.606250048 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.744545937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.745105982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.745119095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.745187044 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.745242119 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.745282888 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.746090889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.746350050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.746395111 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.747371912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.747384071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.747423887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.748147964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.748276949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.748321056 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.749133110 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.749216080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.749259949 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.750173092 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.750394106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.750436068 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.751193047 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.751720905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.751763105 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.752247095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.752299070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.752340078 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.753246069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.753312111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.753348112 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.754245043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.754420042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.754461050 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.755273104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.755398989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.755441904 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.756372929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.757478952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.757489920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.757502079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.757524967 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.757554054 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.758338928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.758491039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.758532047 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.759327888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.759541035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.759578943 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.760554075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.760644913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.760688066 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.761409044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.761420965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.761456966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.762535095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.762797117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.762840986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.763681889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.764296055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.764339924 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.764486074 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.764566898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.764602900 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.765470028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.765566111 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.765604019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.766479015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.767496109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.767544031 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.767751932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.767764091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.767803907 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.768518925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.768672943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.768712044 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.769535065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.769640923 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.769682884 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.770617008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.771579027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.771591902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.771617889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.771619081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.771651030 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.772559881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.773804903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.773818016 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.773829937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.773848057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.773873091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.774792910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.775579929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.775624990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.775782108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.776175976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.776216984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.776634932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.777165890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.777208090 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.777669907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.777682066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.777717113 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.778681993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.778723955 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.778763056 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.779690027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.779794931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.779834986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.780704975 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.780818939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.780859947 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.781721115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.781949997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.781991959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.782718897 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.784013987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.784027100 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.784039021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.784054995 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.784080029 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.784996033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.785458088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.785495043 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.786140919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.786241055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.786278963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.787049055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.787308931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.787350893 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.788053989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.788065910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.788104057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.789094925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.789726019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.789767027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.790199995 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.790417910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.790455103 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.791173935 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.791186094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.791224003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.792172909 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.792185068 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.792221069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.793132067 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.793595076 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.793636084 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.794037104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.794219017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.794258118 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.794997931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.795141935 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.795183897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.796060085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.796128035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.796164036 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.797074080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.797121048 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.797158957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.797991037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.843566895 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.936860085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.936949015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.937100887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.937391043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.937403917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.937437057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.938347101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.938503981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.938549042 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.939352989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.939791918 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.939831018 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.940399885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.940440893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.940481901 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.941466093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.941540003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.941577911 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.942467928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.942780018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.942819118 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.943567038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.943768024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.943798065 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.944437981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.945013046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.945050955 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.945487022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.945512056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.945540905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.946533918 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.947602034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.947613001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.947626114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.947644949 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.947669029 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.948574066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.948585987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.948616982 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.949568987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.949776888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.949819088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.950632095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.950865030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.950902939 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.951699018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.951836109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.951873064 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.952657938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.952867031 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.952903032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.953732014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.954241037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.954279900 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.954725027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.955528975 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.955569983 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.955877066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.956100941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.956137896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.956990004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.957220078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.957252026 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.958298922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.958312035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.958353996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.959393024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.959558964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.959590912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.960186958 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.960443974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.960479975 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.961338043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.961349010 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.961381912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.962276936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.962344885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.962383032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.963327885 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.963958979 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.963996887 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.964160919 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.964302063 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.964332104 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.965162039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.966017962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.966058969 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.966094017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.966111898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.966140985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.966881990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.967072964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.967113018 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.967942953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.968059063 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.968097925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.968897104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.969671011 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.969712019 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.969978094 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.970168114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.970210075 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.970954895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.971519947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.971560955 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.971999884 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.972100019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.972131014 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.972953081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.973001003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.973037004 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.973987103 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.974245071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.974282026 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.975023985 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.975123882 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.975159883 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.976329088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.977288008 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.977299929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.977313042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.977330923 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.977355957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.978276014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.978295088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.978331089 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.979177952 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.979494095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.979540110 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.980123043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.980334044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.980376005 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.981173038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.981518030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.981556892 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.982218027 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.982320070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.982362986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.983258009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.984198093 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.984240055 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.984333992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.984353065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.984386921 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.985409021 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.985518932 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.985557079 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.986417055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.986435890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.986469984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.987242937 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.987350941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.987396002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.988300085 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.988375902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.988415003 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.989470959 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.989938974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:34.989979029 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:34.990468025 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.031136990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.129100084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.129245996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.129295111 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.129631996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.129834890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.129875898 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.130753040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.130980015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.131015062 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.131598949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.131855011 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.131895065 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.132683992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.132695913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.132729053 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.133683920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.134438038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.134480953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.134696960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.134708881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.134736061 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.135683060 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.135977030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.136008024 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.136815071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.136894941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.136933088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.139863014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.139899015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.139940023 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.139995098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.140007973 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.140047073 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.140439987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.140520096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.140562057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.148762941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.148905039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.148917913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.148950100 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149033070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149044991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149056911 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149070978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149071932 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149094105 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149251938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149285078 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149326086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149338007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149360895 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149369001 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149373055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149385929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149403095 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149679899 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149691105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149709940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149723053 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149749041 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.149766922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149780989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.149808884 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.150238991 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.150338888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.150371075 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.151367903 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.152045965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.152057886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.152081966 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.152118921 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.152168989 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.153048992 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.154088974 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.154099941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.154129028 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.154167891 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.154201984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.155277014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.155563116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.155597925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.156156063 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.156677961 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.156711102 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.157252073 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.157263994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.157298088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.158137083 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.158310890 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.158344984 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.159202099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.159212112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.159254074 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.160207033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.160337925 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.160377026 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.161206961 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.161359072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.161398888 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.162223101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.162235022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.162267923 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.163213968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.163893938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.163925886 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.164264917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.164278030 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.164308071 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.165329933 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.165390015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.165421963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.166327953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.167319059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.167331934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.167351007 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.167450905 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.167484045 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.168329000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.168342113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.168385029 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.169361115 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.170572042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.170587063 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.170612097 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.170619965 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.170640945 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.171365976 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.171427965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.171471119 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.172384977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.172518969 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.172554016 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.173656940 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.173710108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.173764944 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.174437046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.175081968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.175123930 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.175415993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.175950050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.175987959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.176436901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.177292109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.177339077 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.177499056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.177510023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.177547932 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.178476095 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.179440975 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.179481983 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.179573059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.179589987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.179625034 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.180517912 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.181077003 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.181114912 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.181562901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.181576014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.181624889 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.183039904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.234144926 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.325648069 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.325664997 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.325902939 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.326009989 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.326531887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.326570034 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.326899052 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.327208042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.327249050 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.327898026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.328084946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.328121901 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.328902006 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.329505920 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.329545021 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.329982042 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.330137014 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.330171108 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.331154108 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.331166029 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.331197977 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.331959963 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.332087040 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.332117081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.333112001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.333565950 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.333600044 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.334052086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.334064007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.334091902 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.335011959 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.335505009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.335544109 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.336051941 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.336432934 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.336467981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.337083101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.337095022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.337131023 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.338092089 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.338197947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.338234901 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.339114904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.339127064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.339162111 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.340168953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.340398073 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.340436935 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.341171026 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.341182947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.341226101 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.342140913 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.342228889 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.342258930 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.343283892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.343549967 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.343588114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.344218016 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.344352007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.344392061 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.345251083 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.345581055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.345618963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.346287012 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.346962929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.346998930 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.347239971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.348076105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.348110914 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.348277092 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.348289013 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.348325968 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.349265099 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.349806070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.349848986 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.350389957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.350462914 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.350500107 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.351306915 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.351933956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.351975918 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.352319956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.352490902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.352521896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.353389978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.353400946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.353440046 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.354398966 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.354998112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.355029106 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.355456114 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.355581045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.355621099 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.356403112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.356836081 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.356875896 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.357448101 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.358340979 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.358385086 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.358498096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.358510971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.358550072 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.359463930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.359808922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.359850883 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.360486984 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.361517906 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.361531019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.361557961 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.361617088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.361654997 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.362600088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.362988949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.363025904 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.363702059 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.363790989 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.363828897 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.364583015 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.364732981 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.364772081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.365852118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.365864038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.365906000 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.366640091 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.366826057 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.366862059 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.367728949 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.367742062 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.367774963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.369287968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.369704962 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.369715929 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.369728088 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.369746923 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.369764090 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.370707035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.371088982 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.371128082 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.371675968 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.372035980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.372076988 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.372725964 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.372905970 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.372937918 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.373807907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.374059916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.374094963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.374736071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.374880075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.374918938 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.376141071 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.376157045 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.376204014 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.376786947 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.377103090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.377146959 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.377825022 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.377922058 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.377959967 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.378787994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.422210932 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.517579079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.517720938 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.517766953 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.518086910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.518311977 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.518356085 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.518484116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.519340038 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.519354105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.519382000 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.520311117 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.520359039 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.520766020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.521337986 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.521378040 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.521722078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.522363901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.522403002 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.522599936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.523382902 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.523422956 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.523927927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.524396896 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.524436951 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.525474072 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.525486946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.525525093 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.526043892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.526460886 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.526477098 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.526495934 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.527419090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.527456045 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.527470112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.528475046 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.528517962 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.528765917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.529484034 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.529517889 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.529675007 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.530494928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.530534983 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.530752897 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.531558990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.531584978 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.531593084 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.532541037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.532574892 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.532743931 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.533559084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.533591032 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.533723116 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.534833908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.534869909 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.534893036 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.535604000 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.535646915 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.536147118 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.536719084 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.536758900 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.537646055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.537658930 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.537688971 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.537694931 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.538631916 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.538671017 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.539098024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.539673090 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.539709091 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.539772987 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.540718079 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.540759087 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.541388035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.541721106 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.541732073 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.541758060 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.542712927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.542753935 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.542922020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.543766975 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.543806076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.544095039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.544745922 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.544784069 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.545279980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.545804024 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.545836926 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.545869112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.546780109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.546812057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.547399998 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.547880888 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.547894001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.547919989 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.548839092 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.548878908 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.549320936 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.549876928 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.549915075 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.550059080 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.550919056 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.550960064 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.551785946 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.551925898 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.551954985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.552078009 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.552978039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.553015947 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.554143906 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.554156065 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.554183960 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.554188013 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.554960966 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.555006981 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.555737972 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.556160927 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.556200027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.556355953 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.557218075 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.557257891 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.557703018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.558007956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.558043957 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.558629990 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.559050083 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.559061050 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.559078932 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.560034037 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.560065985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.560892105 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.561096907 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.561108112 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.561140060 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.562072039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.562114954 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.562530994 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.563102961 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.563146114 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.564136028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.564146996 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.564177990 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.564182043 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.565100908 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.565140963 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.565736055 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.566154957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.566194057 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.566195965 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.567253113 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.567293882 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.567831039 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.568219900 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.568258047 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.569220066 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.569231033 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.569262028 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.569267035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.570229053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.570267916 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.570940018 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.624757051 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.709860086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.710330963 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.710375071 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.710443020 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.710500956 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.710530996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.711163044 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.711227894 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.711262941 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.712223053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.712709904 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.712745905 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.713196993 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.714225054 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.714262962 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.714293957 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.714307070 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.714340925 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.715277910 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.715358019 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.715393066 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.716274023 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.716814041 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.716850996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.717398882 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.717829943 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.717871904 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.718317986 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.718767881 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.718810081 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.719378948 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.719778061 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.719816923 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.720334053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.720769882 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.720807076 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.721369028 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.722357035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.722392082 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.722402096 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.722414017 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.722445965 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.723376036 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.724123001 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.724153996 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.724376917 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.724617004 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.724647045 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.725474119 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.725485086 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.725522041 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.726461887 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.727592945 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.727605104 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.727624893 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.727632999 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.727663994 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.728571892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.729554892 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.729567051 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.729587078 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.729588985 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.729618073 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.730523109 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.731036901 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.731069088 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.731605053 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.732182980 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.732218027 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.732503891 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.732543945 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.742099047 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.751377106 CET	49730	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:35.861283064 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:35.870707035 CET	7390	49730	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:46.278003931 CET	49737	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:46.397377014 CET	7390	49737	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:46.397459030 CET	49737	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:46.397629023 CET	49737	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:46.516870975 CET	7390	49737	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:46.517136097 CET	7390	49737	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:56.266412973 CET	49741	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:56.385653019 CET	7390	49741	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:56.386446953 CET	49741	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:56.386558056 CET	49741	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:56:56.505738974 CET	7390	49741	193.124.205.63	192.168.2.4
Dec 9, 2024 10:56:56.505916119 CET	7390	49741	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:06.281614065 CET	49742	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:06.401031971 CET	7390	49742	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:06.401133060 CET	49742	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:06.401230097 CET	49742	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:06.520423889 CET	7390	49742	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:06.520585060 CET	7390	49742	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:16.281713009 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:16.401024103 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:16.401155949 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:16.401232004 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:16.520570040 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:17.646162987 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:17.646198988 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:17.646384001 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:17.654349089 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:17.773798943 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.046154976 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.046387911 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:18.165638924 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.434278965 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.436899900 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:18.556163073 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.556384087 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:18.675611019 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.944106102 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:18.946760893 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.066992998 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.067188978 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.186505079 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.455012083 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.455053091 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.455096006 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.560704947 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.560821056 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.560906887 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.561007977 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680006027 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680128098 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680139065 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680232048 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680272102 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680335999 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680401087 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680411100 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680433989 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680458069 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680478096 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680813074 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680823088 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680831909 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680840969 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680850029 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680859089 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.680874109 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680874109 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680902958 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.680902958 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.799635887 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.799659967 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.799772978 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.799773932 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.799830914 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.799844027 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.799899101 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.799962997 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800010920 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.800038099 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800080061 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.800116062 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800165892 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.800282001 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800292015 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800363064 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800364971 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.800412893 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.800441027 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800493956 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.800535917 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.800587893 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.919163942 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919217110 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919285059 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:19.919296980 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919332981 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919428110 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919459105 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919591904 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919666052 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919718981 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919783115 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919836998 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919847012 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919856071 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919889927 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.919986010 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920001984 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920062065 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920070887 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920116901 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920176983 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920298100 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920314074 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920474052 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920655012 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920665026 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920708895 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920747042 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920768023 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920913935 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:19.920926094 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:20.038661957 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:20.038695097 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:20.038786888 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:20.458767891 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:20.500092983 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:21.308222055 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:21.308310032 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:21.308371067 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:21.308434010 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:21.427531004 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427593946 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:21.427615881 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427628994 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427654028 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427853107 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427861929 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427927017 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.427936077 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.428008080 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.428025007 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.428034067 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.428143978 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.428153038 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.547108889 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.818455935 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:21.859477997 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.427567005 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.427663088 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.427759886 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.427855968 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.427912951 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.427968025 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:22.547636986 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.547765970 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.547779083 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.547904968 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548046112 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548078060 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548155069 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548168898 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548223972 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548252106 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548260927 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548319101 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548327923 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548356056 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548365116 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548398972 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548408031 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548417091 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.548429012 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.837728024 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:22.890835047 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:23.828331947 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:23.947788954 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:23.947885036 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:24.067975044 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:24.361188889 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:24.361265898 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:24.361321926 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:24.361351967 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:24.361437082 CET	49743	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:24.481770039 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:24.481812954 CET	7390	49743	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:29.375484943 CET	49765	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:29.494712114 CET	7390	49765	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:29.494865894 CET	49765	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:29.494940042 CET	49765	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:29.614865065 CET	7390	49765	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:29.615055084 CET	7390	49765	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:39.392484903 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:39.511846066 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:39.511953115 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:39.512037039 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:39.631341934 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:40.828773975 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:40.828819990 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:40.828866959 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:40.858448029 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:40.977742910 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:41.291785955 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:41.292143106 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:41.411709070 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:41.713466883 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:41.716109037 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:41.835479021 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:41.835613966 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:41.955949068 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.300779104 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.305226088 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.424561977 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.424670935 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.544964075 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.874305010 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.877573013 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.877587080 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.877599955 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.877684116 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.877731085 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.877779961 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.885874987 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.885936022 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.885936975 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.893279076 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.893399000 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.893484116 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.901804924 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.901823997 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.901882887 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.906644106 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.906691074 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.906730890 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.915054083 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.915110111 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:42.915169954 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:42.969064951 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:43.082885981 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.082906008 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.082979918 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:43.086766958 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.088320971 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.088376045 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:43.088414907 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.096642971 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.096657991 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.096709013 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:43.104783058 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:43.104831934 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.141117096 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.260549068 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.260848999 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.380345106 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.722237110 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.722296000 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.722384930 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.722415924 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.730551958 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.730627060 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.731990099 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.732161999 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.732220888 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.740387917 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.740415096 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.740478992 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.745647907 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.745666981 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.745713949 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.753966093 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.753983021 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.754026890 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.761986017 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.762131929 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.762178898 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.770194054 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.770328999 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.770370960 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.778247118 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.778367043 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.778414011 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.786616087 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.786631107 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.786679983 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.794831038 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.794843912 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.794888973 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.803221941 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.803385019 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.803426981 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.811258078 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.811273098 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.811322927 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.819257975 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.819308043 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.819354057 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.827384949 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.827497005 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.827583075 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.835829020 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.835845947 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.835895061 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.844218016 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.844233036 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.844305038 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.914475918 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.914491892 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.914568901 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.918440104 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.918452978 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:45.918493032 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:45.981936932 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.101505041 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.101562977 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.221080065 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.547394991 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.547660112 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.547724009 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.549663067 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.553277969 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.553294897 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.553364038 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.555499077 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.555545092 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.556031942 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.558526993 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.558578968 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.558584929 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.563364029 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.563421011 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.563971996 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.563986063 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.564033985 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.568511963 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.569273949 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.569327116 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.569379091 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.573918104 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.573937893 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.573982954 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.578414917 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.578562975 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.580012083 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.580148935 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.580198050 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.584645033 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.584733009 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.584785938 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.589212894 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.590832949 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.590890884 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.590946913 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.595350027 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.595477104 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.595545053 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.600003958 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.600188971 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.600255966 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.604593992 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.604681969 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.604729891 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.609123945 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.609224081 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.609289885 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.613603115 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.613706112 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.613754988 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.618252993 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.618582010 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.618638039 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.622788906 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.622889996 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.622936010 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.627305984 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.627394915 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.627444983 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.631871939 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.631968021 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.632144928 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.636425018 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.636513948 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.636567116 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.641057014 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.641109943 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.641164064 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.645597935 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.645668983 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.645726919 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.650353909 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.650456905 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.650527954 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.654726028 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.654786110 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.654855013 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.662293911 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.662312031 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.662385941 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.667830944 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.667968988 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.668024063 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.740048885 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.740186930 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.740267992 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.742861032 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.742877960 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.742933035 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.747067928 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.787576914 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.787756920 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.787776947 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.789577007 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.789634943 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.789737940 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.794995070 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.795010090 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.795048952 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.799240112 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.799252987 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.799293995 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.803354025 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.803366899 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.803397894 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.804794073 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.804838896 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.804980040 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.806390047 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.806401014 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.806444883 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.808003902 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.808015108 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.808058023 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.809495926 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.809514046 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.809539080 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.810926914 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.810970068 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.811110020 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.812475920 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.812525988 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.812628984 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.814127922 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.814140081 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.814172983 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.815695047 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.815706015 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.815737963 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.817112923 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.817157030 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.817270994 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.818742990 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.818753958 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.818792105 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.820173025 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.820249081 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.820477009 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.821769953 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.821825981 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.821902990 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.823380947 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.823398113 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.823435068 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.824757099 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.824806929 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.824929953 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.826349974 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.826361895 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.826401949 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.827375889 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.827428102 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.827652931 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.828857899 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.828916073 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.829006910 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.830265045 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.830349922 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.830365896 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.831667900 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.831717014 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.831769943 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.833296061 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.833308935 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.833352089 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.834737062 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.834783077 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.834816933 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.839370966 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.839386940 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.839396954 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.839409113 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.839421034 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.839451075 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.840127945 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.840183973 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.840301037 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.841727018 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.841772079 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.842045069 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.844846010 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.844899893 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.845026016 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.845037937 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.845074892 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.845185041 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.846338034 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.846394062 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.846498966 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.847867966 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.847881079 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.847930908 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.849328995 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.849375963 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.849467039 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.850950956 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.850961924 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.850997925 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.852541924 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.852598906 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.852694988 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.860517979 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.860620975 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.860682964 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.861304998 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.861351967 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.861615896 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.863168955 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.863325119 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.863342047 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.864423990 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.864468098 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.864598036 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.906985044 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.907190084 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.907253027 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.907336950 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.908202887 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.908217907 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.908252954 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.909466982 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.909565926 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.909607887 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.911123991 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.911170959 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.911290884 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.914532900 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.914655924 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.914740086 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.915322065 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.915445089 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.915488958 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.916995049 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.917113066 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.917218924 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.918759108 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.918872118 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.918929100 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.922882080 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.922945976 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.922988892 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.923619986 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.923727989 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.923846960 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.931704998 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.931773901 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.931998968 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.932410002 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.932588100 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.932626963 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.933984995 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.934077024 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.934262991 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.935439110 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.937410116 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.937457085 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.937475920 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.938113928 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.938167095 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.938230991 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.939657927 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.939708948 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.939784050 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.941198111 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.941245079 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.941684961 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.941795111 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.941843987 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.942590952 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.942683935 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.942820072 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.944099903 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.944199085 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.944246054 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:46.945765972 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.945775986 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:46.945826054 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.168076992 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.287467003 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:47.287564993 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.407429934 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:47.769740105 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:47.770303965 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:47.770379066 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.770411968 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:47.770461082 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.770478964 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.770526886 CET	49766	7390	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:47.889982939 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:47.889998913 CET	7390	49766	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:48.141407013 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:48.141530037 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:48.141633987 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:48.141733885 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:48.141756058 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:49.610512018 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:49.610646009 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:49.614892006 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:49.614905119 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:49.615178108 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:49.616597891 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:49.663333893 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:54.321156025 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:54.321233988 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:54.321329117 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:54.321379900 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:54.321402073 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:54.321423054 CET	49767	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:54.321429014 CET	443	49767	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:55.313322067 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:55.313381910 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:55.313476086 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:55.313524961 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:55.313532114 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:56.689126968 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:56.689261913 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:56.693473101 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:56.693485975 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:56.693756104 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:57:56.694441080 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:57:56.735340118 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:01.489490032 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:01.489597082 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:01.489700079 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:01.492840052 CET	49769	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:01.492861032 CET	443	49769	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:02.511610985 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:02.511655092 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:02.511708975 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:02.511763096 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:02.511768103 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:03.882015944 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:03.882093906 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:03.889125109 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:03.889137983 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:03.889437914 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:03.890161037 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:03.935329914 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:08.684653997 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:08.684736967 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:08.684961081 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:08.685116053 CET	49770	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:08.685133934 CET	443	49770	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:09.695456982 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:09.695502996 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:09.695600986 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:09.695708036 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:09.695717096 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:11.163784981 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:11.163877010 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:11.168071985 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:11.168085098 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:11.168390989 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:11.169042110 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:11.215333939 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:15.963964939 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:15.964050055 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:15.964117050 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:15.964200020 CET	49771	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:15.964210987 CET	443	49771	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:16.954371929 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:16.954415083 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:16.954477072 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:16.954595089 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:16.954605103 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:18.324892998 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:18.325006008 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:18.378254890 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:18.378283978 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:18.378632069 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:18.389861107 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:18.431339979 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:23.128103018 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:23.128180027 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:23.128230095 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:23.128277063 CET	49772	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:23.128293991 CET	443	49772	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:24.142082930 CET	49773	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:24.142148972 CET	443	49773	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:24.142215014 CET	49773	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:24.142296076 CET	49773	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:24.142303944 CET	443	49773	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:25.525794983 CET	443	49773	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:25.525974035 CET	49773	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:25.530360937 CET	49773	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:25.530374050 CET	443	49773	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:25.530639887 CET	443	49773	193.124.205.63	192.168.2.4
Dec 9, 2024 10:58:25.531337976 CET	49773	443	192.168.2.4	193.124.205.63
Dec 9, 2024 10:58:25.579335928 CET	443	49773	193.124.205.63	192.168.2.4

Target ID:	0
Start time:	04:56:21
Start date:	09/12/2024
Path:	C:\Users\user\Desktop\cXjy5Y6dXX.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\cXjy5Y6dXX.exe"
Imagebase:	0xba0000
File size:	433'152 bytes
MD5 hash:	9725864712CC93935C58E8908DFA66D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1701632877.00000000047D0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.1699421762.0000000000CF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.1702281326.0000000003BF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1701458726.00000000045B0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:56:25
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\OpenWith.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\openwith.exe"
Imagebase:	0xcc0000
File size:	107'368 bytes
MD5 hash:	0ED31792A7FFF811883F80047CBCFC91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1704117814.0000000005470000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1704399379.0000000005690000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000003.1733027808.00000000053DF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000003.1702483647.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000002.1802524391.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:56:35
Start date:	09/12/2024
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\openwith.exe"
Imagebase:	0x7ff6d5b20000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1892936653.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1892527686.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1891865924.000001D97E718000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.1857372783.000001D97EE61000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1893822395.000001D97E6B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.2575850909.000001D97F061000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.1857755210.000001D97EF14000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:57:42
Start date:	09/12/2024
Path:	C:\Program Files\Windows Media Player\wmplayer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\wmplayer.exe"
Imagebase:	0x7ff61f310000
File size:	171'008 bytes
MD5 hash:	89DCD2D4C0EC638AADC00D3530E07E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	04:57:46
Start date:	09/12/2024
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\dllhost.exe"
Imagebase:	0x8c0000
File size:	21'312 bytes
MD5 hash:	08EB78E5BE019DF044C26B14703BD1FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.7%
Total number of Nodes:	1670
Total number of Limit Nodes:	22

Executed Functions

Function 00BF4E5A Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 89
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,3B9ACA00), ref: 00BF4E6D
RtlAllocateHeap.NTDLL(00000000), ref: 00BF4E74
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00BF4EA5
_wcsrchr.LIBVCRUNTIME ref: 00BF4EB8
lstrlenW.KERNEL32(-00000002), ref: 00BF4EDD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BF4F14
RtlFreeHeap.NTDLL(00000000), ref: 00BF4F1B
MulDiv.KERNEL32(00000001,80000000,80000000), ref: 00BF4F30

Strings

, xrefs: 00BF4EFA
@, xrefs: 00BF4F04
(, xrefs: 00BF4EFF

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: Heap$Process$AllocateFileFreeModuleName_wcsrchrlstrlen
String ID: $($@
API String ID: 443335681-2581157662
Opcode ID: a58d88590377653aa617e7038d5911271eaf0dcdc21ead73f8a4e5a9e38095fb
Instruction ID: bc45e270ef626542a26029bdc4a36a2e52f873360ceb36883193c9d165a0363e
Opcode Fuzzy Hash: a58d88590377653aa617e7038d5911271eaf0dcdc21ead73f8a4e5a9e38095fb
Instruction Fuzzy Hash: EE21C2769003096AE7345364AC8EBBF26E8EB4A361F214595FB0DD71D1EB648C48C561

Function 00BFC146 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00BFC255,00BFCAD9,?,00000000,00000000,00000000,?,00BFC3CE,00000022,FlsSetValue,00C14078,00C14080,00000000), ref: 00BFC207

Strings

api-ms-, xrefs: 00BFC19D
ext-ms-, xrefs: 00BFC1B1

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: e9f440b67762e6ee740e36e9c07d9d46f473af497040aa9ba4ea4eee333ee502
Instruction ID: 11cb78a43f41c74d66a365943b62a3ec64591f2575e2b5d923fca70d93ebcb35
Opcode Fuzzy Hash: e9f440b67762e6ee740e36e9c07d9d46f473af497040aa9ba4ea4eee333ee502
Instruction Fuzzy Hash: 1E210835A4111DABC7318B649D40BBE7BA9EB42360F204190EE15F7281D730EF64C6E0

Function 00C022CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00C02314

Part of subcall function 00C02098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 00C020C1
Part of subcall function 00C02098: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00C0226D

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00C02366
VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 00C023C0
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00C023F3

Strings

,, xrefs: 00C02344

Memory Dump Source

Source File: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: Virtual$Alloc$Free$Protect
String ID: ,
API String ID: 1004437363-3772416878
Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction ID: ba8363b6dc526faf5b2d633715e9e7ea9bd2cf7151a60412e9afea31d1211011
Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction Fuzzy Hash: F051FC75900719AFCB10DFA9C885B9EBBF8FF08354F10851AF959A7280D370EA54CB94

Function 00C022CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00C02314

Part of subcall function 00C02098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 00C020C1
Part of subcall function 00C02098: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00C0226D

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00C02366
VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 00C023C0
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00C023F3

Strings

,, xrefs: 00C02344

Memory Dump Source

Source File: 00000000.00000003.1699532870.0000000000C02000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C02000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_c02000_cXjy5Y6dXX.jbxd

Similarity

API ID: Virtual$Alloc$Free$Protect
String ID: ,
API String ID: 1004437363-3772416878
Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction ID: ba8363b6dc526faf5b2d633715e9e7ea9bd2cf7151a60412e9afea31d1211011
Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction Fuzzy Hash: F051FC75900719AFCB10DFA9C885B9EBBF8FF08354F10851AF959A7280D370EA54CB94

Function 00BF8946 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00BF8A50,?,00BF8940,00000000,?,?,00BF8A50,10008967,?,00BF8A50), ref: 00BF8957
TerminateProcess.KERNEL32(00000000,?,00BF8940,00000000,?,?,00BF8A50,10008967,?,00BF8A50), ref: 00BF895E
ExitProcess.KERNEL32 ref: 00BF8970

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 12c1b877d6f5180eb95620a0112bfadeeedddc8d93afc5c187cde2e4b882c3e2
Instruction ID: efb11d76537ed196c10b58f1f739b6dd4551cb5f8a60eef94772ed52ce5dd8d1
Opcode Fuzzy Hash: 12c1b877d6f5180eb95620a0112bfadeeedddc8d93afc5c187cde2e4b882c3e2
Instruction Fuzzy Hash: 87D06C35400208ABCF016FA0DC09BBE3F6AFA49385B549154BA099A022CFB199A6DA81

Function 00C02098 Relevance: 2.7, APIs: 2, Instructions: 163
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 00C020C1
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00C0226D

Memory Dump Source

Source File: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: 39f5a65c487c15d1ef884feb9f46b7cd3f14da3c98caf3fa0d4f6a7bac689b14
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: B1718A71E0424ADFDB41CF98C985BEEBBF0AF09324F244095E565FB281C234AA91DF64

Function 00C02098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 00C020C1
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00C0226D

Memory Dump Source

Source File: 00000000.00000003.1699532870.0000000000C02000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C02000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_c02000_cXjy5Y6dXX.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: 39f5a65c487c15d1ef884feb9f46b7cd3f14da3c98caf3fa0d4f6a7bac689b14
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: B1718A71E0424ADFDB41CF98C985BEEBBF0AF09324F244095E565FB281C234AA91DF64

Function 00BFC211 Relevance: 1.6, APIs: 1, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 107e8cb87553c10f913c4d92b1f209a08dd915a92949b73b7541cd080c35e54f
Instruction ID: e3eeefdba2be0afb56b3f3c94dc07bb64c915386bc973b8942adf2d67fdcb10b
Opcode Fuzzy Hash: 107e8cb87553c10f913c4d92b1f209a08dd915a92949b73b7541cd080c35e54f
Instruction Fuzzy Hash: C501FE3320021C5F9F168BE8ED80BBA3BE5FBCB3207208164FA0597154DA31D9899781

Non-executed Functions

Function 00BF55A9 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00BF55B5
IsDebuggerPresent.KERNEL32 ref: 00BF5681
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BF56A1
UnhandledExceptionFilter.KERNEL32(?), ref: 00BF56AB

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 5e7a6f763c95f1301b82cc5229c4d304f1894ae510807ca736fa4426d46db95f
Instruction ID: 604810c8c33888fa0473f68bff67cc1230e86a8c6d8574ca3cd0fe978d21c7a2
Opcode Fuzzy Hash: 5e7a6f763c95f1301b82cc5229c4d304f1894ae510807ca736fa4426d46db95f
Instruction Fuzzy Hash: E9310675D0521C9BDB20DFA4D989BCCBBF8BF08304F1041EAE509AB250EB719A89CF44

Function 00BF9AB4 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00BF9BAC
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00BF9BB6
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00BF9BC3

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 91f37ba4390c2b904c41be6e31ca176993e6355394bdafca1f415d1b6984c81d
Instruction ID: 92c577c18e17ec0881d99b7afb823da1486b3fefad645ccd18cc7818452dd6bf
Opcode Fuzzy Hash: 91f37ba4390c2b904c41be6e31ca176993e6355394bdafca1f415d1b6984c81d
Instruction Fuzzy Hash: FE31B27490122C9BCB21DF64D989BDCBBF8BF08310F5042EAE90CA7251E7709B858F54

Function 00C00BC1 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C00BBC,?,?,00000008,?,?,00C007BF,00000000), ref: 00C00DEE

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 15756a9b55189aabd8854b2dd2a111da937e970c684afa185eb67a452a53dfb3
Instruction ID: bba21b783f504eb3d60dbbf8c1ee95706f18db1c9977da109b70f4ac39f63aa2
Opcode Fuzzy Hash: 15756a9b55189aabd8854b2dd2a111da937e970c684afa185eb67a452a53dfb3
Instruction Fuzzy Hash: B3B129316106089FD715CF28C48AB657BE0FF45365F2A8658E9EACF2E1C335EA91CB40

Function 00BF5845 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00BF585B

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 1bf9ad1123ca89b33f55aee0da921508b120460bb99cea9f3cea0245347b4b3b
Instruction ID: 953cb461558c94f2edaa319d5d57dfda61fa8ba9480c365139e4fc909d285058
Opcode Fuzzy Hash: 1bf9ad1123ca89b33f55aee0da921508b120460bb99cea9f3cea0245347b4b3b
Instruction Fuzzy Hash: 35518B71A11A098BEB28CF59D8917BEBBF0FB49320F14C56AD645EB250D3B4D904CF50

Function 00C02277 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction ID: 9833d8cff144a3ebb9fc2afb608cc995ed016f0630624c842418124262c83a66
Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction Fuzzy Hash: 90F06D79A00200CFCB24CF8AC64CC95B7FAFB85730B6545A5E414DB2A1D3B0EE44DBA1

Function 00C02277 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1699532870.0000000000C02000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C02000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_c02000_cXjy5Y6dXX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction ID: 9833d8cff144a3ebb9fc2afb608cc995ed016f0630624c842418124262c83a66
Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction Fuzzy Hash: 90F06D79A00200CFCB24CF8AC64CC95B7FAFB85730B6545A5E414DB2A1D3B0EE44DBA1

Function 00BF72D1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::operator==.LIBVCRUNTIME ref: 00BF73F0
___TypeMatch.LIBVCRUNTIME ref: 00BF74FE
CatchIt.LIBVCRUNTIME ref: 00BF754F
_UnwindNestedFrames.LIBCMT ref: 00BF7650
CallUnexpected.LIBVCRUNTIME ref: 00BF766B

Strings

csm, xrefs: 00BF7427
csm, xrefs: 00BF730E
csm, xrefs: 00BF737B

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4119006552-393685449
Opcode ID: 596957527878c3668af5806d5f0ddcc3401df35dd7f47fb2b2bd3bab4ca589af
Instruction ID: 05c815ad6089eb3bcc41975e90c264f88fb6acad465c8e4d1ef1ae9d91df4142
Opcode Fuzzy Hash: 596957527878c3668af5806d5f0ddcc3401df35dd7f47fb2b2bd3bab4ca589af
Instruction Fuzzy Hash: 48B15B7184820DEFCF25DFA8C8819BEBBF5EF14310B1445DAEA106B212DB71DA59CB91

Function 00BF63D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_ValidateLocalCookies.LIBCMT ref: 00BF6407
___except_validate_context_record.LIBVCRUNTIME ref: 00BF640F
_ValidateLocalCookies.LIBCMT ref: 00BF6498
__IsNonwritableInCurrentImage.LIBCMT ref: 00BF64C3
_ValidateLocalCookies.LIBCMT ref: 00BF6518

Strings

csm, xrefs: 00BF64AD

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: d7d278ac92f848d559e7a28bab751b114390d63af01df46074e9655a7b3f37a6
Instruction ID: 01fce61a104e62782c72f5725d46951112b2094fff88a3c1f2a2fa181934f86e
Opcode Fuzzy Hash: d7d278ac92f848d559e7a28bab751b114390d63af01df46074e9655a7b3f37a6
Instruction Fuzzy Hash: F8418734A0020D9BCF10EF68C885AAEBBF5FF45324F148199EE159B352D731EA59CB91

Function 00BF6921 Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,00BF6918,00BF674C,00BF578C), ref: 00BF692F
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BF693D
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BF6956
SetLastError.KERNEL32(00000000,00BF6918,00BF674C,00BF578C), ref: 00BF69A8

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 92c7e09074301d4b18fc7c5b8994e6dc2268ed5ef8c94d17356e2e6d55b92dee
Instruction ID: a67ccecc08487247e2bac680649586ed260307a81db8af00dbf2b065fa56d08a
Opcode Fuzzy Hash: 92c7e09074301d4b18fc7c5b8994e6dc2268ed5ef8c94d17356e2e6d55b92dee
Instruction Fuzzy Hash: 9B01D83750C31E6D9A142B74AC9677B27E5EB0E77472083A9FB60970E0EFB14C18D151

Function 00BFA6EB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

C:\Users\user\Desktop\cXjy5Y6dXX.exe, xrefs: 00BFA707

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\cXjy5Y6dXX.exe
API String ID: 0-2847042741
Opcode ID: ddc99e26277d951d907234c79ffffb1fdd4ad9d2fe498ff782e99db680b44da7
Instruction ID: 8ad334af2066925ea6bf1471752790912e357d02b389fcad0497270853e7ff25
Opcode Fuzzy Hash: ddc99e26277d951d907234c79ffffb1fdd4ad9d2fe498ff782e99db680b44da7
Instruction Fuzzy Hash: 09217CB560020DBF9B28BF61C880E7AB7F8EF0036571085A4FA19D7161DB30EC1887A2

Function 00BF8990 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,10008967,?,?,00000000,00C014CF,000000FF,?,00BF896C,00BF8A50,?,00BF8940,00000000), ref: 00BF89C5
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BF89D7
FreeLibrary.KERNEL32(00000000,?,?,00000000,00C014CF,000000FF,?,00BF896C,00BF8A50,?,00BF8940,00000000), ref: 00BF89F9

Strings

mscoree.dll, xrefs: 00BF89BE
CorExitProcess, xrefs: 00BF89CF

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 825500d4012296e9e25aec762ac7bf267845c3627440a7d7632ecb304c68e9d4
Instruction ID: d54d42d1df2377323e893e304385aa032f7a70b44f0de715189006aa9188015e
Opcode Fuzzy Hash: 825500d4012296e9e25aec762ac7bf267845c3627440a7d7632ecb304c68e9d4
Instruction Fuzzy Hash: 2701A236940619AFCB159B80DC05BFEBBF9FB09B10F008625E911A22E0DFB49944CB81

Function 00BF7676 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00BF769B
CatchIt.LIBVCRUNTIME ref: 00BF7781

Strings

RCC, xrefs: 00BF76B5
MOC, xrefs: 00BF76AD

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 3ccf520597fb60358c175aa828f40cb1eca4e1e512841694a6a34bbe22385eee
Instruction ID: 3cc952d41f6dc4855f4ae032ccf14170cadf274b90e2d735f22653fb3cfaa36c
Opcode Fuzzy Hash: 3ccf520597fb60358c175aa828f40cb1eca4e1e512841694a6a34bbe22385eee
Instruction Fuzzy Hash: BC41257290020DAFDF16DF98CD81AAEBBB5EF48304F2880D9FA14A7261D6359E54DB50

Function 00BF6B43 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00BF6AF4,00000000,?,00C19C78,?,?,?,00BF6C97,00000004,InitializeCriticalSectionEx,00C12CC0,InitializeCriticalSectionEx), ref: 00BF6B50
GetLastError.KERNEL32(?,00BF6AF4,00000000,?,00C19C78,?,?,?,00BF6C97,00000004,InitializeCriticalSectionEx,00C12CC0,InitializeCriticalSectionEx,00000000,?,00BF6A17), ref: 00BF6B5A
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00BF6B82

Strings

api-ms-, xrefs: 00BF6B67

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 84a955012f41d11e50dbeeb6cb9647336f25b1f911e58f689050fb9eb8c24b0c
Instruction ID: 4d1edb3dddaa767baecf278bc0126c9854ddbf5834e788f2622b676886a0a2ed
Opcode Fuzzy Hash: 84a955012f41d11e50dbeeb6cb9647336f25b1f911e58f689050fb9eb8c24b0c
Instruction Fuzzy Hash: DCE01234640208BBEB201B61DC06FAD3BA5FB15B55F108160FA0DE61E1D7629865DA55

Function 00BFDF81 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(10008967,00000000,00000000,?), ref: 00BFDFE4

Part of subcall function 00BFB2B9: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00BFDC5F,?,00000000,-00000008), ref: 00BFB31A

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00BFE236
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00BFE27C
GetLastError.KERNEL32 ref: 00BFE31F

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: d4925624cc51fc6d82bab414649bf404923260df43b68ba3ef3aa3776835262b
Instruction ID: e700a8f6cdf6345ad7359a49d0511b52ffcd57c239f7ec68c1fa537d1e067925
Opcode Fuzzy Hash: d4925624cc51fc6d82bab414649bf404923260df43b68ba3ef3aa3776835262b
Instruction Fuzzy Hash: 7BD15A75D002589FCB15CFA8D884AFDBBF9FF09310F1481AAE666EB261D630E945CB50

Function 00BF707A Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00BF7141
___AdjustPointer.LIBCMT ref: 00BF7164
___AdjustPointer.LIBCMT ref: 00BF7200

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 76ac8b24e43240e22ced2b74caa03edfe27c2686eac7feacd8b5d5ed0370721b
Instruction ID: 741aa1b6136cabc485593e33be70b7d7da77830b7b44c2a30ae600aa80f23e64
Opcode Fuzzy Hash: 76ac8b24e43240e22ced2b74caa03edfe27c2686eac7feacd8b5d5ed0370721b
Instruction Fuzzy Hash: 5051A27164860AAFEB298F14D841BBAB7E5EF41711F1441E9EA01671A1EF319D8CC790

Function 00BF9F05 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00BFB2B9: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00BFDC5F,?,00000000,-00000008), ref: 00BFB31A

GetLastError.KERNEL32 ref: 00BF9F69
__dosmaperr.LIBCMT ref: 00BF9F70
GetLastError.KERNEL32(?,?,?,?), ref: 00BF9FAA
__dosmaperr.LIBCMT ref: 00BF9FB1

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 35a78e76dd467280dde0ed599009c45b792c6dfc3976bdb66f6f459cc3aee8f2
Instruction ID: 9ff77a06a928c676b3915e81ff9c19504b3f1bc87b04cf56767a2fb8897de255
Opcode Fuzzy Hash: 35a78e76dd467280dde0ed599009c45b792c6dfc3976bdb66f6f459cc3aee8f2
Instruction Fuzzy Hash: 9621B07160420DAFDB20AF61C880A7BB7EDFF44364B1085A8FA29C7140D730FD188B61

Function 00BFB35C Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00BFB364

Part of subcall function 00BFB2B9: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00BFDC5F,?,00000000,-00000008), ref: 00BFB31A

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00BFB39C
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00BFB3BC

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4eeb7fa851c09e56f915d2ed99d4e552b3616fccf35b4066c1b70c2402ac5415
Instruction ID: 4c03f8ff89d19eb4b3c2c98ef64d31f8d6f3a0ce37eed4f9ad102c23c3449fe0
Opcode Fuzzy Hash: 4eeb7fa851c09e56f915d2ed99d4e552b3616fccf35b4066c1b70c2402ac5415
Instruction Fuzzy Hash: CC11C4B550551D7F66256776DCC9DBF69ECDE453A432100A4FB01D3101EF60DD0892B8

Function 00BFF756 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00BFEF14,00000000,00000001,00000000,?,?,00BFE373,?,00000000,00000000), ref: 00BFF76D
GetLastError.KERNEL32(?,00BFEF14,00000000,00000001,00000000,?,?,00BFE373,?,00000000,00000000,?,?,?,00BFE916,00000000), ref: 00BFF779

Part of subcall function 00BFF73F: CloseHandle.KERNEL32(FFFFFFFE,00BFF789,?,00BFEF14,00000000,00000001,00000000,?,?,00BFE373,?,00000000,00000000,?,?), ref: 00BFF74F

___initconout.LIBCMT ref: 00BFF789

Part of subcall function 00BFF701: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00BFF730,00BFEF01,?,?,00BFE373,?,00000000,00000000,?), ref: 00BFF714

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00BFEF14,00000000,00000001,00000000,?,?,00BFE373,?,00000000,00000000,?), ref: 00BFF79E

Memory Dump Source

Source File: 00000000.00000002.1702761670.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.1702748194.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702795825.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702812014.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702825422.0000000000C19000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1702838956.0000000000C1B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_cXjy5Y6dXX.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: e84151400a2afd16f5d2c5417ff0ecd3561928edb542e2366e6e83367cf0729e
Instruction ID: 11e45baf6a30d2c7c60bbc2c932ef81eb5caf6d2f3cc7808aad10b419d2be31b
Opcode Fuzzy Hash: e84151400a2afd16f5d2c5417ff0ecd3561928edb542e2366e6e83367cf0729e
Instruction Fuzzy Hash: 10F0983651115DBBCF226F969C44BEE7EA6FF0A7A1B158160FA1896130C6328C21DB90

Analysis Process: OpenWith.exePID: 6532, Parent PID: 4136COMMON

Executed Functions

Function 030C02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 030C0326

Part of subcall function 030C00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 030C00CD
Part of subcall function 030C00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 030C0279

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 030C0378
VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 030C03E7
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 030C0407
MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 030C042E
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 030C0456
CloseHandle.KERNELBASE(?), ref: 030C0471

Strings

,, xrefs: 030C0356

Memory Dump Source

Source File: 00000001.00000003.1702598354.00000000030C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_30c0000_OpenWith.jbxd

Similarity

API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
String ID: ,
API String ID: 3867569247-3772416878
Opcode ID: 34919759cab89c45596a3336aca0d90db3a2564f30e7825e5c793611e7351f71
Instruction ID: 38a9b31bca7e3b3a54144f5010c3be8904a88dd2ba9bfd0a98a4a13d90fe4fcd
Opcode Fuzzy Hash: 34919759cab89c45596a3336aca0d90db3a2564f30e7825e5c793611e7351f71
Instruction Fuzzy Hash: BC611BB5911249EFDB20DFA5C884ADEBBF8FF48354F148519FA59A7640D730E940CB60

Function 030C00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 030C00CD
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 030C0279

Memory Dump Source

Source File: 00000001.00000003.1702598354.00000000030C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_30c0000_OpenWith.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: 87d399e8ac7582e240f1516162e7592a3006c1ba7ddb12e1e840b941ace21a47
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: 24719D71E15289DFDB41CF98C981BEDBBF0AF09314F284499E4A5FB241C234AA91CF64

Analysis Process: OpenWith.exePID: 5448, Parent PID: 4136COMMON

Execution Graph

Execution Coverage:	34.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	71.4%
Total number of Nodes:	28
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007DF41C30B498 Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 544nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30B56E
calloc.MSVCRT ref: 00007DF41C30B58B
DuplicateHandle.KERNELBASE ref: 00007DF41C30B620
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B6CB
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B724
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B763
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B7AA
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B7E7
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B86D
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B8CC
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B9B2
NtAcceptConnectPort.NTDLL ref: 00007DF41C30B9EC
NtAcceptConnectPort.NTDLL ref: 00007DF41C30BA19

Strings

,, xrefs: 00007DF41C30B59E
H, xrefs: 00007DF41C30B94F
H, xrefs: 00007DF41C30B934

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$DuplicateHandlecalloc
String ID: ,$H$H
API String ID: 2577638757-438696205
Opcode ID: 9fb62eb4d8959293fc2d40b19de36242d3d29fe68d1ba52932dcd9bec1ad6912
Instruction ID: b852a42ab04c5d6f04dfd1c28fd0d16927887e8e7d578977c595c673363e5ada
Opcode Fuzzy Hash: 9fb62eb4d8959293fc2d40b19de36242d3d29fe68d1ba52932dcd9bec1ad6912
Instruction Fuzzy Hash: D202B73161CE8C8BD768DF58D885AABB3E0FB98305F10453ED58FC3691DA34E9518B92

Function 00007DF41C30BCC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30BD8F
NtAcceptConnectPort.NTDLL ref: 00007DF41C30BE50
free.MSVCRT ref: 00007DF41C30BE55

Strings

, xrefs: 00007DF41C30BD7F
0, xrefs: 00007DF41C30BD32
@, xrefs: 00007DF41C30BD48

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$free
String ID: $0$@
API String ID: 2328307678-2347541974
Opcode ID: d8fdb236a247b9205c502de8d0d979f89367b2180e7993cbf521bb03780d7e1e
Instruction ID: b42c626f0639fdb1a4a7322d790dbece3eb2bf9cd603bc36d55eafcf00174e04
Opcode Fuzzy Hash: d8fdb236a247b9205c502de8d0d979f89367b2180e7993cbf521bb03780d7e1e
Instruction Fuzzy Hash: 5C51973152CB884FD768DF18D885BAAB7E0FB89704F20452ED68EC2641DB74D495CB93

Function 000001D97E6430C7 Relevance: 7.9, APIs: 5, Instructions: 390nativememoryCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 000001D97E643957
NtAcceptConnectPort.NTDLL ref: 000001D97E6439E4
NtAcceptConnectPort.NTDLL ref: 000001D97E643AA3
RtlFreeHeap.NTDLL ref: 000001D97E643AC0
RtlFreeHeap.NTDLL ref: 000001D97E643AD2

Memory Dump Source

Source File: 00000002.00000003.1847921366.000001D97E640000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97E640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_1d97e640000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$FreeHeap
String ID:
API String ID: 2519882481-0
Opcode ID: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
Instruction ID: 711cc337573c06ca14ea06b3cfa410bca5e3488e4fd1761d9f3180747238ea97
Opcode Fuzzy Hash: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
Instruction Fuzzy Hash: 1DC1A93025CB098FDB58EF18D485BAAB7E1FB99350F10452EE48EC7256DB34E985CB81

Function 00007DF41C30BE6C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 158nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30BF3A

Strings

@, xrefs: 00007DF41C30BEEE
, xrefs: 00007DF41C30BF2A
0, xrefs: 00007DF41C30BED8

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID: $0$@
API String ID: 1658770261-2347541974
Opcode ID: e038bc6975502a75aa15522c9d2aad796b46013016ac9629b0cf3dc02c1d6b17
Instruction ID: b934c1021cce45bb7e91e73d85ea31f824e89cbca59a78ccb4ab3f342880e7c5
Opcode Fuzzy Hash: e038bc6975502a75aa15522c9d2aad796b46013016ac9629b0cf3dc02c1d6b17
Instruction Fuzzy Hash: 4A51293160CB898FE764DF68D894BABB7E4FB98301F20462EE58AC3250DB75D444CB52

Function 00007DF41C301B18 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON

Download Yara Rule

APIs

CreateNamedPipeW.KERNELBASE ref: 00007DF41C301BCF
BindIoCompletionCallback.KERNEL32 ref: 00007DF41C301C06
ConnectNamedPipe.KERNELBASE ref: 00007DF41C301C17

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: NamedPipe$BindCallbackCompletionConnectCreate
String ID:
API String ID: 2502124517-0
Opcode ID: 584620923d8bee05c4cd2b55fbc688861300e251001a2660cae9de72a1f183dd
Instruction ID: b5b52dad34f81fa48850018ff2d2a9074edb19ab2f4b4b125fa974be41ee2691
Opcode Fuzzy Hash: 584620923d8bee05c4cd2b55fbc688861300e251001a2660cae9de72a1f183dd
Instruction Fuzzy Hash: 4A319270608A888FD794EF68D8D879A77F1FB94310F50462AE09BC61D0DF78D885CB91

Function 00007DF41C30C7CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

0, xrefs: 00007DF41C30C82B

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: d4dd2c9ec2e40b847152b417cb6d645fdeafd31ca8a11a7a04321dd5438b40c0
Instruction ID: ba839216a02eb790d3a11087b0ea00db4360c3cdc988ead63421637bd6c602cc
Opcode Fuzzy Hash: d4dd2c9ec2e40b847152b417cb6d645fdeafd31ca8a11a7a04321dd5438b40c0
Instruction Fuzzy Hash: 8921A732A0CF8C4FD754DF58AD84BAA72E1FB88355F60053FE64AC3190D73898958756

Function 00007DF41C30C70C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

0, xrefs: 00007DF41C30C764

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 47ebd45c6b9b16ee77b28bcb10b07460bf5cba96d3288197dd2caf634787b8b3
Instruction ID: 858c32be8dd6b0f0bc8713be715844257c7ac4bbdb1f4457a81fd636b8acf0ce
Opcode Fuzzy Hash: 47ebd45c6b9b16ee77b28bcb10b07460bf5cba96d3288197dd2caf634787b8b3
Instruction Fuzzy Hash: E121A832B0CE8C4FD7509E9899C4BAB76F0EB98742F60053FE64EC3250D7689D948752

Function 00007DF41C2E2634 Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 00007DF41C2E273A
SuspendThread.KERNELBASE ref: 00007DF41C2E277C

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: CloseHandleSuspendThread
String ID:
API String ID: 1038686644-0
Opcode ID: ee8ed1484b309d5b480d9ed41d064abcb8b4e034361352156597246fbc6f772d
Instruction ID: 67075e019ff4a5cdab157d9921ddfed646d69a6277fcca27f60fee4705c5e25a
Opcode Fuzzy Hash: ee8ed1484b309d5b480d9ed41d064abcb8b4e034361352156597246fbc6f772d
Instruction Fuzzy Hash: 0591B330F0CA598FEB68DB18DD955BA73E1FF46310B24416AD14FD6685CA3CE842CBA1

Function 000001D97CC41CD0 Relevance: 3.3, APIs: 2, Instructions: 278
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001D97CC41F6E
CloseHandle.KERNELBASE ref: 000001D97CC41F77

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID: AcceptCloseConnectHandlePort
String ID:
API String ID: 3811980168-0
Opcode ID: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
Instruction ID: e0282231ef61c27a4200b464b5571743e0d61f4d7d07b6d5b599e7e3650dfa48
Opcode Fuzzy Hash: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
Instruction Fuzzy Hash: 2D91E930518E489FEB65EF18C4817E577E0FBC4310F248A5FD4DBC3196DA34A9428B81

Function 000001D97CC40AC8 Relevance: 3.2, APIs: 2, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001D97CC40BFD
NtAcceptConnectPort.NTDLL ref: 000001D97CC40C47

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
Instruction ID: 91c99f2ce0e03d4109c381d4361ccc8e45d74e3badea25b487936d1b9b379e6d
Opcode Fuzzy Hash: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
Instruction Fuzzy Hash: 3A415F30968A944AF328F62C8C866B97BD1F7C5309F34895FE4D6C2192D539C6438B46

Function 000001D97CC41A90 Relevance: 3.2, APIs: 2, Instructions: 150
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001D97CC41AD5

Part of subcall function 000001D97CC4185C: GetProcessMitigationPolicy.KERNELBASE ref: 000001D97CC4192F

NtAcceptConnectPort.NTDLL ref: 000001D97CC41BCF

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$MitigationPolicyProcess
String ID:
API String ID: 2923266908-0
Opcode ID: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
Instruction ID: 28119604503b4164533bfd719a2d240acdc2d0e7a62eb9dffee7149d65855560
Opcode Fuzzy Hash: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
Instruction Fuzzy Hash: BD41D430218B888FDB44EF2C98897D57BD1FB99320F14839EE89ACB2D7DA34D5058795

Function 00007DF41C334088 Relevance: 3.1, APIs: 2, Instructions: 93networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF41C3341A9), ref: 00007DF41C3340B5

Part of subcall function 00007DF41C333C98: ioctlsocket.WS2_32 ref: 00007DF41C333CC4

bind.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF41C3341A9), ref: 00007DF41C33413A

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: bindioctlsocketsocket
String ID:
API String ID: 3555158474-0
Opcode ID: 1cbeedcb49cdd83f56073e3a9aa9cf65c2d138516cd5c7d59cce1983b39e0131
Instruction ID: d8ea16ac49ce16f38b480787601bb335f63020a0b40387bbc11445dfba1aeba9
Opcode Fuzzy Hash: 1cbeedcb49cdd83f56073e3a9aa9cf65c2d138516cd5c7d59cce1983b39e0131
Instruction Fuzzy Hash: 93210A30B08D484FE748AF38DD8DAA637E1EB55325F20567AD92FC72D1DE289C0187A1

Function 00007DF41C30D3C0 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30D42D
NtAcceptConnectPort.NTDLL ref: 00007DF41C30D481

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 9166209b5f367574360b80d64ced2ea26e8fa752ef609ccd6263efb912702e76
Instruction ID: 030c03fb4b55bcd0221d499438c907a585d18cabf5794c33fc97a4cfdddc7ea4
Opcode Fuzzy Hash: 9166209b5f367574360b80d64ced2ea26e8fa752ef609ccd6263efb912702e76
Instruction Fuzzy Hash: E121623150CE488FDB54EF18D848BAA73F1FBA9341F10052EE54AC36A0DBB4E884CB42

Function 00007DF41C30D2F4 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30D361
NtAcceptConnectPort.NTDLL ref: 00007DF41C30D3B8

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 98531d878e0ad7d3d6690ce9736b63ba0a61470b6d8d195234036ffb9fe9491b
Instruction ID: 6f6ea6776d05727a35c96e6ce358fe07c10a48b4518faaa69b3d98a1aff7d110
Opcode Fuzzy Hash: 98531d878e0ad7d3d6690ce9736b63ba0a61470b6d8d195234036ffb9fe9491b
Instruction Fuzzy Hash: 9A21543151CE488FDB49EB58D948BA673F1FBAC341F00456EE54AC32A0DBB4E984CB42

Function 00007DF41C30C47C Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30C53C

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 1a40425d81a0dda3cd82788b19327da5a379df3b5c3bd351d49e58af76a5eeec
Instruction ID: bfefc68b246321d1be35b819e0496de3c11b353fa56900f6f9e385cfec79a2dd
Opcode Fuzzy Hash: 1a40425d81a0dda3cd82788b19327da5a379df3b5c3bd351d49e58af76a5eeec
Instruction Fuzzy Hash: FD81C83690CF8D8BE7659B49AD54EEBB7E0FF94300F64462BE54FC3180DA68E8508653

Function 00007DF41C334520 Relevance: 1.7, APIs: 1, Instructions: 167networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32 ref: 00007DF41C3345BF

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: 7916fdf4d3e942b440d7f5c412e90116e139ebed5d60f444feec34680a904e5a
Instruction ID: 6fbae9e30217706f01afd190c45b84f88c7c786750a47331366312e2a74844f4
Opcode Fuzzy Hash: 7916fdf4d3e942b440d7f5c412e90116e139ebed5d60f444feec34680a904e5a
Instruction Fuzzy Hash: 45516D74608E898FEBA4EF18CA84B967BF0FF54314F60056AD54BC3561DB39E440CB91

Function 00007DF41C30C10C Relevance: 1.6, APIs: 1, Instructions: 121nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30C187

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 5c97c20283281d0f686864c64b2abe35391f7ab31688f0fa8af160c1736108da
Instruction ID: 297b19de97cdd100d0fcf670ebbc70522f65d1d525894aca02be4219ee94811b
Opcode Fuzzy Hash: 5c97c20283281d0f686864c64b2abe35391f7ab31688f0fa8af160c1736108da
Instruction Fuzzy Hash: 8231C83270CE485FE71C5E18AD859BA73E0EB49315F20463EEA4FC3292D918B81246D2

Function 00007DF41C302258 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007DF41C3022E1

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: a07a12428c7964199d363ccabf4b149c9f1c56c6408fd6f078d364f4c66a6574
Instruction ID: 9b50d389d0f86d27c34a6866d0a9d074f13cf82d3ebfbf23e8a41ab6c8f54fb4
Opcode Fuzzy Hash: a07a12428c7964199d363ccabf4b149c9f1c56c6408fd6f078d364f4c66a6574
Instruction Fuzzy Hash: 8231C53171CA884FD748DB58D88966FB7E1FBC8301F50456DE18BC3251DA78D8018B52

Function 000001D97CC415AC Relevance: 1.6, APIs: 1, Instructions: 76
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000001D97CC41E16), ref: 000001D97CC41640

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
Instruction ID: 4bfa317a522e319bf79ed90ba31ab08725e0f1e41916cd01250f6aafd1ae4bef
Opcode Fuzzy Hash: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
Instruction Fuzzy Hash: 22218E71918B488FDB58DF58C4C96AABBE5FBA8305F184A2FE48AC7260D730D584CB41

Function 00007DF41C30AC0C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30AC70

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: d99824a7b56689602d55d9b975c23b4966fb1dfc1a28fa016acf5b8b83f0fdf8
Instruction ID: 3d5914d6fc5ebfa87cc46ed332551ac92355763503a0909f56c0a2a83654246b
Opcode Fuzzy Hash: d99824a7b56689602d55d9b975c23b4966fb1dfc1a28fa016acf5b8b83f0fdf8
Instruction Fuzzy Hash: 0CF0B67450C7C88FD7A0EB688441B9ABBF0BB9A350F544A1DE4CCC3211D73494858B13

Function 00007DF41C30ADD4 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30AE23

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: af3340e2b301fb20eba4bd36f70d30fdbe005acca17dd1e0c445e9428843075b
Instruction ID: cd10e90f343388b95434dc194e1711decc91f55ca5b99713884e4ab2cde87525
Opcode Fuzzy Hash: af3340e2b301fb20eba4bd36f70d30fdbe005acca17dd1e0c445e9428843075b
Instruction Fuzzy Hash: B2F0D030A1CB848FDBA4EF2CD4C5B9977E1FB98300F504519E44CC3245DB3498808B46

Function 00007DF41C30AF60 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,00000000,?,?,00000000,00007DF41C2F341C), ref: 00007DF41C30AF8A

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 1d9a6f3c19fc3a1664a9a6811ff4ba6c27299ee4e4794d390710366357d59dbc
Instruction ID: b1558f9fc7425ef8d2ced680bea61a69b937514eb9d943a8d84aabff74f83c13
Opcode Fuzzy Hash: 1d9a6f3c19fc3a1664a9a6811ff4ba6c27299ee4e4794d390710366357d59dbc
Instruction Fuzzy Hash: 6BE09B7161CA488FDB04DF94DCC18AAB3F0FBD9300F104E3AE94AC7164D264D559C692

Function 00007DF41C369F04 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?,00007DF41C37B7C7,?,?,?,?,00000000,00000000), ref: 00007DF41C369F21

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: d72fac8d1d1b7f96bb5fe0759d88f2d5c6e0343dfc4f10e03c2c9322f33a3d86
Instruction ID: 100c5ff4a774e2ff239980bdd2fc828efd3fec72f54c7126c04890dd6c9ce95b
Opcode Fuzzy Hash: d72fac8d1d1b7f96bb5fe0759d88f2d5c6e0343dfc4f10e03c2c9322f33a3d86
Instruction Fuzzy Hash: 77E04F31918C5D4BF74DF770DCA6CE73371EB64300FA14632D907C10A2ED2C664A8691

Function 00007DF41C30ACE8 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30AD03

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: a9327488733b823840a3f29582a089392b2a1446868cb63a967a810240f58cb8
Instruction ID: 523be9110305773fafbf3347b667df5e502e680c91734e04e11f49e0d1202802
Opcode Fuzzy Hash: a9327488733b823840a3f29582a089392b2a1446868cb63a967a810240f58cb8
Instruction Fuzzy Hash: D1D05E30968E8D4BD610A7289901A5637E1FBD4304FA44714D849C2240D23CE452D286

Function 00007DF41C30AD14 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30AD2F

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 4927af5c10e17f27f2edd3b7dd4d43612d79bd47543f67f71f12626d98bff908
Instruction ID: 8bbf3554b2f35e6805968648c694219343c367373f6bddbbc39429175de397a7
Opcode Fuzzy Hash: 4927af5c10e17f27f2edd3b7dd4d43612d79bd47543f67f71f12626d98bff908
Instruction Fuzzy Hash: 21D05E31E68ECD4BD610A7289A0164A36E2FB95308FA04614E849C2250D23CE4128386

Function 00007DF41C30AE5C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30AE77

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: eb8f498348e5c7f372421b27a3827434041340d731fc3728b954386bc4ea4cc4
Instruction ID: 61261a211f3cc1f68201bdb42fd1a482c895477efe29c2cc00854bfc4966a001
Opcode Fuzzy Hash: eb8f498348e5c7f372421b27a3827434041340d731fc3728b954386bc4ea4cc4
Instruction Fuzzy Hash: 74D05E20A28A8D4BD650A7289A4164A37E2FB95304FA14614E44EC2200D22CE41282C2

Function 00007DF41C30ACC8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30ACD8

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 333093483b5b65ac6ab85e83ccc52a142bbc301cae1d85d61a22b47e66de8b6c
Instruction ID: cf714263896845c57d7da2e3712db3f927382fe7d3fbb462e33968fa46717236
Opcode Fuzzy Hash: 333093483b5b65ac6ab85e83ccc52a142bbc301cae1d85d61a22b47e66de8b6c
Instruction Fuzzy Hash: B2C08C20A2CC0F0BE914F2B96E82B8520A0AB4C704F970220E80AC2180E41CE4F1D3A2

Function 00007DF41C30AF40 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF41C30AF50

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 953671860da08bf31fab518e05a010f803d920f951da2702e38e3d0cf3acdea6
Instruction ID: c163a87e0d5c1243e4262c041222a141e6a14085546cef5d6c4e98ee11676f7c
Opcode Fuzzy Hash: 953671860da08bf31fab518e05a010f803d920f951da2702e38e3d0cf3acdea6
Instruction Fuzzy Hash: 00C08C01A69C0F8AE90862BA7E82B9922A0AB48300F900111E60EC2180E40CE4E643B2

Function 00007DF41C2F65E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF41C2F6640
VirtualProtect.KERNELBASE ref: 00007DF41C2F6669
VirtualProtect.KERNELBASE ref: 00007DF41C2F6685
VirtualProtect.KERNELBASE ref: 00007DF41C2F66B0

Strings

rE\, xrefs: 00007DF41C2F65FE

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID: rE\
API String ID: 544645111-988334199
Opcode ID: dc7abe3753608a406b2e8c4677f2e3e348cb1d8b9abc271147da51083885c1c3
Instruction ID: 7fff61709b84e58e05833720297d27ae6586e13b19d339c4472dfe71263ed5f4
Opcode Fuzzy Hash: dc7abe3753608a406b2e8c4677f2e3e348cb1d8b9abc271147da51083885c1c3
Instruction Fuzzy Hash: 4F214131B18D484BDB54E758A891AAA73E6FBD8700F100439E54BD3286DE7CED4587C2

Function 00007DF41C2F3178 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF41C2F31FA
VirtualProtect.KERNELBASE ref: 00007DF41C2F3224

Strings

, xrefs: 00007DF41C2F31DB

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: 45ee73fde44b844a7982fd6fa2bb9a274e67d6e904138dbe31d6ae3e461be495
Instruction ID: e4ac4e881b77e313334767cfb8fa534a758d23acda193994ec5fa1d429a22fe5
Opcode Fuzzy Hash: 45ee73fde44b844a7982fd6fa2bb9a274e67d6e904138dbe31d6ae3e461be495
Instruction Fuzzy Hash: 9B11E431A08C9A0BE715A718ED646F673E1FB84710FA44136E54BC32A1DA1CE952C691

Function 00007DF41C333C98 Relevance: 4.6, APIs: 3, Instructions: 117COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007DF41C333CC4
CreateIoCompletionPort.KERNELBASE ref: 00007DF41C333CFA
SetFileCompletionNotificationModes.KERNEL32 ref: 00007DF41C333D40

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: Completion$CreateFileModesNotificationPortioctlsocket
String ID:
API String ID: 1455841399-0
Opcode ID: b0ef64daf23010be4df91d754ff29401ba7eeb6e21b37df906d22bfb74ec9eab
Instruction ID: 92fecb7cbe4143c98a8dcb65789f9dc52053c124ea2e02f5084d12c8fed10a30
Opcode Fuzzy Hash: b0ef64daf23010be4df91d754ff29401ba7eeb6e21b37df906d22bfb74ec9eab
Instruction Fuzzy Hash: 3731BA3060CD9C4BFBA5AA189E84AB732E5FF54715F60507AD50FC2292DA29EC4246E1

Function 00007DF41C306654 Relevance: 4.6, APIs: 3, Instructions: 74COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE ref: 00007DF41C30669B
CoUninitialize.COMBASE ref: 00007DF41C306703
free.MSVCRT ref: 00007DF41C306711

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: InitializeUninitializefree
String ID:
API String ID: 1169324116-0
Opcode ID: 300bfe15e1352cda4c3c9a5eb26de8ea91f06f6889c64728d4398b9a5c111e42
Instruction ID: 25e5b40e02011b56e59e6a6a4fe930afabded92b05db6c1b38886f2b9b493b43
Opcode Fuzzy Hash: 300bfe15e1352cda4c3c9a5eb26de8ea91f06f6889c64728d4398b9a5c111e42
Instruction Fuzzy Hash: D2214C30609A0D8FDF84EF68D849AAA77E0FF94315F10462AE94ED3251CB38E941CB90

Function 00007DF41C2F72D0 Relevance: 4.5, APIs: 3, Instructions: 746COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF41C2E4BE4: malloc.MSVCRT ref: 00007DF41C2E4C0D

calloc.MSVCRT ref: 00007DF41C2F7551
free.MSVCRT ref: 00007DF41C2F75BD
free.MSVCRT ref: 00007DF41C2F7AB3

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free$callocmalloc
String ID:
API String ID: 1437353635-0
Opcode ID: 6cebd9367394abf21773eb1584d65681aa51e4210b0eb886ea29ebe4f46530e1
Instruction ID: b2f911816795c8954472526ac6e9b041551ffdc422f6ec985179a8d6d67940a5
Opcode Fuzzy Hash: 6cebd9367394abf21773eb1584d65681aa51e4210b0eb886ea29ebe4f46530e1
Instruction Fuzzy Hash: C3422030A18E4C8FDB55EF28D889AEAB7E1FB58700F20462AD15FC7251DF38A545CB91

Function 00007DF41C2E4BE4 Relevance: 3.9, APIs: 3, Instructions: 126COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C2E4C0D
malloc.MSVCRT ref: 00007DF41C2E4C6C
free.MSVCRT ref: 00007DF41C2E4CD0

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: f833b09acc7dcda6218a08ced81fc052c99920b07a41f041528abf3627ace0e1
Instruction ID: 93b6f39daa22673716137ac4aea319e9d2ae52918e4a9b75c52bb84f6aeff018
Opcode Fuzzy Hash: f833b09acc7dcda6218a08ced81fc052c99920b07a41f041528abf3627ace0e1
Instruction Fuzzy Hash: 3A317131B08E099BAB58AEA4DC458FAB3E0FF54310720422AD51BD7691EF68F951C7D1

Function 000001D97E6433B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 344memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL ref: 000001D97E6436F9

Strings

l, xrefs: 000001D97E6433D6

Memory Dump Source

Source File: 00000002.00000003.1847921366.000001D97E640000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97E640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_1d97e640000_OpenWith.jbxd

Similarity

API ID: FreeHeap
String ID: l
API String ID: 3298025750-2517025534
Opcode ID: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
Instruction ID: a5d1d592cbf0677f30c8227060ee8ef75d25ff8621ef9a24919fa7af4c07aa7e
Opcode Fuzzy Hash: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
Instruction Fuzzy Hash: 74A1263152865A4BE729AB2C88926FA77D1FB96340F10066FE4DBC3187DD34DA46CAC1

Function 00007DF41C2F95F8 Relevance: 3.4, APIs: 2, Instructions: 397COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF41C30AF60: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,00000000,?,?,00000000,00007DF41C2F341C), ref: 00007DF41C30AF8A

CreateFileMappingW.KERNELBASE ref: 00007DF41C2F98AE
calloc.MSVCRT ref: 00007DF41C2F99E8

Part of subcall function 00007DF41C2F9478: CreateFileW.KERNELBASE ref: 00007DF41C2F94D0

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: CreateFile$AcceptConnectMappingPortcalloc
String ID:
API String ID: 2835849967-0
Opcode ID: d1b445dc56701135788b0dc920e68535db059dd4faca11d9a453a424e093dfee
Instruction ID: da698b92f8a7fda437b9858dac35418f2724289fd3b4f77223c7a984173dab9d
Opcode Fuzzy Hash: d1b445dc56701135788b0dc920e68535db059dd4faca11d9a453a424e093dfee
Instruction Fuzzy Hash: 52D15071A1CB888BD765EF18D9856EBB7E0FB94300F14452EE58FC2251DF38A505CB92

Function 00007DF41C30DDA4 Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF41C30DADC: malloc.MSVCRT ref: 00007DF41C30DAE6

CreateFileW.KERNELBASE ref: 00007DF41C30DEBA
ReadFile.KERNELBASE ref: 00007DF41C30DFA2

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID:
API String ID: 3950102678-0
Opcode ID: b879bc7b5dc6143657be184a8553957d82cf9a437ba6bdf4bbb2c4680e42a6eb
Instruction ID: 35ee810bcf5b0e1a6896418664cfec1013050a2e85118ee3eacc847a0a4a7b12
Opcode Fuzzy Hash: b879bc7b5dc6143657be184a8553957d82cf9a437ba6bdf4bbb2c4680e42a6eb
Instruction Fuzzy Hash: 6A719531618E484FD7589F1998C5BEEB3E1FB98300F60053EE6CFC3292DA389845C652

Function 00007DF41C2E22DC Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE ref: 00007DF41C2E22F4
VirtualAlloc.KERNELBASE ref: 00007DF41C2E23C0

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 10974d638571623cb466fc5259723849182c6a649d453933aa228a33d07da908
Instruction ID: 7c1570d632166677437825fb472f8a86ad3a1501affffa56a5f0bafa7f7f4089
Opcode Fuzzy Hash: 10974d638571623cb466fc5259723849182c6a649d453933aa228a33d07da908
Instruction Fuzzy Hash: A651F730B1CE4D8FE759AA5899483AA33E1FB99300F24013AD54FD3295DAACD8818791

Function 00007DF41C2F9478 Relevance: 3.2, APIs: 2, Instructions: 161fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007DF41C2F94D0
ReadFile.KERNELBASE ref: 00007DF41C2F9585

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: File$CreateRead
String ID:
API String ID: 3388366904-0
Opcode ID: 73db5555d885fd7ea61d85234132b183eb459049274d5711c35081ec0b7aef7a
Instruction ID: 50858a8315cb490d68abe7e0e8bc7fc4bc2f98044629bd0a3918d6373587bd59
Opcode Fuzzy Hash: 73db5555d885fd7ea61d85234132b183eb459049274d5711c35081ec0b7aef7a
Instruction Fuzzy Hash: 7D41B47070CA884FEB59EF289C8566B77E5FB99701F10452EE98FC3251EE38D8018792

Function 00007DF41C30D974 Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007DF41C30D9AB
ReadFile.KERNELBASE ref: 00007DF41C30D9E1

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: File$CreateRead
String ID:
API String ID: 3388366904-0
Opcode ID: 6dcf9cfff2eacf5cd94369649f002897bcffdea66228e64647734ab7a70026dd
Instruction ID: 9ccfd6b59233826c31f258b11a9a973463b62628b615cf6bf624a1e28b96f205
Opcode Fuzzy Hash: 6dcf9cfff2eacf5cd94369649f002897bcffdea66228e64647734ab7a70026dd
Instruction Fuzzy Hash: 4821F77170CB484FE3549E59AC8667B73D4EB89710F20013FE98FC2242DA74A8164697

Function 00007DF41C2E2980 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF41C2E29BF
VirtualProtect.KERNELBASE ref: 00007DF41C2E2A25

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e54d32ce24f4b710544f648fa16c64d8d7f0589b34fc61474f65512f49413183
Instruction ID: 15f4cc8a3c8032586d2960d564ec37bbb1e8ca974c2a2d6ad67dced4b954534d
Opcode Fuzzy Hash: e54d32ce24f4b710544f648fa16c64d8d7f0589b34fc61474f65512f49413183
Instruction Fuzzy Hash: 1A31F92070CA858FD7149B6CDC947A63BD1EB5A310F2512A5E98FD73C5CB6CD842C351

Function 00007DF41C308F84 Relevance: 2.9, APIs: 2, Instructions: 414COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00007DF41C309008
free.MSVCRT ref: 00007DF41C3093FA

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: callocfree
String ID:
API String ID: 306872129-0
Opcode ID: 2b200ceb4e4cc9f035faf7b6c1b247c7413155f6bad845cc72cf0ce4a6dd00dc
Instruction ID: 9222dca6dcaa3f7d8680a99fad7e64229d8420a94885e1125991da33380c69e1
Opcode Fuzzy Hash: 2b200ceb4e4cc9f035faf7b6c1b247c7413155f6bad845cc72cf0ce4a6dd00dc
Instruction Fuzzy Hash: 48D17131A1CF8C4BEB65EB14C995AEBB3E1FF94300F50052FD54FC3192DA38A9558692

Function 00007DF41C2E4774 Relevance: 2.7, APIs: 2, Instructions: 242COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C2E494C
free.MSVCRT ref: 00007DF41C2E49F3

Part of subcall function 00007DF41C2E4620: malloc.MSVCRT ref: 00007DF41C2E46EF

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 352f2f2cecbb3e27f866ef48949e4e4dcfd5ee98b9eced5f0af6e5ea8a5601e0
Instruction ID: d81561d748d76e7680c109316c5257a2692afcdaedf2e010c9fe58ca6156c08d
Opcode Fuzzy Hash: 352f2f2cecbb3e27f866ef48949e4e4dcfd5ee98b9eced5f0af6e5ea8a5601e0
Instruction Fuzzy Hash: B171E731A1CD984BE729A7589D95AFFB3E1FB85300F20067FE18FC2183DD38A9458695

Function 00007DF41C2FCC5C Relevance: 2.6, APIs: 2, Instructions: 139COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF41C30ACC8: NtAcceptConnectPort.NTDLL ref: 00007DF41C30ACD8

malloc.MSVCRT ref: 00007DF41C2FCD0D
free.MSVCRT ref: 00007DF41C2FCD94

Part of subcall function 00007DF41C303848: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF41C322CFA), ref: 00007DF41C303867

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc$AcceptConnectPortfree
String ID:
API String ID: 342249184-0
Opcode ID: 694a03a6a0a341675988201f7685504af8169e7f1b53cb1e5f9007a100a90dea
Instruction ID: 88bb94b9805f1a8c7b0ff1b1dea91b96f7f66f44d38dd588532141b921dd31c8
Opcode Fuzzy Hash: 694a03a6a0a341675988201f7685504af8169e7f1b53cb1e5f9007a100a90dea
Instruction Fuzzy Hash: BF416071508B4C8FDB68EF18D885AEA77E5FB58701F10016AD84EC7251DB34E985CB92

Function 00007DF41C3035F4 Relevance: 2.6, APIs: 2, Instructions: 139COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C303683
malloc.MSVCRT ref: 00007DF41C3036C2

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 31b51a1252b2397096177e19cb7010b666d546ef653b70412147a1dab026b8b6
Instruction ID: 660e21bbcc5c1944fdf1378adb4029e2c1960eab4d6a70c0201ac75dbba5379b
Opcode Fuzzy Hash: 31b51a1252b2397096177e19cb7010b666d546ef653b70412147a1dab026b8b6
Instruction Fuzzy Hash: C4418131608D0E8FDB94EF2CD898AA677F1FB68311724466BD41AC3660DB75E8948BC0

Function 00007DF41C3DABFC Relevance: 2.6, APIs: 2, Instructions: 89COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C3DAC91
free.MSVCRT ref: 00007DF41C3DAC9C

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
Instruction ID: 2d256730005a5cf851fb968e815712fe56dc4f43db7c1e3738426dd3df4879bf
Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
Instruction Fuzzy Hash: 93215030A08C0C4FDEA4FB1CD6C5DA577E3EB887207B502A1D91BC7199C625EC818790

Function 00007DF41C2FD5E0 Relevance: 2.6, APIs: 2, Instructions: 81COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00007DF41C2FD619
free.MSVCRT ref: 00007DF41C2FD682

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: callocfree
String ID:
API String ID: 306872129-0
Opcode ID: 14d07331c19738ae6f5dcbbc3446d40274566deaf3c6ba6d90dddde88c6f0ea8
Instruction ID: 482d1cb9b7d0690ade57eb1671d913a85dc6044cad53cce37f838b1641c6cc83
Opcode Fuzzy Hash: 14d07331c19738ae6f5dcbbc3446d40274566deaf3c6ba6d90dddde88c6f0ea8
Instruction Fuzzy Hash: AF21D530A18E0C4FD748AF5898855E577E4FB58311F10426ED44EC3261EA74E841CBD2

Function 00007DF41C2FCA08 Relevance: 2.6, APIs: 2, Instructions: 50COMMON

Download Yara Rule

APIs

calloc.MSVCRT(?,?,?,?,?,?,?,?,-00000001,00007DF41C2FD046), ref: 00007DF41C2FCA30

Part of subcall function 00007DF41C30BCC0: NtAcceptConnectPort.NTDLL ref: 00007DF41C30BD8F

free.MSVCRT ref: 00007DF41C2FCA66

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPortcallocfree
String ID:
API String ID: 1866692179-0
Opcode ID: 1c81860f17a6367f43a2a94f10a5d32e0a9fa92ddff0a1d18b0803ced88c0a31
Instruction ID: 934535627934f1cf03fc033ff95bd6b6a1a8c59525559b882870dd56b696897d
Opcode Fuzzy Hash: 1c81860f17a6367f43a2a94f10a5d32e0a9fa92ddff0a1d18b0803ced88c0a31
Instruction Fuzzy Hash: 5EF02831214D0C4FD758BB1C9C88AB637E5EB94726714462AE00BC3360DD78DD408790

Function 00007DF41C306720 Relevance: 2.2, APIs: 1, Instructions: 947COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00007DF41C306956

Part of subcall function 00007DF41C308F84: calloc.MSVCRT ref: 00007DF41C309008

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: calloc
String ID:
API String ID: 2635317215-0
Opcode ID: 4c67779dd63165b43659fab8fd510d9b574d13d676e16a29e3859926c8de3004
Instruction ID: 05aceb686aff939609d193801bdd9a30f2f7b573d964385aad901c337c63d290
Opcode Fuzzy Hash: 4c67779dd63165b43659fab8fd510d9b574d13d676e16a29e3859926c8de3004
Instruction Fuzzy Hash: 6C72643151CA888BDB69EB18C981EDEB3F1FF94300F60462EE58F83296DE34E5458756

Function 00007DF41C2F913C Relevance: 1.8, APIs: 1, Instructions: 316COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE ref: 00007DF41C2F9372

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 090a60165b6d81dbbef6ccd1718067ffa9bcceaffdfa6db13320491a5d5642c1
Instruction ID: fe1a2959e346aa2c42d4750f3a47f271a0aa4a3eeb667c72fdd2faf121b6ccda
Opcode Fuzzy Hash: 090a60165b6d81dbbef6ccd1718067ffa9bcceaffdfa6db13320491a5d5642c1
Instruction Fuzzy Hash: 97A13F31A0CA8C8FDB55EF18C8859EAB7F1FB94310F50462EE14FD7291DA38A945CB91

Function 00007DF41C305004 Relevance: 1.7, APIs: 1, Instructions: 245registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32 ref: 00007DF41C305225

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: e8d5d7329d2320a05d82013e26ca3d8c66ee9948d03da3e8e50157f1609a8dd5
Instruction ID: 8513af1b848e8130446bdedf62d43e56de2af643b6c03471e6c41d5c7755ad6a
Opcode Fuzzy Hash: e8d5d7329d2320a05d82013e26ca3d8c66ee9948d03da3e8e50157f1609a8dd5
Instruction Fuzzy Hash: FD919C3161DB888FE765EF24C889B9BB7E5FB98301F10492EE58AC3261DB34D544CB52

Function 00007DF41C334B28 Relevance: 1.7, APIs: 1, Instructions: 227networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32 ref: 00007DF41C334BDF

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: d8e018eafecf73722f3cfd2108c578dd3fd3213e6426fbbfe5b50f999653df9c
Instruction ID: 38ba58457555d0f480c150deaee4181b9733717900babc8b435a47af982b0efc
Opcode Fuzzy Hash: d8e018eafecf73722f3cfd2108c578dd3fd3213e6426fbbfe5b50f999653df9c
Instruction Fuzzy Hash: 31818070508E499FEB98EF28C584BA6BBE0FF54315F10426AD44FC7691DB35E850CB91

Function 00007DF41C2F5960 Relevance: 1.7, APIs: 1, Instructions: 203COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00007DF41C2F5B1D

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 458a1419ed12d8a3c2e86420f2914f8409b820493848f008ec8053e1bf8f0b77
Instruction ID: 87c453d4c6a1ffb3860f441c67511e21151391666418eac9c8ca1d7b3d4931ea
Opcode Fuzzy Hash: 458a1419ed12d8a3c2e86420f2914f8409b820493848f008ec8053e1bf8f0b77
Instruction Fuzzy Hash: AA616E7190CB8C8BE755EF54D8856DBB7E1FB94300F100A2EE18BC3151DE39A645CB52

Function 00007DF41C30D6FC Relevance: 1.7, APIs: 1, Instructions: 176processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 00007DF41C30D7F5

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e9169745a3f5c8f3addee9eb58fc29d082d9d243fdbbd28d7b824531286ef21a
Instruction ID: 9a855d2b629c691bf66c7688baa6b572ad978779061061fe12faed259a2d85c2
Opcode Fuzzy Hash: e9169745a3f5c8f3addee9eb58fc29d082d9d243fdbbd28d7b824531286ef21a
Instruction Fuzzy Hash: CC51303161CB888BE768DF58D849BABB7E5FF94311F10052EE58BC3191DB78E8118B52

Function 00007DF41C2F7B7C Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF41C2F65E0: VirtualProtect.KERNELBASE ref: 00007DF41C2F6640
Part of subcall function 00007DF41C2F65E0: VirtualProtect.KERNELBASE ref: 00007DF41C2F6669
Part of subcall function 00007DF41C2F65E0: VirtualProtect.KERNELBASE ref: 00007DF41C2F6685
Part of subcall function 00007DF41C2F65E0: VirtualProtect.KERNELBASE ref: 00007DF41C2F66B0

TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF41C2F341C), ref: 00007DF41C2F7CB7

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual$Free
String ID:
API String ID: 3841229516-0
Opcode ID: 9454607179550a56fcb25c77309fc397396c8818e949c4bf6b88fbdfb1fa50f0
Instruction ID: 4fa7cd053bdce3d4798ded652c5012e574f2f66fbd94f4dd30c4f74f4ac69502
Opcode Fuzzy Hash: 9454607179550a56fcb25c77309fc397396c8818e949c4bf6b88fbdfb1fa50f0
Instruction Fuzzy Hash: 8341D230F08E4C8BEB54EB6899945EE73A1EF48B00B214577E51FD7386DA2CF84087A1

Function 00007DF41C2F3320 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF41C2E3DD8: RtlAddFunctionTable.KERNEL32 ref: 00007DF41C2E3E05

SetErrorMode.KERNELBASE ref: 00007DF41C2F3408

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: ErrorFunctionModeTable
String ID:
API String ID: 928017140-0
Opcode ID: d9c23544fbb2a9f569b4c70e99ee3ada11af114710c16124923c5dd5b1b488fd
Instruction ID: a25941fb223eef7f80252a6adb5b208bcb16f96639d94763cc3fcb2594cc6ce5
Opcode Fuzzy Hash: d9c23544fbb2a9f569b4c70e99ee3ada11af114710c16124923c5dd5b1b488fd
Instruction Fuzzy Hash: A2318121F18C8D4BEA54FB689D825EA73E1EB44710B60057AD24FC33D2D95CAD8543A1

Function 00007DF41C3352D0 Relevance: 1.6, APIs: 1, Instructions: 104COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007DF41C335344

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 5ecb9aca37cfa74a852660f22e24977ddf5ffe3d9d8c212dab6545ea967c75f3
Instruction ID: 78bef9522397f1a9f6ba6408492e0b1ff6ce6144cb3f96324841a45d9946fff7
Opcode Fuzzy Hash: 5ecb9aca37cfa74a852660f22e24977ddf5ffe3d9d8c212dab6545ea967c75f3
Instruction Fuzzy Hash: 0A313071504A498FEB98DF18C5C8BA177E1FF14325F2012AAD95ECF2E6D7789881CB90

Function 000001D97CC4185C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessMitigationPolicy.KERNELBASE ref: 000001D97CC4192F

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID: MitigationPolicyProcess
String ID:
API String ID: 1088084561-0
Opcode ID: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
Instruction ID: caad6b25f9e325ef01d1ead65d29c2fdb1c1677196f408e1d067fc154b71304e
Opcode Fuzzy Hash: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
Instruction Fuzzy Hash: 23310730128A467AFB65F76A88847E177D1EBE43A0F2C89BBC481C61D2DE71CA41CF40

Function 00007DF41C3A67A4 Relevance: 1.6, APIs: 1, Instructions: 335COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C3A6B09

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 3a75ac4bc0ef9b92f46b283ccd4d50aa8e5ba4e277f879feac89481dd4401175
Instruction ID: 20e86b4ade0e5ab3c89aaa679cb4181effec387a2304a5e197d849dd658ed8c9
Opcode Fuzzy Hash: 3a75ac4bc0ef9b92f46b283ccd4d50aa8e5ba4e277f879feac89481dd4401175
Instruction Fuzzy Hash: 7BC17030918A888FDB95DF2888C4BD677F0FF54300F6445BAD98ECB19BC624D895C761

Function 00007DF41C2E2910 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 00007DF41C2E2948

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a1e79bfd5fdfa4d599be838d72d64bf9e685b5698f2b0b05ab8498b458f49234
Instruction ID: 1530464547348a5d463ff2800a5ef1d981865d6b68adb1be6b8ab2e25102814b
Opcode Fuzzy Hash: a1e79bfd5fdfa4d599be838d72d64bf9e685b5698f2b0b05ab8498b458f49234
Instruction Fuzzy Hash: E701D631B149198FEB94EB69DC8867633E5FF893517240476E80FD7254DA3DAC42C790

Function 00007DF41C2E2BB0 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE ref: 00007DF41C2E2BF6

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: DestroyHeap
String ID:
API String ID: 2435110975-0
Opcode ID: e8b38785987ebe4bf97a71b2e294a612045f12fa57e0274daf3e7e500e703184
Instruction ID: a955fbecdf812f32147cbb06bf747ef9223102b0e933020d2715ab6519874f37
Opcode Fuzzy Hash: e8b38785987ebe4bf97a71b2e294a612045f12fa57e0274daf3e7e500e703184
Instruction Fuzzy Hash: C8011D70E09B55CFEB54AF69FD8616637B1EB98311754413FE10EC7A60CA3C5880C761

Function 00007DF41C2E2B5C Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00007DF41C2E2B7C

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: f6a5c260a6ff26826b95901847e0f94daf167b208f970919ab6999429e88efbf
Instruction ID: cce22606589f7affb5ca1d8cb25db89b96e82de5f19e573d075cf6a6e0e8e112
Opcode Fuzzy Hash: f6a5c260a6ff26826b95901847e0f94daf167b208f970919ab6999429e88efbf
Instruction Fuzzy Hash: C0F0A761F18A468FE7207F755D812A763629B84311F34493FEA0FDA285DC3D94818660

Function 00007DF41C305644 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007DF41C30568F

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: ddedd6023ad442b8d2b2fe3290ed3783bcd232237776f9c3a295af58d00cf6c3
Instruction ID: 9296305bd7148812721086f50b5c9920ef41fd92fed031c36ad4861ef50d0d14
Opcode Fuzzy Hash: ddedd6023ad442b8d2b2fe3290ed3783bcd232237776f9c3a295af58d00cf6c3
Instruction Fuzzy Hash: B8F08274104A084FEB48EF5CC48876677E2FFA8315F100169E90DC72E4D7359949C751

Function 00007DF41C2F3088 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetProcAddressForCaller.KERNELBASE ref: 00007DF41C2F30AF

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: c2543c20c0a7d110227d86949c13dfaa5e54e54e664fb098b1aa0bdcf88303a9
Instruction ID: 98d3df35fb548cbf2bb3d44476b4dd4f20dc1a10d0b67bcb0e436da733f369d4
Opcode Fuzzy Hash: c2543c20c0a7d110227d86949c13dfaa5e54e54e664fb098b1aa0bdcf88303a9
Instruction Fuzzy Hash: 32E0C211F18C0D0B6B6862AE288CAB752D6CBDC13331402BBE51EC3395EC18CC850390

Function 00007DF41C30D8E4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE ref: 00007DF41C30D909

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 23f3765db31a0df280e37a6bc4f8137308a1fee0486dc2818908f898aea27d2f
Instruction ID: c076b59af0e72806b2472201f695b54bc63e28b6ed3703abb36710452691a838
Opcode Fuzzy Hash: 23f3765db31a0df280e37a6bc4f8137308a1fee0486dc2818908f898aea27d2f
Instruction Fuzzy Hash: ADE0C232B150240BF72C6ABD2C8917A36DAC7CC572705423BF80AC3284ED7C8C4602D1

Function 00007DF41C2E3DD8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF41C2E3E05

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: 3b09555bf32cd7a482aca5e21dc4f37ab037edd0c1b9afc7390cc3b8e22e33b4
Instruction ID: 2d4877ada3e81689adf89f8be6c0467802656cbd0fc9e0bc89a9032522b822f8
Opcode Fuzzy Hash: 3b09555bf32cd7a482aca5e21dc4f37ab037edd0c1b9afc7390cc3b8e22e33b4
Instruction Fuzzy Hash: DAE04F306509058BEBA8E61DC9493903BE0FB58306F64426DDA05C9291CB3DD89BCF81

Function 00007DF41C2F305C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 00007DF41C2F307E

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction ID: 67300f96fb859b42ebe22121225dcd4423ea9f510f2aaf203e6f296c38a948ea
Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction Fuzzy Hash: 05D05E20B24D0D1BEA48622D1C94B661295EBC8621B64013BE50AC2281DD5CCC550211

Function 00007DF41C2F5DE4 Relevance: 1.5, APIs: 1, Instructions: 266COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00007DF41C2F5F85

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: calloc
String ID:
API String ID: 2635317215-0
Opcode ID: 2479110834a0a50aa720895a2966e0087a87a39eabe9dff41225e0602a7593e9
Instruction ID: a25b6a5f893d165ac258e399cfb4bb3329b4780f5ab694505e69845ebce3c47d
Opcode Fuzzy Hash: 2479110834a0a50aa720895a2966e0087a87a39eabe9dff41225e0602a7593e9
Instruction Fuzzy Hash: CB818330A1CE488FDB54EF18D9859A673E1FF98700B61427AD54FC7296DA38E841CBD1

Function 00007DF41C2F5CC3 Relevance: 1.4, APIs: 1, Instructions: 150COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C2F5D10

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 903acddc3c2cbd21899d181af60d2020bd4c0d22b9f6ec9809e98e44769c02c6
Instruction ID: cd8d9009139aac14d6bc047bda0f2311fa6b0222748f5bec1dcd055d7063c806
Opcode Fuzzy Hash: 903acddc3c2cbd21899d181af60d2020bd4c0d22b9f6ec9809e98e44769c02c6
Instruction Fuzzy Hash: 56413031618E488FEB94EB18C585EE6B3E1FF98310F644266D54EC7296DA38F841CB91

Function 00007DF41C2E4620 Relevance: 1.4, APIs: 1, Instructions: 130COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C2E46EF

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: c3b5330ba83a094f7bad87bbcfda8b7898b28b22e9f53235a9dbd9f71cfcc7c9
Instruction ID: 4f2b265f0e30bb6005095ee776ad191192dd821ca5938c956c88d3aa0dc56bb6
Opcode Fuzzy Hash: c3b5330ba83a094f7bad87bbcfda8b7898b28b22e9f53235a9dbd9f71cfcc7c9
Instruction Fuzzy Hash: 6441EB30F048588BEB68DE698DD40BB37E1EF85305724417BD96BCB646DA2CE946C7E0

Function 00007DF41C3A64E4 Relevance: 1.4, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C3A6580

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: db34f96bb32c5808d121ed52c15c20ade07964c9e34a55c401bc0086a79692f1
Instruction ID: 7c1a18aababa8536e152663fc9781b3249afea0eede703105f8629968c51209f
Opcode Fuzzy Hash: db34f96bb32c5808d121ed52c15c20ade07964c9e34a55c401bc0086a79692f1
Instruction Fuzzy Hash: EC310720A18E8D4BFB989B2C89157E677F0FF85350F24417AD95FC7186DA18E8568360

Function 00007DF41C303848 Relevance: 1.3, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF41C322CFA), ref: 00007DF41C303867

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: aa4f1f029a65678ad9f3ad1f83a567308f2cd0838b93955c777e9bc3ae762b5b
Instruction ID: ab6513cb10dabe08119f92def1dbada214cc41b23db1922a13de78d60d3cc4cc
Opcode Fuzzy Hash: aa4f1f029a65678ad9f3ad1f83a567308f2cd0838b93955c777e9bc3ae762b5b
Instruction Fuzzy Hash: F5219031614D1C8FDB59EF1CDC8CBA277E1FB6831271442ABD80ACB265DA35E888C791

Function 00007DF41C2F2E18 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNELBASE ref: 00007DF41C2F2E40

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: dd3043cd4fdbf6ce1bec2523c8a3e90b76413ae5d3024df9cc9149889a1f6f13
Instruction ID: 9b0c08e7306d4d054a69a868f89156ba111b97dd10cd4ca64d199160b2d6ec15
Opcode Fuzzy Hash: dd3043cd4fdbf6ce1bec2523c8a3e90b76413ae5d3024df9cc9149889a1f6f13
Instruction Fuzzy Hash: D211B931F14D8D5BFB5CAB389D592F736E2FF94700B640236D90FC62A9EE2CA9448650

Function 00007DF41C2FBAB4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

free.MSVCRT(?,?,?,?,?,?,?,?,-00000001,00007DF41C2FD0B5), ref: 00007DF41C2FBAFB

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 75680fa04e19e4440b4640af9aa4d4391f4b0436c9268b337d289e293cb6ea92
Instruction ID: 18024cc85a5391f16117ed0f158a49426b5d3c3b94133c6651f8fc904562fd29
Opcode Fuzzy Hash: 75680fa04e19e4440b4640af9aa4d4391f4b0436c9268b337d289e293cb6ea92
Instruction Fuzzy Hash: 1101FB30604D4C8FDF84EB1CD4D4E5573E5EB68310B2405A6D40ECB255CA79EC828B50

Function 00007DF41C2E6540 Relevance: 1.3, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

malloc.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF41C2E65CE), ref: 00007DF41C2E6585

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
Instruction ID: 0938f985a43c6a063b6e35951023ef370bd67973ae9559d71369da019bee4256
Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
Instruction Fuzzy Hash: 2C01D630B04E0A9BE3689B29D888362B3E1FB98311F14413AD419C3384DB38E890C7D0

Function 00007DF41C2E24F4 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE ref: 00007DF41C2E254E

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 85f62002f11eda201487085593c698b0135f5f3e41b5990a1ae8dfcda2a01f33
Instruction ID: 70c3b426b54cda9c9b263dc55a83bcad9f55dff75b84f88f3c7ff55680029aaf
Opcode Fuzzy Hash: 85f62002f11eda201487085593c698b0135f5f3e41b5990a1ae8dfcda2a01f33
Instruction Fuzzy Hash: 61016230F18E498FEB5CDB2C8E6426133E1FB59315764816AD00FD63E4EA2DE842C711

Function 00007DF41C3402AC Relevance: 1.3, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

free.MSVCRT(?,?,?,?,00000000,00000000), ref: 00007DF41C3402F2

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e005b8aad8ae59e5c4306d33e7cf4f806ca0153c9240256dc9db618efce1777c
Instruction ID: f81d1e304a4d39a6b75fcb9274b69e28f7640ee925cb9630b0fe7fe1c541ea1f
Opcode Fuzzy Hash: e005b8aad8ae59e5c4306d33e7cf4f806ca0153c9240256dc9db618efce1777c
Instruction Fuzzy Hash: A8F0FF3061BE0E8BFF5CABA5DD98A6A3BB1EF14306B14103FD90BD15A0CB6D98549721

Function 000001D97CC419A0 Relevance: 1.3, APIs: 1, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE ref: 000001D97CC419E5

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
Instruction ID: 12ef11a1d81ebb7826645c81f01546ce42001ab4dd5adb2926444a1cad0beebb
Opcode Fuzzy Hash: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
Instruction Fuzzy Hash: F4F03031214A098FDF9CEF95C4D5EE137A4EB28301F14457ACC4ACB156DA21D985CB91

Function 00007DF41C30DADC Relevance: 1.3, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C30DAE6

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 4c39f900df3972edeb9c523e4745635d2babc99cae264e1317ea5b764d4d565e
Instruction ID: 77a33029f327320db183e26d3168276c119541292ee3bc548cf45d0e64eddaaa
Opcode Fuzzy Hash: 4c39f900df3972edeb9c523e4745635d2babc99cae264e1317ea5b764d4d565e
Instruction Fuzzy Hash: 83D05E11B15E0D0FAB58A27E1D9E56A22D6D7D81227940537B90AC2250ED29CC558261

Function 00007DF41C30379C Relevance: 1.3, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C3037C5

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 38b5563491cec97da23afbec1dbe8fd433f77e7ca0be4d4ad2848afd0e677fff
Instruction ID: 77f63dd550acc1a27a3a9be0f7c74893b2d3810658c508574a6198593bf1ca58
Opcode Fuzzy Hash: 38b5563491cec97da23afbec1dbe8fd433f77e7ca0be4d4ad2848afd0e677fff
Instruction Fuzzy Hash: 62E08C30525D0D8EEF88AB388E49B9332E0FB08B01FA40869D00AC31D0D72CD490C711

Function 00007DF41C2E3EB4 Relevance: 1.3, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C2E3ECA

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: f40fb4788220d337bb008d16cea7b0a0ee6a5daf6a138a5e0a6bf71422f7da42
Instruction ID: f69f651ce9fb2a63429de5c95c094f42236e8473c236e3801bac4d9e86bea528
Opcode Fuzzy Hash: f40fb4788220d337bb008d16cea7b0a0ee6a5daf6a138a5e0a6bf71422f7da42
Instruction Fuzzy Hash: 0ED05E34B06E4E8BFF9CA6BA89AC57623A1EF58203718107DD50BD1AA0CA5DD8409311

Function 00007DF41C2EFBE8 Relevance: 1.3, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007DF41C2EFBEE

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 7aac0fcb7c972547ff5d390886f6270a0f974cec2218a33fb889b5e6a18d3d37
Instruction ID: c5f0b511ffcdd0db2e1d1ba270ca8cbb8b5f1f71ed0dfb5a94b4bc751638d85b
Opcode Fuzzy Hash: 7aac0fcb7c972547ff5d390886f6270a0f974cec2218a33fb889b5e6a18d3d37
Instruction Fuzzy Hash: A1D01260B05D094B7B5076FB1DCD1792A94D7282027100022E919C0660E908C894D351

Function 00007DF41C2F5BBC Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C2F5BC5

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: b7031c71d370f0c4b9d1add862bc0dfec61c612abdfff09cb5e9d61695c69b58
Instruction ID: 91a6cae47af2a3ac07ba65e0eb943f02086a93d5951ef76d460a3e0e3adffdc9
Opcode Fuzzy Hash: b7031c71d370f0c4b9d1add862bc0dfec61c612abdfff09cb5e9d61695c69b58
Instruction Fuzzy Hash: B7B0922489AD4A42ED0832764E991992A60AB14201FC500259806C0154E50E809A42A6

Function 00007DF41C2E4A20 Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00007DF41C2E4A29

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 551c0ffc82b28a3876ee79cfc9de3840c8837f1e4274ad0e5daf9a8a7b3ff23c
Instruction ID: 404f7b5f25c7a1682fd6117a52f51a728b550125061c2cbeabb6e3099024c092
Opcode Fuzzy Hash: 551c0ffc82b28a3876ee79cfc9de3840c8837f1e4274ad0e5daf9a8a7b3ff23c
Instruction Fuzzy Hash: 27B01224E27C4F43ED4C37B70F690693760AF18212FD40015EC0AD0A54E55CC494A35A

Non-executed Functions

Function 00007DF41C30E261 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000003.2576205493.00007DF41C2E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF41C2E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_7df41c2e1000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46f5df41ea43a57528ce76f95f617c5d60ae02f95908509022172248d9e28bd8
Instruction ID: 317b8491c6c81d94af8fc2b3a06f72133790875556e8c436f9feff669d1d81d5
Opcode Fuzzy Hash: 46f5df41ea43a57528ce76f95f617c5d60ae02f95908509022172248d9e28bd8
Instruction Fuzzy Hash: FFB01130E28808C2C2280E0AF802330F2B0C30B300F00303A2000F3A20C8BACC82008F

Function 000001D97CC40511 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2576552726.000001D97CC40000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D97CC40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d97cc40000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
Instruction ID: 9c6f723353de5f7bfac1b68b00d860ec9f8fa9508ac40f659eae0282c9a534f1
Opcode Fuzzy Hash: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
Instruction Fuzzy Hash: 26B01132E28A0082E3880E0AB8023B0F2B0C30B300F00B0322008F3220C828CC08028F

Analysis Process: wmplayer.exePID: 2172, Parent PID: 5448COMMON

Execution Graph

Execution Coverage:	5.2%
Dynamic/Decrypted Code Coverage:	14.9%
Signature Coverage:	0%
Total number of Nodes:	282
Total number of Limit Nodes:	28

Executed Functions

Function 00007DF4C3601958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00007DF4C360199B
NtAllocateVirtualMemory.NTDLL ref: 00007DF4C3601A3A
NtWriteVirtualMemory.NTDLL ref: 00007DF4C3601A88
NtQueryInformationProcess.NTDLL ref: 00007DF4C3601AB0
NtReadVirtualMemory.NTDLL ref: 00007DF4C3601AE0
NtReadVirtualMemory.NTDLL ref: 00007DF4C3601B13
NtReadVirtualMemory.NTDLL ref: 00007DF4C3601B42
NtReadVirtualMemory.NTDLL ref: 00007DF4C3601B76
NtProtectVirtualMemory.NTDLL ref: 00007DF4C3601BBD
NtProtectVirtualMemory.NTDLL ref: 00007DF4C3601C44
NtWriteVirtualMemory.NTDLL ref: 00007DF4C3601C69
NtProtectVirtualMemory.NTDLL ref: 00007DF4C3601C8D

Strings

H, xrefs: 00007DF4C3601C15
H, xrefs: 00007DF4C3601BF2

Memory Dump Source

Source File: 00000006.00000003.2514012192.00007DF4C3601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_7df4c3601000_wmplayer.jbxd

Similarity

API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
String ID: H$H
API String ID: 874015164-136785262
Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
Instruction ID: d10527c9833c5f3ae680327788c2bb8f175cf386ad3324c19b86457ee10e84b9
Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
Instruction Fuzzy Hash: BFB1437060CB888FD764DF18D895AAAB7E5FBD5304F001A2EE5CBC3251DB38E5458B86

Function 00000195528F2D24 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFormatCurrentUserKeyPath.NTDLL ref: 00000195528F386B
calloc.MSVCRT ref: 00000195528F39C1

Strings

;Ln, xrefs: 00000195528F31B4
MZ, xrefs: 00000195528F3971
MZ, xrefs: 00000195528F3583
;$dW, xrefs: 00000195528F3D1C
t, xrefs: 00000195528F3A60
N, xrefs: 00000195528F3A58
;$dW, xrefs: 00000195528F352D

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: CurrentFormatPathUsercalloc
String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
API String ID: 4207655178-84560671
Opcode ID: 1512b8534d4c685afcc9061355cc33150ae67fa718ee72ec55426bd84ba67b64
Instruction ID: 8c1e7b5e5efc8d8932d48fd7074002bde08f3250173ff88466565776253d9f46
Opcode Fuzzy Hash: 1512b8534d4c685afcc9061355cc33150ae67fa718ee72ec55426bd84ba67b64
Instruction Fuzzy Hash: BCA28FB051CF888FE376DF1898947EAB7E5FB99701F500A2EE489C3252DB749541CB82

Function 00007DF4C3601CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4C3601290: RtlAddFunctionTable.KERNEL32 ref: 00007DF4C36012BD

Part of subcall function 00007DF4C36012C8: VirtualProtect.KERNELBASE ref: 00007DF4C36012F5

Part of subcall function 00007DF4C3601438: RegOpenKeyExW.KERNELBASE ref: 00007DF4C3601497
Part of subcall function 00007DF4C3601438: RegQueryValueExW.KERNELBASE ref: 00007DF4C36014E6
Part of subcall function 00007DF4C3601438: RegCloseKey.KERNELBASE ref: 00007DF4C360150C
Part of subcall function 00007DF4C3601438: GetVolumeInformationW.KERNELBASE ref: 00007DF4C3601570

calloc.MSVCRT ref: 00007DF4C3601DE3
CreateProcessW.KERNELBASE ref: 00007DF4C3601F80
NtResumeThread.NTDLL ref: 00007DF4C3601FA5
CloseHandle.KERNELBASE ref: 00007DF4C3601FBF
free.MSVCRT ref: 00007DF4C3601FDC

Strings

-, xrefs: 00007DF4C3601E95

Memory Dump Source

Source File: 00000006.00000003.2514012192.00007DF4C3601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_7df4c3601000_wmplayer.jbxd

Similarity

API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
String ID: -
API String ID: 167522227-2547889144
Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
Instruction ID: 842103727d5696f808f948fab5c39abcea95dc89abbe9753dec5e5dc2597f217
Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
Instruction Fuzzy Hash: 6D919334708A494BFB64EF64D8A66BB73E1FF94301F00552AE58BC3291DF78E9818785

Function 00000195528ECDF4 Relevance: 4.6, APIs: 3, Instructions: 110
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeW.KERNELBASE ref: 00000195528ECEA7
BindIoCompletionCallback.KERNEL32 ref: 00000195528ECEDE
ConnectNamedPipe.KERNELBASE ref: 00000195528ECEEF

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: NamedPipe$BindCallbackCompletionConnectCreate
String ID:
API String ID: 2502124517-0
Opcode ID: 1f39a579d535edce93b33f8ad890ac1eeea552d42be0d6d7d28d92d913c1a808
Instruction ID: 4c26072f2831011921e36235b5fb014664db2ab25e44c07e1d2faf9e0e123397
Opcode Fuzzy Hash: 1f39a579d535edce93b33f8ad890ac1eeea552d42be0d6d7d28d92d913c1a808
Instruction Fuzzy Hash: CB31A030608A488FE795EF28D8D8B9A77E5FB88350F104629E45AD31D2DF74C945CB82

Function 00007DF4C3612704 Relevance: 4.5, APIs: 3, Instructions: 40
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQuerySystemInformation.NTDLL ref: 00007DF4C3612715
malloc.MSVCRT ref: 00007DF4C3612731
NtQuerySystemInformation.NTDLL ref: 00007DF4C3612755

Memory Dump Source

Source File: 00000006.00000002.2914401673.00007DF4C3611000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3611000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3611000_wmplayer.jbxd

Similarity

API ID: InformationQuerySystem$malloc
String ID:
API String ID: 1603438391-0
Opcode ID: eaf85d99e703aa885d9be82610ad3d8d03a394a4204a017367fdf17adc8f3dbe
Instruction ID: 227827cfcd8ed6ece3bf47e23423be5a24e0e5f80167a5dfe1ea72ee2e42dfd1
Opcode Fuzzy Hash: eaf85d99e703aa885d9be82610ad3d8d03a394a4204a017367fdf17adc8f3dbe
Instruction Fuzzy Hash: 740119347199498BF799EF24DCACAA6B7F1FB94301F441128A44BC22A0DF38D945CB42

Function 00000195528F2C64 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0, xrefs: 00000195528F2CBC

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: f6b0f352e34b93935ac2a1f97fa2b0892be8d0a68ee0d9962c8f94757f801c03
Instruction ID: d0c7bf570d945ab6de094ff667bc054c56029ff6acdef804f99ba92fcbe17428
Opcode Fuzzy Hash: f6b0f352e34b93935ac2a1f97fa2b0892be8d0a68ee0d9962c8f94757f801c03
Instruction Fuzzy Hash: 9221AE71608E484FF750EF9888D83AA77E2E798381F61053FF94AD3256DA249944C741

Function 0000019552AC1F40 Relevance: 3.4, APIs: 2, Instructions: 426memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE ref: 0000019552AC26C4
RtlFreeHeap.NTDLL ref: 0000019552AC26ED

Memory Dump Source

Source File: 00000006.00000003.2502333474.0000019552AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000019552AB0000, based on PE: true

Associated: 00000006.00000003.2474026747.0000019552AB0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000006.00000003.2474074242.0000019552AB0000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_19552ab0000_wmplayer.jbxd

Similarity

API ID: Free$HeapVirtual
String ID:
API String ID: 3783212868-0
Opcode ID: 86272efb14c44565b31b536206d8a7e697bd049e512a224102b8fa292cb2c375
Instruction ID: d09e69ead20ab270bfc359f0456f7901bdb574580bbfb3b86c1265ae93bd55b4
Opcode Fuzzy Hash: 86272efb14c44565b31b536206d8a7e697bd049e512a224102b8fa292cb2c375
Instruction Fuzzy Hash: 95024673604AA086E776EF29D0647AD7BE2F384784F498012FB9E63749EE78C944C750

Function 00000195528E2628 Relevance: 3.3, APIs: 2, Instructions: 293
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE ref: 00000195528E272E
SuspendThread.KERNELBASE ref: 00000195528E2770

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: CloseHandleSuspendThread
String ID:
API String ID: 1038686644-0
Opcode ID: ee0b4b29cbf429cf193f7da3647d56e0b1a845656fd74a12addcfb7ee39e090b
Instruction ID: 6943677a20e6284900ee5ce8988829f94faf802c05409fcc5014246457c213e3
Opcode Fuzzy Hash: ee0b4b29cbf429cf193f7da3647d56e0b1a845656fd74a12addcfb7ee39e090b
Instruction Fuzzy Hash: 1D910430208F158BFB69DB58D8613B973E2FB45350F15415DE45BD718BDA35D842CB82

Function 00007DF4C36222CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4C3621290: RtlAddFunctionTable.KERNEL32 ref: 00007DF4C36212BD

Part of subcall function 00007DF4C36212C8: VirtualProtect.KERNELBASE ref: 00007DF4C36212F5

SetTimer.USER32 ref: 00007DF4C3622762

Memory Dump Source

Source File: 00000006.00000002.2914559508.00007DF4C3621000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3621000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3621000_wmplayer.jbxd

Similarity

API ID: FunctionProtectTableTimerVirtual
String ID:
API String ID: 2248422592-0
Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
Instruction ID: 9b0ee2b067574bf706c4b79ab70abf6c08d0ad19bd1ebe144efa14e4e4d9d607
Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
Instruction Fuzzy Hash: 0BE1623160CA494FEBA4EF28D8A85BA77F1FF98300F15552EE48BC3291DB35E5858781

Function 00000195528EC25C Relevance: 1.8, APIs: 1, Instructions: 560memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00000195528EC65C

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1463b6e579e83794cd598155eb9e3160b38bf0e3bcb0f61670329aaf0c67c5a2
Instruction ID: d038e927091d94c3939e59efbab8d49e5691de921c22892add6bfa070cb89c8a
Opcode Fuzzy Hash: 1463b6e579e83794cd598155eb9e3160b38bf0e3bcb0f61670329aaf0c67c5a2
Instruction Fuzzy Hash: 6CF14A31A18A680EF72DDB6C98962B977D2F785341F28426EE4DBD2283D938C547C7C1

Function 00000195528F29D4 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F2A94

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: f13696e1930880e2e19ebf6412232386b6a4ab7a0f564d2111b2459b68bcc0da
Instruction ID: d2afdbf74e62b199bf48654d401ac8985fb14f4fdf2b9ab74c4be8505084fda5
Opcode Fuzzy Hash: f13696e1930880e2e19ebf6412232386b6a4ab7a0f564d2111b2459b68bcc0da
Instruction Fuzzy Hash: 0781D43021CF098BF777DB9894657AAB3D2FB94380F524619F846D728BEA64D811C782

Function 00000195528F27B8 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F2807

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: d9381645012d00cf6e7f8dfe8da443d67e907387f0873f85681973196ff3555c
Instruction ID: 912c1a7d21452797694ee845f032dd9f65e678cdb8c6c84a3d3723007d26eca5
Opcode Fuzzy Hash: d9381645012d00cf6e7f8dfe8da443d67e907387f0873f85681973196ff3555c
Instruction Fuzzy Hash: 8EF0DA74A2CF448FEB64EF2CD489B9A77E1FB99300F504519E84CC3246DB34D8448B86

Function 00000195528F2990 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F29BA

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 98d03459468cdcd74854b97b597847e55f0ea75636d4913b4c299d0c762e3800
Instruction ID: a75c1b88834208dd57b50d1e19c39359755426d288108ae1ba5e502946a62bf9
Opcode Fuzzy Hash: 98d03459468cdcd74854b97b597847e55f0ea75636d4913b4c299d0c762e3800
Instruction Fuzzy Hash: D4E09271208B088FEB00EF98CCC1DA9B3E4E7D9301F404D2AEC8AC7165D264D648CB92

Function 00000195528F288C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F28A7

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 1d483c746a178fd7cebb358bd60c8d391381be698edd62c71eedc0381d53c554
Instruction ID: cefaf7870d4e257059961d952ce096e6ede9131f376b49f151d9f1fa02fd82de
Opcode Fuzzy Hash: 1d483c746a178fd7cebb358bd60c8d391381be698edd62c71eedc0381d53c554
Instruction Fuzzy Hash: A5D0A734A3CF4D4FFB10B768894030537D2F7D5308F914608A848D325AD62DD40087C2

Function 00000195528F28B8 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F28D9

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: bd75e34d41d0a0c218f00c4b384fa59cf13494ae4b0fc6bee219bc2a66024f0a
Instruction ID: e3c05d31d6f804c35958d2e90b5f61009b51f6ac9a33535f2df13dfc4c5c8d33
Opcode Fuzzy Hash: bd75e34d41d0a0c218f00c4b384fa59cf13494ae4b0fc6bee219bc2a66024f0a
Instruction Fuzzy Hash: 7AD05B34D6CF458BE710FBA8C8406497BE1FBD9354F654618F88593315E338D441C786

Function 00000195528F252C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F254D

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 27a0ab9b8b81d19b55a36d5b88940b5d877d47714e961321c564cf766a84aa8c
Instruction ID: bbb28da669a997571992535fecf66cb502b0a47bbce46fe4e0f8664d16fa9e76
Opcode Fuzzy Hash: 27a0ab9b8b81d19b55a36d5b88940b5d877d47714e961321c564cf766a84aa8c
Instruction Fuzzy Hash: 57D01234A18B458BE750AB6C89516097BE1B7C9358F554618F84893315E238D441C786

Function 00000195528F28E8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00000195528E531B), ref: 00000195528F28F8

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 14fbc5d4ea2d13eb613c5f0cfb1986910ad3174e43fd425e2ce4bb45159b65c3
Instruction ID: a3bb56e8eb04ce503dab46a41acb177fddd5b8867c11d0fe2d39ff621ed1696f
Opcode Fuzzy Hash: 14fbc5d4ea2d13eb613c5f0cfb1986910ad3174e43fd425e2ce4bb45159b65c3
Instruction Fuzzy Hash: 07C08C2062DE0E0AFA01A2F98C91B582380A349394F810000AC05D2186E80CD5C08392

Function 00000195528F2418 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000195528F2428

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 2134b33d09b848e70ba1f23de37cfdd97cd4e92c7083e33fbb9b34bfa8345c36
Instruction ID: e1eae6d40392d8cc3cffb3330a91bf86f208085473a78866d835f1730a93b5dd
Opcode Fuzzy Hash: 2134b33d09b848e70ba1f23de37cfdd97cd4e92c7083e33fbb9b34bfa8345c36
Instruction Fuzzy Hash: 1DC08C20A19D0B0AFA16A2FA8C907483280A7AA380FC20000B808C2186F48CC8D083E6

Function 00007DF4C3601438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE ref: 00007DF4C3601497
RegQueryValueExW.KERNELBASE ref: 00007DF4C36014E6
RegCloseKey.KERNELBASE ref: 00007DF4C360150C
GetVolumeInformationW.KERNELBASE ref: 00007DF4C3601570

Memory Dump Source

Source File: 00000006.00000003.2514012192.00007DF4C3601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_7df4c3601000_wmplayer.jbxd

Similarity

API ID: CloseInformationOpenQueryValueVolume
String ID:
API String ID: 4069062851-0
Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
Instruction ID: 99b954df7d3041c0c8cb4f7405de7d906f5c8a2b4717fd22c10fc9b62ba0fe5e
Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
Instruction Fuzzy Hash: 78413E7061CA488BE765EF24C499BEBB3E1FB94301F005A2EE18BC6291DF7895448B46

Function 00000195528F7DA0 Relevance: 6.1, APIs: 4, Instructions: 130
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 00000195528F7DA9
socket.WS2_32 ref: 00000195528FB24B
getsockopt.WS2_32 ref: 00000195528FB27F
socket.WS2_32 ref: 00000195528FB2B4

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: socket$ErrorModegetsockopt
String ID:
API String ID: 552242919-0
Opcode ID: 3bad8950bc8ed42d49e75fcab8a12e6def80f6fb96da2e8da31b13afe45452c3
Instruction ID: 71dc0846e47a2c6dfd0998c891c3612f5f73a96f01c9324a72858cc3a3061457
Opcode Fuzzy Hash: 3bad8950bc8ed42d49e75fcab8a12e6def80f6fb96da2e8da31b13afe45452c3
Instruction Fuzzy Hash: D2417530618B498FF759EF68D8986AA77E6FB98300F51463DE04BC33A2DB788515CB41

Function 00000195528EDFC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00000195528EE047
VirtualProtect.KERNELBASE ref: 00000195528EE070

Strings

rE\, xrefs: 00000195528EDFDC

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID: rE\
API String ID: 544645111-988334199
Opcode ID: fd197d1d460a7a7097ebc69198cfe8898b84731961e3c45740b5833891c72836
Instruction ID: 62310f116ca28d28a0a8b4e9c7f3c1280bbf838b4b4b142474fae4111e3ddc78
Opcode Fuzzy Hash: fd197d1d460a7a7097ebc69198cfe8898b84731961e3c45740b5833891c72836
Instruction Fuzzy Hash: 3D116031308E090BFB46FB9898A1BF97297F7D8340F504529A40AD3287EE28DD458781

Function 00000195528EBBF0 Relevance: 4.6, APIs: 3, Instructions: 110
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenFileMappingW.KERNELBASE ref: 00000195528EBC4C
MapViewOfFile.KERNELBASE ref: 00000195528EBC6E
CloseHandle.KERNELBASE ref: 00000195528EBCE6

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: File$CloseHandleMappingOpenView
String ID:
API String ID: 2553196624-0
Opcode ID: 8bb8605ac1c349b7ed951fd2da0efd1c73228fe5391c7a5f19e2fcd3618d3200
Instruction ID: ed9fe3a441af88d35aa018f1883158c09974061d55f908a4540d783e29b87e75
Opcode Fuzzy Hash: 8bb8605ac1c349b7ed951fd2da0efd1c73228fe5391c7a5f19e2fcd3618d3200
Instruction Fuzzy Hash: 7D31A431618E088FFB56FF64D8966EAB3D5FB94340F51452AA44BC3183DE34D51D8781

Function 00000195528EB9D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32 ref: 00000195528EBB1F

Strings

P, xrefs: 00000195528EBA46

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: CreateWindow
String ID: P
API String ID: 716092398-3110715001
Opcode ID: 3958d680dd61ed40200acf61cd907bfc270c34c5250da5fbb8d7e78c828db693
Instruction ID: d07070a97c1680ac6a7fb4257046e02450a00fb8d395d76f3876d94df9a2b15b
Opcode Fuzzy Hash: 3958d680dd61ed40200acf61cd907bfc270c34c5250da5fbb8d7e78c828db693
Instruction Fuzzy Hash: 41518F70118B448FE7A5EF28E89679AB7E4FB99300F10462FE08EC2151DF349445CB83

Function 00007DF4C3613018 Relevance: 3.3, APIs: 2, Instructions: 297
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007DF4C3611708: RtlAddFunctionTable.KERNEL32 ref: 00007DF4C3611735

Part of subcall function 00007DF4C3611740: VirtualProtect.KERNELBASE ref: 00007DF4C361176D

calloc.MSVCRT ref: 00007DF4C361313A
SendMessageA.USER32 ref: 00007DF4C36131FB

Memory Dump Source

Source File: 00000006.00000002.2914401673.00007DF4C3611000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3611000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3611000_wmplayer.jbxd

Similarity

API ID: FunctionMessageProtectSendTableVirtualcalloc
String ID:
API String ID: 2453823186-0
Opcode ID: 06791c2761ba3497e0c9077ab5921302019734c58a86a701aa2be8a22ea6a1e2
Instruction ID: c1f4f38a31433e9645ee11592337f46cff85e950f42ee8c9a79cbf4d50336209
Opcode Fuzzy Hash: 06791c2761ba3497e0c9077ab5921302019734c58a86a701aa2be8a22ea6a1e2
Instruction Fuzzy Hash: B891643571CA484FFBA5EF28D4A55BA73E2FB54300B60563AD08BC3291DA78EC958781

Function 00000195528E22D0 Relevance: 3.2, APIs: 2, Instructions: 222
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE ref: 00000195528E22E8
VirtualAlloc.KERNELBASE ref: 00000195528E23B4

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 9420d4d47bb5eb7f06d7fea4bf54311970c83033f74d5905fb72208c54926d5e
Instruction ID: ac10cc54df6c9b8ef5185e9ec1ef809be7e5113e63f9e7798c6e18743dd70e9d
Opcode Fuzzy Hash: 9420d4d47bb5eb7f06d7fea4bf54311970c83033f74d5905fb72208c54926d5e
Instruction Fuzzy Hash: F851093021CF0D4FFB56EBAC94583A972D2F798385F154129F44AD31AAEE74C8818B81

Function 00000195528ED594 Relevance: 3.1, APIs: 2, Instructions: 132
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE ref: 00000195528ED5D8
CloseHandle.KERNELBASE ref: 00000195528ED62C

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: CloseFileHandleView
String ID:
API String ID: 3964672402-0
Opcode ID: f5e4ace49f8dbf4d208ab68c6c07d1c08f373a7b01313fe5be4b999b6ef0fbb6
Instruction ID: 9d604e4fc59a21d1c98c32beaa6513d48bcce3754c03a537b322a1c2ccf84d5d
Opcode Fuzzy Hash: f5e4ace49f8dbf4d208ab68c6c07d1c08f373a7b01313fe5be4b999b6ef0fbb6
Instruction Fuzzy Hash: 4141B470214F088FF746FFA8D8946EA73A6FBA5341F024519B40AD7197DF24D8058781

Function 00000195528E2974 Relevance: 3.1, APIs: 2, Instructions: 97
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00000195528E29B3
VirtualProtect.KERNELBASE ref: 00000195528E2A19

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9af94119fb7637b7a971dd9e5dfe6689dbe62cc4b897151fb24c5dcbfab40a36
Instruction ID: 8fd473e6c5ac7835a0d05c2bd1bb3714269cdae0cdf2d3ce3046671e1f53f760
Opcode Fuzzy Hash: 9af94119fb7637b7a971dd9e5dfe6689dbe62cc4b897151fb24c5dcbfab40a36
Instruction Fuzzy Hash: 1A312B30308B854BFB159BAC98A4B953BC2FB5B354F160295E88AC72CADB58CC02C356

Function 00007DF4C36012C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF4C36012F5
VirtualProtect.KERNELBASE ref: 00007DF4C360137E

Memory Dump Source

Source File: 00000006.00000003.2514012192.00007DF4C3601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_7df4c3601000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
Instruction ID: a46b66cc1c8fb2ebaec874ce0071bf4c0cdf39744c2acfd7e94dbce8f7855b00
Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
Instruction Fuzzy Hash: BD21BF3970868547FB2C9F3894A6676B3E1FF94300F14513AE88BC7B85D669F88182D9

Function 00007DF4C3611740 Relevance: 3.1, APIs: 2, Instructions: 90
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007DF4C361176D
VirtualProtect.KERNELBASE ref: 00007DF4C36117F6

Memory Dump Source

Source File: 00000006.00000002.2914401673.00007DF4C3611000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3611000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3611000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 555ee51bdfbe110a30625e9d65cd405c650e6e50b938efdbc78372c29de57681
Instruction ID: c1047f9e9137d80326c84af7b140857f0121287a1f041e737e4bb44fe92673eb
Opcode Fuzzy Hash: 555ee51bdfbe110a30625e9d65cd405c650e6e50b938efdbc78372c29de57681
Instruction Fuzzy Hash: CC21D13A70868647FB289F2D94A8677B3F1FF94300F14512AE49BC7385D668ED818285

Function 00007DF4C36212C8 Relevance: 3.1, APIs: 2, Instructions: 90
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007DF4C36212F5
VirtualProtect.KERNELBASE ref: 00007DF4C362137E

Memory Dump Source

Source File: 00000006.00000002.2914559508.00007DF4C3621000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3621000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3621000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
Instruction ID: 0e9047d6a1c939543ac2e4ee6d3f86e6173248eead018052d04ad3dcdd0c40df
Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
Instruction Fuzzy Hash: C321D33170C58547FB28DF289464A76B3F2FF94340F16513AE88BC7B85D66AE88182D5

Function 00000195528EA960 Relevance: 2.5, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

free.MSVCRT(?,?,?,?,?,?,?,?,-00000002,00000195528F0CE7), ref: 00000195528EA976
free.MSVCRT(?,?,?,?,?,?,?,?,-00000002,00000195528F0CE7), ref: 00000195528EA994

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 85df9ee76aeee916477ee65bd03fae0aa34298d7a375d21a792168504e9e5af9
Instruction ID: 4707e5f48f3b92a9a6fee5aadddeb42597035c74710da5335c930aae01e46293
Opcode Fuzzy Hash: 85df9ee76aeee916477ee65bd03fae0aa34298d7a375d21a792168504e9e5af9
Instruction Fuzzy Hash: 10F09A30210E0E8FFB8AEF69C4E8765B3E1FB68346F6101A9E419C25A0C7749C50CB01

Function 00007DF4C36015E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE ref: 00007DF4C360172D

Memory Dump Source

Source File: 00000006.00000003.2514012192.00007DF4C3601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_7df4c3601000_wmplayer.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
Instruction ID: 2a62fc16757fa8d5bd8d749418b000f5050627493341dabccc7e7fdb3fd27fcc
Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
Instruction Fuzzy Hash: AB71637061C7884BE775DF2894966BBB7E1FB94300F001A2EE5CFC3251EA34A9418786

Function 00000195528ECA8C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 00000195528ECC99

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: e26a3d902f64fdb1e6a29b1ddfd8af137ced715061d327bbcfc87f3b72d7e64f
Instruction ID: bb007ee1d064bc00a6448d20c62f786b999b474988267a599c3408c23b2fa5f6
Opcode Fuzzy Hash: e26a3d902f64fdb1e6a29b1ddfd8af137ced715061d327bbcfc87f3b72d7e64f
Instruction Fuzzy Hash: 2471F832608F084FF76AEB58D8A1AA573E2FBD4710F11061DE58BD3193DB30E9468781

Function 00000195528E6C10 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE ref: 00000195528E6CD6

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: c27442c9625b69612e30a0c621dafdc38b3cd1b2ea33eefe8ec2cdf5f7c33623
Instruction ID: 8ea1ce173c72d212e7a7c07c1585cad52d4f510e6a6058f710e0846e36decd3e
Opcode Fuzzy Hash: c27442c9625b69612e30a0c621dafdc38b3cd1b2ea33eefe8ec2cdf5f7c33623
Instruction Fuzzy Hash: D9419130314F094BFB5AF7B898A17FA32D7EB94350F410629B84AE31C3DE29D9018742

Function 00000195528E778C Relevance: 1.6, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00000195528E78B2

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: c6fe4b8a49b1c432d16a5d1b2244a4336856686fe2f0bc0d983b446ba2d85ae3
Instruction ID: 61ac1705acb0daafb1fcec06fa7b8921df6853dd06dd1cd2ac7b7b98c434040a
Opcode Fuzzy Hash: c6fe4b8a49b1c432d16a5d1b2244a4336856686fe2f0bc0d983b446ba2d85ae3
Instruction Fuzzy Hash: C841307111CB488BE76AEB64C8A5BDBB3E1FB94340F014A1DF08AD3192EF759549CB42

Function 00000195528ECCD0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 00000195528ECD2F

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 2f464fde3477c0bba4832f44d3340180ae7d23497e5ed422822a87f1e6a42210
Instruction ID: 2c1069a24936e724568049153cc41f6ee0b5341e1661a4c65039211f02189417
Opcode Fuzzy Hash: 2f464fde3477c0bba4832f44d3340180ae7d23497e5ed422822a87f1e6a42210
Instruction Fuzzy Hash: ED01C471704A0C8FE741FB59D8819ADB7E9FBD8310F50062AF84AD2141EF20EA548781

Function 00000195528E2904 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 00000195528E293C

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a3e65a005f3911c52a3a19618f507bf36bcbd5794d57615cb3bbd7cad2f75c67
Instruction ID: 910e23e9931e0ccba8eaef15fcbcf38b870762da0a7e854c1bdb508de3763c99
Opcode Fuzzy Hash: a3e65a005f3911c52a3a19618f507bf36bcbd5794d57615cb3bbd7cad2f75c67
Instruction Fuzzy Hash: 4B012631714E098FFB54EBADDCA8A6533D2FB8A356B054065E80AC3149DA3A9C41CB41

Function 00007DF4C3612F60 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

SetWinEventHook.USER32 ref: 00007DF4C3612FCD

Memory Dump Source

Source File: 00000006.00000002.2914401673.00007DF4C3611000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3611000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3611000_wmplayer.jbxd

Similarity

API ID: EventHook
String ID:
API String ID: 3661607649-0
Opcode ID: e6b188324f96a1e03f166e4287a2793acb406422b2b30f8b11d607c185f61fee
Instruction ID: f043cd9ba7629f6b13f540777d867073716357af0ec9632a4c2107f2479a5ab5
Opcode Fuzzy Hash: e6b188324f96a1e03f166e4287a2793acb406422b2b30f8b11d607c185f61fee
Instruction Fuzzy Hash: 6A113034A189454EFB64EF60D8797A672F0FB10319F601629D0CBC22D1DB39D8949741

Function 00000195528EBE7C Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 00000195528EBED6

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4d57d7d5982399080f90361c2699a999889f8feb933735bc5bb6e787f07df0d3
Instruction ID: 1eaf613cefe04f4ff9a384a9be0e584fcede235339585d27e1d568cb1021c5c4
Opcode Fuzzy Hash: 4d57d7d5982399080f90361c2699a999889f8feb933735bc5bb6e787f07df0d3
Instruction Fuzzy Hash: D5018C30318F4D4FFB46EBB898663A972A6FB54341F51056AA00AD3293EA28CD088742

Function 00000195528E2B50 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00000195528E2B70

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: eab2b32177be9564e25d5777707ea1ca30621b5695f0306aefe172fe800bc35c
Instruction ID: 54b042bb7c3bfccac3b681e6448c953e60678f2ea62b1d3fbe5bf875a47bf3a0
Opcode Fuzzy Hash: eab2b32177be9564e25d5777707ea1ca30621b5695f0306aefe172fe800bc35c
Instruction Fuzzy Hash: 2CF0E531704F088FF725AEF65CE43AB3243F3C4392F26093AF406D628AD83988418340

Function 00000195528E697C Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetProcAddressForCaller.KERNELBASE ref: 00000195528E69A3

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: c691d5039295ecc8b7e044fb40fc3c69618cf93c91779b6bda279d67736a12d8
Instruction ID: e4fffc9765f6acdd145f62f41d470a55e0350fb84db44d2a60b91f537191f596
Opcode Fuzzy Hash: c691d5039295ecc8b7e044fb40fc3c69618cf93c91779b6bda279d67736a12d8
Instruction Fuzzy Hash: EDE08C21704D290BAB6961EE2498AB611C6C7E82A2704027AB41CC229AED10CC410380

Function 00007DF4C3601290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF4C36012BD

Memory Dump Source

Source File: 00000006.00000003.2514012192.00007DF4C3601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_3_7df4c3601000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
Instruction ID: 3a3478d107bdac111e3b544a8ee32e5ef53c26fd2f5a171acadc6302ad4557c5
Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
Instruction Fuzzy Hash: A5E04F34A049055BEBA8DB1DC80A7603AE0FB5830AF608669D505C9291CB79D4DBCF85

Function 00007DF4C3611708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF4C3611735

Memory Dump Source

Source File: 00000006.00000002.2914401673.00007DF4C3611000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3611000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3611000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: 62df2a061ef9a83e40c3da8f8fbf33d98cfabe8aaf6c816d3fbd47a45bbcd3fe
Instruction ID: 76a05e3f2d73c7651866d01bd3a325cf1df100a9b418ec0a23001b58e78f9a86
Opcode Fuzzy Hash: 62df2a061ef9a83e40c3da8f8fbf33d98cfabe8aaf6c816d3fbd47a45bbcd3fe
Instruction Fuzzy Hash: 8FE04F346509054BEBA8EB1DC85D76036E0EB58306F604269D445CA391CB3998DBCF82

Function 00000195528E3C84 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00000195528E3CB1

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: a4029a93bfcd341c8676454adb8c6f5f12b6913b14ed0bccef0902b234b6dd47
Instruction ID: 7bf5d4020bd822077cd196132438d44c66797059df1bc9fb99fa56935061e143
Opcode Fuzzy Hash: a4029a93bfcd341c8676454adb8c6f5f12b6913b14ed0bccef0902b234b6dd47
Instruction Fuzzy Hash: E5E04F30100A055BFB9CDB5DC9093A036D1EB9830AF604258E404C9296CB3AC8DBCF41

Function 00000195528E74A0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE ref: 00000195528E757E

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: ef59572018a9deb8cc9717970e2f4ccce5bc515e763955c946e33fff9a11c9f9
Instruction ID: 6b087159b50a4c0b11072835012d17d1b18f2d28b41281d0933f7cd437e02ed6
Opcode Fuzzy Hash: ef59572018a9deb8cc9717970e2f4ccce5bc515e763955c946e33fff9a11c9f9
Instruction Fuzzy Hash: 12914C30218F098BEB4AEF58D895AEA73E2FB98340F414569F44AC7197DF30E955CB81

Function 00007DF4C3621290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF4C36212BD

Memory Dump Source

Source File: 00000006.00000002.2914559508.00007DF4C3621000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C3621000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7df4c3621000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
Instruction ID: c482f35c6f726e5c2b70d67c2d47d07ed0c14c805e7d045a465301f08b08c2dc
Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
Instruction Fuzzy Hash: F7E04F30A059054BEBA8DB1DC90976136E0EB5C306F604669E505C92D1CB3AD8DBCF85

Function 00000195528E6950 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 00000195528E6972

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction ID: 4571e7a4aa1b39d4cd63627f3951ab5b8305c6d0d8ac9b384fe0e0016ce62438
Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction Fuzzy Hash: 0DD0A720320E0D1BFB4C637D1CA537551D6E7DC362F51023AB80AC2287D958CC560340

Function 00000195528EC784 Relevance: 1.5, APIs: 1, Instructions: 272COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00000195528EC9BF

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 59198f789e8770a8feb484424aff911a50a4b1632d60f2ad6db9f6e5577744bf
Instruction ID: b3b0198135eca9a3de71f53a61f5ec783a32e167c30ab856355966193c777a75
Opcode Fuzzy Hash: 59198f789e8770a8feb484424aff911a50a4b1632d60f2ad6db9f6e5577744bf
Instruction Fuzzy Hash: D3916F7151CF484BE766FF54C8957EEB3E2FBA8341F410A2EE18AD3193DA3099458782

Function 00000195528EA76C Relevance: 1.4, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00000195528EA7FB

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: d2cb0783aaccdf533b8783a245833ea662784d452517a49626c29c14fb2d72e4
Instruction ID: 9ea1755dda248aa29fb8e67427ae7593915f83b0279d767f7a5559cc3ba06ee3
Opcode Fuzzy Hash: d2cb0783aaccdf533b8783a245833ea662784d452517a49626c29c14fb2d72e4
Instruction Fuzzy Hash: 8941C631214E0E8FEB95EF6CC898AA5B7E1FB68751711466AE419C3661DB30E885CBC0

Function 00000195528FD4AC Relevance: 1.3, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00000195528FD4FE

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e53db298d0d7d8de9701e8a24c72cb59212fc55ca396913229799ff2ccd7724d
Instruction ID: 40d19d335bcd589fed3cf12bc5930a29c1d46373d99513e1492c7705a0e25800
Opcode Fuzzy Hash: e53db298d0d7d8de9701e8a24c72cb59212fc55ca396913229799ff2ccd7724d
Instruction Fuzzy Hash: EE114031204E198FFFAA9FA988A43A533E1FB58355F15017AE919DA19BCB708C41CB91

Function 0000019552924468 Relevance: 1.3, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00000195529244A0

Memory Dump Source

Source File: 00000006.00000002.2913278510.00000195528E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000195528E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_195528e1000_wmplayer.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
Instruction ID: 8900146590ea75dd9fa01416fc30f9a1a1a9a645735511b20fc779f6973a805a
Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
Instruction Fuzzy Hash: 55F036B0218D0A4FFF95DBAD84E4F6133E1FB58350F512254A81EC729ADA25DC81CB40

Analysis Process: dllhost.exePID: 2336, Parent PID: 2172COMMON

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	253
Total number of Limit Nodes:	8

Executed Functions

Function 000002E65579385C Relevance: 1.8, APIs: 1, Instructions: 269
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002E655793484: GetVolumeInformationW.KERNELBASE ref: 000002E6557935BB

NtQuerySystemInformation.NTDLL ref: 000002E6557939CF

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: Information$QuerySystemVolume
String ID:
API String ID: 2187445334-0
Opcode ID: 9cda15ed55e2a7ba7de315ef6492aa6becad9ce158532766a68201cba1800474
Instruction ID: 62e5a5794707cbf66cb003386be87e922877392b8527d0913abff8601d0f7265
Opcode Fuzzy Hash: 9cda15ed55e2a7ba7de315ef6492aa6becad9ce158532766a68201cba1800474
Instruction Fuzzy Hash: 4B91BE31208E494FE7A5FB34C88D7EA77F1FB68351F500A2EA45BC32A1EE3495458B81

Function 000002E655792AC4 Relevance: .3, Instructions: 327
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703e722334347091989988504ac40cbefe3db69d05a69e833e7a4d3043c5a1eb
Instruction ID: 125a6e7c7b79e620a22b01ab4cc0ce5eb5e0caddcd69e4e75d8c6602544dc9df
Opcode Fuzzy Hash: 703e722334347091989988504ac40cbefe3db69d05a69e833e7a4d3043c5a1eb
Instruction Fuzzy Hash: 00B18131358A494BE746FB24C89DBDA77F1FBA8344F80062DA48BC3196DE24E615CB91

Function 000002E6557B6E1C Relevance: 6.1, APIs: 4, Instructions: 130
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 000002E6557B6E25
socket.WS2_32 ref: 000002E6557BA42B
getsockopt.WS2_32 ref: 000002E6557BA45F
socket.WS2_32 ref: 000002E6557BA494

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: socket$ErrorModegetsockopt
String ID:
API String ID: 552242919-0
Opcode ID: 5a3a09ad36e99d91617d654de1f36bf2412fe4f51233c70e6a56741e3c3ef59c
Instruction ID: 516bbeeef748cbc59c0748fbd4747ddfc1d1c7aa7f99654f90366fe182639ada
Opcode Fuzzy Hash: 5a3a09ad36e99d91617d654de1f36bf2412fe4f51233c70e6a56741e3c3ef59c
Instruction Fuzzy Hash: 06412430618A488FE758EF28D89C69977E1FBA8310F40872EE057C36E5EF398504CB41

Function 000002E655793658 Relevance: 3.2, APIs: 2, Instructions: 176
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileMappingW.KERNELBASE ref: 000002E655793792
MapViewOfFile.KERNELBASE ref: 000002E6557937B9

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: File$CreateMappingView
String ID:
API String ID: 3452162329-0
Opcode ID: d524499d0e29cdaf98b4d00c754c14caea704ede928588d45a67ef148b981a3e
Instruction ID: d742a9eb99416adf20abf7e9d05d0c87bbde50b89c46408bd8652a40438eeaaa
Opcode Fuzzy Hash: d524499d0e29cdaf98b4d00c754c14caea704ede928588d45a67ef148b981a3e
Instruction Fuzzy Hash: 8A517F3161CB888BD725EB65C8897EABBE0FB95341F40492FA4DAC2291DF349505CB92

Function 000002E6557B79E0 Relevance: 3.1, APIs: 2, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIoCompletionPort.KERNELBASE ref: 000002E6557B7A42
SetFileCompletionNotificationModes.KERNEL32 ref: 000002E6557B7A88

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: Completion$CreateFileModesNotificationPort
String ID:
API String ID: 3755109111-0
Opcode ID: c6288dfa1786a6fb75177450ca3c1fe821ae558465ed26039621da67ec740ac4
Instruction ID: 076fdbdb3b349eef394631cc48612e9306196bdfc6955647e27353b0866e86c8
Opcode Fuzzy Hash: c6288dfa1786a6fb75177450ca3c1fe821ae558465ed26039621da67ec740ac4
Instruction Fuzzy Hash: 0731B2703545994FFBA8AB2CD88D3797AD4F7643A5FD001ADE80BD21D2EB25CD418781

Function 000002E655793484 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationW.KERNELBASE ref: 000002E6557935BB

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 59036ef0396e356dc6f6313af6403c98a85e650be2999bddb75ebc14ecc77cbe
Instruction ID: 5a5772e355086022b1eccb779cf02e457a110677ce385a7e313695520cd87518
Opcode Fuzzy Hash: 59036ef0396e356dc6f6313af6403c98a85e650be2999bddb75ebc14ecc77cbe
Instruction Fuzzy Hash: 3C5111312587488BE76AEB24C89C7EBB7F1FBA4340F504A2DE08AC2191EF759505CB42

Function 000002E6557B7DD0 Relevance: 1.6, APIs: 1, Instructions: 93
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32(?,?,?,?,?,?,?,?,?,?,?,000002E6557B7F4D), ref: 000002E6557B7DFD

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: 7ccfdc6c01b82d6bb1a71dce0885d899065f286cb590b5326cb92d22b59c2518
Instruction ID: b784c998446d9642f3d7e4e2924df7738830eaa80e81cc3443b723985a22eb26
Opcode Fuzzy Hash: 7ccfdc6c01b82d6bb1a71dce0885d899065f286cb590b5326cb92d22b59c2518
Instruction Fuzzy Hash: F12190303446044FEB58AB78D88D7693BD1FB68375F6047ADE82AC72D6EB258C418691

Function 000002E6557928D4 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 000002E655792949

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 393edf68712105e001428b4aafcbbbb097da0f947cd5e6f2a07d9e58f078e8c4
Instruction ID: 771b9b4f97d8caecf818c0f889f76ac60ab09319c1185980192a12f76f502078
Opcode Fuzzy Hash: 393edf68712105e001428b4aafcbbbb097da0f947cd5e6f2a07d9e58f078e8c4
Instruction Fuzzy Hash: E4019630394E890AFB59B3B4C85D3BD26E6FBE4390FC4016D690AD31D6DE14C9144661

Function 000002E6557928A0 Relevance: 1.5, APIs: 1, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddressForCaller.KERNELBASE ref: 000002E6557928C7

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: 9acc209a63f3bfe3531e109f9954961de4b4815462c4a09656cea33e1b416fa5
Instruction ID: a4c9c0b1746f269ca50b75581a76b55f02cd21d6572a64df5a0931ff4c6c4210
Opcode Fuzzy Hash: 9acc209a63f3bfe3531e109f9954961de4b4815462c4a09656cea33e1b416fa5
Instruction Fuzzy Hash: 8DE0C211704D090BAB6861AE648C67655D6D7EC2B2B44027FE41CC3295ED10CC5103A0

Function 000002E655792874 Relevance: 1.5, APIs: 1, Instructions: 24
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 000002E655792896

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 382c3635b645ee6af092a9e813f7fba1e2c89dd6e7ba9d0495e7ab367bb23739
Instruction ID: 14902450682d91b2045d515ebccd47bfbbe61137e1876a69c42de1bd5c039e1b
Opcode Fuzzy Hash: 382c3635b645ee6af092a9e813f7fba1e2c89dd6e7ba9d0495e7ab367bb23739
Instruction Fuzzy Hash: 7AD0A710360D0E1BEA48637D5C9C77515D9F7EC365F90113EB409C2281D958CC550350

Function 000002E655797FF4 Relevance: 1.3, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

free.MSVCRT(?,?,?,?,?,?,?,000002E6557980FA,?,?,?,?,?,?,?,000002E65579454C), ref: 000002E655798013

Memory Dump Source

Source File: 00000008.00000002.2913120685.000002E655790000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002E655790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2e655790000_dllhost.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 87bf2b7766d88df3a9026e9b77d2279797cbf1b8374387caf5c71efd3627d98c
Instruction ID: 6cf932e4647dff208c56ba8931a1b9af4089f6f5200f4b9ab7638304999e2142
Opcode Fuzzy Hash: 87bf2b7766d88df3a9026e9b77d2279797cbf1b8374387caf5c71efd3627d98c
Instruction Fuzzy Hash: 84E0D830345D094BFF5CFB68C49C7383BA5FB68341F80006C5406C22A3CA14DC45D340

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report cXjy5Y6dXX.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Rhadamanthys

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
cXjy5Y6dXX.exe

Function 00BF4E5A Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 89
memorystringCOMMON

Function 00BFC146 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 00C022CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129
memoryCOMMON

Function 00BF8946 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Function 00C02098 Relevance: 2.7, APIs: 2, Instructions: 163
memoryCOMMON

Function 00BFC211 Relevance: 1.6, APIs: 1, Instructions: 56
COMMONLIBRARYCODE

Function 00BF72D1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Function 00BF63D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Function 00BF6921 Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Function 00BFA6EB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre